WLC Session Timeout

jmmerritt · ‎07-05-2007

Is there a more granular way of enforcing Session Timeout for users on the WLC?

When I use Cisco BBSM with my radius server, the session-timeout value is honored and I could set time of day restrictions within Radius for myt Guest users.

However, with the WLC, it ignores these radius session-timeout values and only uses it own WLAN Session Timeout value.

I don't want Guests to re-authenticate (via Web Authentication) during the day based on the WLAN Session Timeout value. Imagine if I set it to timeout after 8 hours (a normal working day), but that user logged in at 4.49pm.

Anyone got any pointers please?

bwilmoth · ‎07-11-2007

The RADIUS attribute 27 is used in order to configure the session-timeout values. This works only for controller timeout . But you can also try for client timeouts. order to set this, choose user/group setup > Edit Settings > Radius[5842\001], and type the session timeout value in the Cisco-Aironet-Session-Timeout box. If this attribute is not listed under user/group setup, choose Interface config > Radius (IETF), and check the attribute [027] Session-Timeout for user/group.

jmmerritt · ‎07-12-2007

I had configured my Radius server to send session-timeout values, however, they were not being honoured.

After rechecking the AAA debug trace, I realised that the "AllowRadiusOverride is FALSE" error was my sticking point.

After enabling AAA Overide on the WLAN security, my session-timeout values worked!

Thanks!

Dave Anthony David · ‎07-23-2007

Hi, I have same issue with you.. Where can I find the "AllowRadiusOverride is FALSE"?

Thanks

jmmerritt · ‎07-23-2007

I saw the "AllowRadiusOverride is FALSE" message when I had debug aaa all enabled.

To enable AAA overide from a controller, select "Allow AAA Overide" from the Advanced Tab on WLAN edit.