Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Does Arubaos honour RADIUS Session-Timeout attributes even if user role has reauth disabled?

This thread has been viewed 2 times

  • 1.  Does Arubaos honour RADIUS Session-Timeout attributes even if user role has reauth disabled?

    Posted Apr 04, 2013 07:20 AM

    Hi,

    Our standard user role has reauth interval disabled. By default on all our dot1x auths I have our RADIUS servers pass back  Session-Timeout / Termination-Action attributes. Will ArubaOs honour these?

     

    When receiving RADIUS attributes in access accept packets, do they take precedence over any locally defined settings if there is a clash?

     

    Rgds

    Alex

     



  • 2.  RE: Does Arubaos honour RADIUS Session-Timeout attributes even if user role has reauth disabled?
    Best Answer

    EMPLOYEE
    Posted Apr 04, 2013 09:59 AM

    Yes.

     

    Name: employee, IP: 1.1.1.3, MAC: e8:92:a4:96:df:43, Role: Byod-Authenticated, ACL: 65/0, Age: 00:00:00
Authentication: Yes, status: started, method: 802.1x, protocol: EAP-PEAP, server: cppm-192.168.1.32
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: default for authentication type 802.1x
VLAN Derivation: User Dot1x Role Contained
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0, vpnflags=0, u_stm_ageout=1
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
phy_type: a-HT-20, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 1000, Assigned: 1000, Current: 1000 vlan-how: 13 DP assigned vlan:0 
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x2100, Port=0x10016 (tunnel 22)
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a
    Current Role name: Byod-Authenticated, role-how: 1, L2-role: Byod-Authenticated, L3-role: Byod-Authenticated
Essid: ACME-TLS, Bssid: 00:1a:1e:20:82:f3 AP name/group: AP-125-Home/default Phy-type: a-HT-20
RadAcct sessionID:employeeE892A496DF43-0A
RadAcct Traffic In 67/11522 Out 43/13544 (0:67/0:0:0:11522,0:43/0:0:0:13544)
Timers: reauth 0, mac reauth 0, dot1x reauth 0
Profiles AAA:ACME-TLS-aaa_prof, dot1x:dot1x_prof-nyi32, mac: CP: def-role:'logon' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 0, dot1x 1, RADIUS interim accounting 1
IP Born: 1365083730 (Thu Apr  4 08:55:30 2013)
Core User Born: 1365083725 (Thu Apr  4 08:55:25 2013)
Upstream AP ID: 0, Downstream AP ID: 0
Device Type: Dalvik/1.6.0 (Linux; U; Android 4.2.2; Nexus 4 Build/JDQ39)
L3-Auth Session Timeout from Radius: 0
Mac-Auth Session Timeout Value from Radius: 0
Dot1x Session Timeout Value from Radius: 60
CoA Session Timeout Value from Radius: 0
Dot1x Session Term-Action Value from Radius: Radius-Request
Reauth-interval from role: 0
Address is from DHCP: yes