Hi,
:smileyhappy:
This is what you are looking for: (say thanks to cjoseph)
By default it is set to 5 minutes or 600 seconds, which means if a user does not pass traffic for 5 minutes, the user is pinged once ever minutes for 4 minutes. If the user still does not respond, the user is removed from the user table and must reauthenticate the next time he/she connects. From the Aruba knowedgebase verbatim (support.arubanetworks.com):
"aaa timer idle-timeout "- this is the timer for the datapath to detect if there is no more new sessions nor traffic initiated for a user record. When the time has come, it will signal the control plane "authmgr" to ping the client. The ping is three consecutive checks with 1 sec interval. If there is no ping response, you should issue an "aaa user delete w.x.y.z" command to clean up the user record. If the client can reply, the user record is kept for another round of idle timer."
You can see what it is by doing the following:
(3600.arubanetworks.com) #show aaa timers
User idle timeout = 300 seconds <------------------
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
(More info can be found in here: http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-AAA-Idle-Timeout-and-Authentication-Server-Dead-Time/td-p/106 )
You can change it by doing the following:
config t
aaa timer idle-timeout
Keep in mind, that this affects ALL users, so that if you increase it to, say 30 minutes, you will have a large number of users in the table that have not connected or even sent traffic for 30 minutes, reflected as still being there.