Contributor I

ClearPass Guest Session-Timeout Configuration

I would like to set the time limit of how often a guest user needs to reauthenticate via captive portal.  For instance, a device should not have to reauthenticate via captive portal more than once in a 24 hour period.  I see many different possible settings and I'm confused on what each one controls.


In ClearPass Enforcement Policies:

1.  RADIUS - Session-Timeout

2.  Session-Check - Allowed-Duration

3.  Endpoint - MAC_Auth_Expiry (Now Plus X hrs)


On Wireless Controller:

1.  aaa policy - user-idle-timeout


What is the difference between all of these settings and which ones are actually required to accomplish what I want?


I heard that there is a 12 hour max for this setting for captive portals, is this true?


Re: ClearPass Guest Session-Timeout Configuration

This is handled by MAC caching and is pre-configured when you use service template.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: