Access-challenge timeout on IOS
p.mayers at imperial.ac.uk
Thu Jul 4 16:28:15 CEST 2013
On 04/07/13 14:34, David Mitton wrote:
> Quoting Phil Mayers <p.mayers at imperial.ac.uk>:
>> On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
>>> Session-timeout and Idle-timeout are attributes mentioned by the cisco
>>> docs but neither of these seem to be what I'm after.
>> Neither are relevant; they're for established sessions, not timeouts in
>> *establishing* one.
> Actually, that is incorrect Session-Timeout _is_ used to control the
> authentication timeout, when in the initial AccReq. I'd quote the RFC,
> but I'm not at home. The *-Timeouts in the Acc-Accept control the session.
Hmm, so it does; 5.27 of 2865 and 2.3.2 of 2869.
However - does any equipment actually *honour* this? Also, I note the
wording is very loose indeed - no MUST.
More information about the Freeradius-Users