Access-challenge timeout on IOS
David Mitton
david at mitton.com
Thu Jul 4 15:34:20 CEST 2013
Quoting Phil Mayers <p.mayers at imperial.ac.uk>:
> On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
>> Hi,
....
>
>>
>> Session-timeout and Idle-timeout are attributes mentioned by the cisco
>> docs but neither of these seem to be what I'm after.
>
> Neither are relevant; they're for established sessions, not timeouts in
> *establishing* one.
> -
Actually, that is incorrect Session-Timeout _is_ used to control the
authentication timeout, when in the initial AccReq. I'd quote the
RFC, but I'm not at home. The *-Timeouts in the Acc-Accept control
the session.
Some models/versions of Cisco APs cause me no end of grief getting
timeouts long enough for users to enter their RSA token values. They
use it to abort the session, when they should just retry.
Dave.
More information about the Freeradius-Users
mailing list