What does the idle timer do?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.


aaa timer idle-timeout: This timer is for the datapath to detect if there are no more new sessions or traffic initiated for a user record. When the time has come, it signals the control plane "authmgr" to ping the client. The ping is three consecutive checks with 1 sec interval. If there is no ping response, you should issue an "aaa user delete w.x.y.z" command to clean up the user record. If the client can reply, the user record is kept for another round of idle timer.


The system administrator usually lowers the lease time when they run out of IP addresses. When the lease time is equal or lower than the idle timer, the IP spoofing event is triggered. Lower the idle timer to age out the old entries.

(SanLeandro2400) #show aaa timers

User idle timeout = 30 minutes
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes

Version history
Revision #:
1 of 1
Last update:
‎07-02-2014 04:36 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: