HPE Community
HPE Aruba Networking & ProVision-based
1830096 Members
7385 Online
109998 Solutions
New Discussion

Log-off period and web authentication

 
HEKnet
Advisor

‎04-03-2013 04:19 AM

‎04-03-2013 04:19 AM

Log-off period and web authentication

Hello,

 

I would like to you web authentication on some ports for public available PCs that run in "kiosk" mode.

 

In order to ensure that the port goes back into the unauthenticated state automatically if the user leaves I set a very low logoff-period (45 seconds).

 

aaa port-access web-based <ports> logoff-period 45

 

If I chose I higher value (every period > 2 minutes) the port never closed, because some software always produced traffic on the port (updates, ICMP messages, ND protocol, etc.) On the other hand side a low value like 45 seconds might accidently close the port, if the user does not produce any network traffic.

 

Hence, I decided to write a little web page to that the user is redirected after successfull authentication. This web page shows some useful RADIUS statistics about the user's session and refreshes itsself every 30 seconds which is less than the 45 seconds logoff period. The user is asked to keep this web site open if he wishes to stay authenticated.

 

But although there is traffic on the port every 30 seconds the switch closes the port after 45 seconds. This leads me to the following question:

 

Is there any treshold (built into the switch firmware) that must be exceeded such that the switch counts the traffic and decides against an idle timeout? The manual doens't say anything about this.

 

Input: AJAX GET-Request every 30 seconds with 439 bytes

Output: JSON-HTTP-Reply every 30 seconds with 451 bytes

 

I also can see these values on the switch via the "show interface statistics" command, but the switch closes the port anyway. On the other hand side, if I start browsing the web and produce "some more" traffic, the port stays open.

 

Matthias

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.