Wireless Access

Super Contributor II

Captive Portal log out time

How can i increase the captive portal log out time. I mean once a user authenticated with captive portal by providing user name and password it should remain authenticated for atleast one day and system would never ask him to provide user name and password after every 5 minutes of idle time.

Thanks & Regards
Syed Murad Ali

Re: Captive Portal log out time



This is what you are looking for: (say thanks to cjoseph)


By default it is set to 5 minutes or 600 seconds, which means if a user does not pass traffic for 5 minutes, the user is pinged once ever minutes for 4 minutes. If the user still does not respond, the user is removed from the user table and must reauthenticate the next time he/she connects. From the Aruba knowedgebase verbatim (support.arubanetworks.com):

"aaa timer idle-timeout "- this is the timer for the datapath to detect if there is no more new sessions nor traffic initiated for a user record. When the time has come, it will signal the control plane "authmgr" to ping the client. The ping is three consecutive checks with 1 sec interval. If there is no ping response, you should issue an "aaa user delete w.x.y.z" command to clean up the user record. If the client can reply, the user record is kept for another round of idle timer."

You can see what it is by doing the following:

(3600.arubanetworks.com) #show aaa timers 

User idle timeout = 300 seconds <------------------
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes

(More info can be found in here: http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-AAA-Idle-Timeout-and-Authentication-Server-Dead-Time/td-p/106 )

You can change it by doing the following:

config t
aaa timer idle-timeout

Keep in mind, that this affects ALL users, so that if you increase it to, say 30 minutes, you will have a large number of users in the table that have not connected or even sent traffic for 30 minutes, reflected as still being there.
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Super Contributor II

Re: Captive Portal log out time

i think that is what i was looking for....

thank you so much
Thanks & Regards
Syed Murad Ali
Contributor II

Re: Captive Portal log out time

I wish Aruba would setup a seperate timer specifically for Captive Portal instead of the global option for all users.  I suggested it a while back but I guess it fell on deaf ears :(

Guru Elite

Re: Captive Portal log out time

In 6.2 in the advanced portion of the SSID profile a station ageout timer that can override the global aaa timer.  From the 6.2 release notes:


User Idle Timeout Behavior Change

The user idle timeout behavior for the way wireless users are aged out of the system has changed in ArubaOS 6.2.

In ArubaOS pre-6.2 versions, users were idled out if there was no IP traffic for five minutes (the default setting for configure terminal aaa timers idle-timeout). Users were idled out if there is no wireless traffic.



In ArubaOS 6.2, if the client signals that the AP it has left the BSSID, the client is aged out in the time specified by aaa user idle-timeout. Otherwise the client is aged out with the wireless timeout, whose default period is 1000 sec (configure terminal wlan ssid-profile <profile name> ageout).



*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Contributor II

Re: Captive Portal log out time

That's great news Colin, thanks for sharing that!  How stable is  Is it safe for production right now, being that it's still in "Early Deployment"?

Search Airheads
Showing results for 
Search instead for 
Did you mean: