Wireless Access

Hi everyone,

I have a problem with the idle session timeout on captive portal.

I know that to check if a client is still alive, after session timeout was elapsed, the controller sends an ICMP request.

On the client I received the query with tcpdump, however on the controller I get this lines in debugging logs :

icmp request sent for user 172.30.78.238
<DBUG> |authmgr|  MAC=00:1b:77:d3:8a:be IP=172.30.78.238 Sending ping 1 of 3 (id=8214, seq=56685)
<DBUG> |authmgr|  MAC=00:1b:77:d3:8a:be IP=172.30.78.238 Got ping response (seq=56685, user-ingress=0x108f ingress=0x106b, type=idle)
<DBUG> |authmgr|  Ping response from different ingress, deleting the user MAC=00:1b:77:d3:8a:be IP=172.30.78.238
<DBUG> |authmgr|  User idle ip=172.30.78.238, role=authenticated
<DBUG> |authmgr|  AU1(1), HA1, TAP0, PARP0 OIP0 IIP0 INT0
<DBUG> |authmgr|  MAC=00:1b:77:d3:8a:be IP=172.30.78.238 Send mobility delete message, flags=0x0
<DBUG> |authmgr|  {172.30.78.238} datapath entry deleted
<INFO> |authmgr|  MAC=00:1b:77:d3:8a:be IP=172.30.78.238 User entry deleted: reason=idle timeout

Is someone could tell me, what is this error ("Ping response from different ingress")?

Thanking you in advance

PS : M3 card on A6000 with AOS 3.4.5.1

No, vap is in tunnel mode.

There are only two IP on the controler :

- one for mgmt (on mgmt interface)

- a second (controler ip) for communication with AP and client

I upgraded my 3600 to AOS 6.1.3.4 and users session timeout seems to work.

But in debug logs, I still have these lines "ping response from different ingress"....

However I noticed a strange behaviour : after timeout elapsed and after icmp request, the user is deleted from user-table but client seems to be always identified. When I launch network com (ping, dns request or browser), the entry previously deleted from user tabel is refreshed without authentication and with an age counter reset.

Does this seems to be normal operation of the "idle timeout" ?

Thanks in advance.