Security

I have set user-idle timeout of 5 minutes.After 5 mintuies user must logged out.If the client does not commnunicates  with AP for 5 mintues then he must logged out.if yes ap determine clients communication based on ICMP i.e ping.Also if there is no network activity and user is idle for 5 mintues then also he must logged out ,that is not happening.Next when user shutdwon his/her PC he still remains in database for 5 mintues and then removed .When next time he loggins he should re-authenticate to gain internet acccess this is also not happening.He get directly connected to the network without authentication.Please suggest any solution to it.

Model: Aruba3200 Version: 6.1.3.4

The user idle timeout is used to clear clients from the user table.   As you mention in your case; when the controller detects a user is idle for 5 minutes, it will check to see if the client is still there (connected, just not doing anything).  If it is, it resets the timer and leaves it alone.  If the device is not there (disconnected or asleep), then the client is removed from the user table.   When the device comes back online, the reauthentication depends on the authentication type you have set for the network.  If it is 802.1X, the client will typically cache the logon, so no reauthentication is seen, although it takes place.  If it is a pre-shared key network, the client caches the key and will connect without any visible authentication.  If the network is Open, it will just connect.   The only time you'd typically see a reauthentication visually is if the client is set not to cache the username/password on an 802.1X network or if you have Captive Portal setup for an Open network.

To re-authenticate in that case,what configuration have to be done in aruba 802.1x Profile.Is any configuration have to be done at Client's end.

It is on the client end.   Typically the cache their logons and don't prompt again.   

Thanks for the support....

Hi We have 7220 Wireless controller and 697AP's, Users keeps re-authenticating after a sort of time. I actually tried configuring AAA profile User-Idle timeout to 15300 secs and even the global settings but users experiencing a disconnection reportedly even playing games and active for 30 minutes. 

Any suggestions on this?

Best Regards,

Kenneth Penafuerte

Phil-Data Business Systems Inc.

Are your clients using captive portal authentication?  If not, manipulating the user idle timeout is not a symptom or solution to your issue.  We would need more details about your deployment (authentication being used, clients with problems, exactly what happens) before we can narrow down what could be happening.

Hi CJ,

Good day! We have two SSID's 1. For Admin users - No captive portal used,it's authentication was only using WPA or WPA 2. and other users such 2. Guests - are being authenticated through Xpossible device with captive portal, open authentication on the part of the Aruba wireless controller. It was xpossible who handles the DHCP server for Guest users also the Captive portal.

Best Regards,

Kenneth P;

Which SSID are you having problems with?