I'll give it a go. Thanks for the information guys. The cisco attribute list says Session-Timeout : Sets the maximum number of seconds of service to be provided to the user before the session terminates. This attribute value becomes the per-user "absolute timeout." Not that helpful, and why I discarded it as an option which might be useful. Let's see.. Thanks andy -----Original Message----- From: freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu s.org] On Behalf Of Phil Mayers Sent: 04 July 2013 15:28 To: freeradius-users@lists.freeradius.org Subject: Re: Access-challenge timeout on IOS On 04/07/13 14:34, David Mitton wrote:
Quoting Phil Mayers <p.mayers@imperial.ac.uk>:
On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi, ....
Session-timeout and Idle-timeout are attributes mentioned by the cisco docs but neither of these seem to be what I'm after.
Neither are relevant; they're for established sessions, not timeouts in *establishing* one. - Actually, that is incorrect Session-Timeout _is_ used to control the authentication timeout, when in the initial AccReq. I'd quote the RFC, but I'm not at home. The *-Timeouts in the Acc-Accept control the session.
Hmm, so it does; 5.27 of 2865 and 2.3.2 of 2869. However - does any equipment actually *honour* this? Also, I note the wording is very loose indeed - no MUST. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html