Access-challenge timeout on IOS

Franks Andy (RLZ) IT Systems Engineer Andy.Franks at sath.nhs.uk
Thu Jul 4 16:50:47 CEST 2013


I'll give it a go. Thanks for the information guys. The cisco attribute
list says
Session-Timeout : Sets the maximum number of seconds of service to be
provided to the user before the session terminates. This attribute value
becomes the per-user "absolute timeout."
Not that helpful, and why I discarded it as an option which might be
useful. Let's see..
Thanks
andy

-----Original Message-----
From:
freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradiu
s.org] On Behalf Of Phil Mayers
Sent: 04 July 2013 15:28
To: freeradius-users at lists.freeradius.org
Subject: Re: Access-challenge timeout on IOS

On 04/07/13 14:34, David Mitton wrote:
> Quoting Phil Mayers <p.mayers at imperial.ac.uk>:
>
>> On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
>>> Hi,
> ....
>>
>>>
>>> Session-timeout and Idle-timeout are attributes mentioned by the 
>>> cisco docs but neither of these seem to be what I'm after.
>>
>> Neither are relevant; they're for established sessions, not timeouts 
>> in
>> *establishing* one.
>> -
> Actually, that is incorrect Session-Timeout _is_ used to control the 
> authentication timeout, when in the initial AccReq.  I'd quote the 
> RFC, but I'm not at home.  The *-Timeouts in the Acc-Accept control
the session.
>

Hmm, so it does; 5.27 of 2865 and 2.3.2 of 2869.

However - does any equipment actually *honour* this? Also, I note the
wording is very loose indeed - no MUST.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list