Access-challenge timeout on IOS

David Mitton david at
Thu Jul 4 15:34:20 CEST 2013

Quoting Phil Mayers <p.mayers at>:

> On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
>> Hi,
>> Session-timeout and Idle-timeout are attributes mentioned by the cisco
>> docs but neither of these seem to be what I'm after.
> Neither are relevant; they're for established sessions, not timeouts in
> *establishing* one.
> -
Actually, that is incorrect Session-Timeout _is_ used to control the  
authentication timeout, when in the initial AccReq.  I'd quote the  
RFC, but I'm not at home.  The *-Timeouts in the Acc-Accept control  
the session.

Some models/versions of Cisco APs cause me no end of grief getting  
timeouts long enough for users to enter their RSA token values.  They  
use it to abort the session, when they should just retry.


More information about the Freeradius-Users mailing list