IETFのSession-Timeout
(27) とIdle-Timeout (28)でコントロール出来ます。
===========================
Default (3600 secs = 60 minutesに再認証間隔を設定。idle-timeout はデフォルトは1000
===========================
6c:f3:7f:c5:35:68# show clients debug
Client List
-----------
Name IP
Address MAC Address OS
Network Access Point Channel
Type Role Signal Speed (mbps) *Reauth Age
*Reauth Interval *Reauth
ESSID *Authenticated DEL
Age Vlan *ESSID *Private role info Accouting Session Name Accouting Start time BSSID Idle Timeout csum
*mcast groups *Acct Interval *Class Attribute
*Dhcp-Opt Vlan *Dhcp-Opt
role Intercept Offline
*FB Token *FB RxBytes *FB TxBytes
----
---------- ----------- --
------- ------------ -------
---- ---- ------ ------------ -----------
----------------
------------- -------------- ---
--- ---- ------ ------------------ ---------------------- -------------------- ----- ------------ ----
------------- -------------- ---------------- -------------- -------------- ---------
------- --------- -----------
-----------
user1
10.215.1.35
7c:fa:df:80:7f:da
TK-IAP-205-EAP 6c:f3:7f:c5:35:68 52+
AN TK-IAP-205-EAP 31(good)
60(ok) 10 3600 TK-IAP-205-EAP yes no 7
1(SSID)
TK-IAP-205-EAP(EAP-PEAP)
144(RADIUS-7fff) user1 1422259993 6c:f3:7f:d3:56:93 1000
5c75e7c8 (0) 600
5e0cacfea57c4aa8af726af160b77caeb90b0000000000005230303030303036372d30312d35346335663737310000000000000000000000 0,(null) ,0,0-0 no no null null nul
================================
idel-timeout(300)をRADIUSで設定
================================
6c:f3:7f:c5:35:68# show clients debug
Client List
-----------
Name IP
Address MAC Address OS
Network Access Point Channel
Type Role Signal Speed (mbps) *Reauth Age
*Reauth Interval *Reauth
ESSID *Authenticated DEL
Age Vlan *ESSID *Private role info Accouting Session Name Accouting Start time BSSID Idle Timeout csum
*mcast groups *Acct Interval *Class Attribute *Dhcp-Opt Vlan *Dhcp-Opt role Intercept
Offline *FB Token *FB RxBytes
*FB TxBytes
----
---------- ----------- --
------- ------------ -------
---- ---- ------ ------------ -----------
---------------- ------------- -------------- ---
--- ---- ------ ------------------ ---------------------- -------------------- ----- ------------ ----
------------- -------------- ---------------- -------------- -------------- ---------
------- --------- -----------
-----------
user2
10.215.1.35
7c:fa:df:80:7f:da
TK-IAP-205-EAP 6c:f3:7f:c5:35:68 52+
AN TK-IAP-205-EAP 30(good)
60(ok) 36 3600 TK-IAP-205-EAP yes
no 6
1(SSID)
TK-IAP-205-EAP(EAP-PEAP)
144(RADIUS-7fff) user2 1422260822 6c:f3:7f:d3:56:93 300
81a84b14 (0) 600 null 0,(null) ,0,0-0 no no
null null null
6c:f3:7f:c5:35:68#
================================
session-timeout(1200) をRADIUSで設定
================================
6c:f3:7f:c5:35:68# show clients debug
Client List
-----------
Name IP
Address MAC Address OS
Network Access Point Channel
Type Role Signal Speed (mbps) *Reauth Age
*Reauth Interval *Reauth
ESSID *Authenticated DEL
Age Vlan *ESSID *Private role info Accouting Session Name Accouting Start time BSSID Idle Timeout csum
*mcast groups *Acct
Interval *Class Attribute *Dhcp-Opt Vlan *Dhcp-Opt role Intercept
Offline *FB Token *FB RxBytes
*FB TxBytes
----
---------- ----------- --
------- ------------ -------
---- ---- ------ ------------ -----------
----------------
-------------
-------------- --- ---
---- ------ ------------------ ---------------------- -------------------- ----- ------------ ----
-------------
--------------
---------------- -------------- -------------- ---------
------- --------- -----------
-----------
user3
10.215.1.35 7c:fa:df:80:7f:da TK-IAP-205-EAP 6c:f3:7f:c5:35:68 52+
AN TK-IAP-205-EAP 29(good)
60(poor) 10 1200 TK-IAP-205-EAP yes no 7
1(SSID)
TK-IAP-205-EAP(EAP-PEAP)
144(RADIUS-7fff) user3 1422261196 6c:f3:7f:d3:56:93 1000
5aa8d979 (1)224.0.0.251 600 null 0,(null) ,0,0-0 no no null null null
6c:f3:7f:c5:35:68#
0 件のコメント:
コメントを投稿