Controllerless Networks

Frequent Contributor I

Machine Auth timeout

We a have a large Instant deployment at a school district. The main SSID has "force machine authentication" enabled.

Pass machine Auth = mahine_rest_role


Pass User Auth = user_restricted_role

Pass both and you get the default role for the SSID which is basically "all all".

The issue is the "inactivity timeout" option for the SSID won't allow above 3600 seconds. So, what we are seeing is users being dropped into the "user_restricted_role" when they shut their laptops, or step away or lunch, or class, or a meeting. This then requires them to log off and then back on to get full access to the network again.

Also, this is 802.1x using RADIUS via Microsoft NPS.

A. Why is the "Inactivity Timeout" limited to 3600 seconds?

B. There needs to be a machine Auth cache timeout setting like there is on the controllers.

Aruba has made a big deal of making Instant ready for the "Enterprise", but this seems a bit a an oversight for an "Enterprise" solution. 

We're offering the as the solution for K-12 which is full of users that are hopping on an off their machines all day - not sitting at there desks for hours at a time like in many corporate settings.

There needs to be a proper solution for this.

Anyone else experiencing this issue with K-12 deployments? Any solutions you've come across?

Guru Elite

Re: Machine Auth timeout

You can configure the machines via group policy to ONLY submit their machine credentials.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: