Manualshelf

Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
111112113114115116117118119120
ProCurve Secure Access 700wl Series Management and Configuration Guide 4-59
Configuring Rights
The Linger Timeout
The Linger timeout enables the 700wl Series system to force a logoff for clients that have disconnected
from the network without logging off. If the Access Controller determines that a client has been non-
responsive for a specified period of time, the Access Controller sends a disassociate message to the
Access Control Server, following which the Linger Timeout starts. If the Linger Timeout expires and the
client has not reappeared, the Access Control Server logs that client off the system. This prevents clients
that are no longer connected from consuming system resources as if they were still active.
When a client roams from one Access Point to another, there is typically a time lag between when it
disappears from its original port (and thus appears idle and non-responsive to the Access Controller)
and when it reappears, possibly on a different port and/or Access Controller. The Linger Timeout
provides an interval during which the client can complete a roam without having its open sessions
terminated.
The Access Controller idle timer and polling timeout (which determines how long it takes the Access
Controller to decide that the client is no longer connected) are set under the Advanced Setup tab of the
Network Setup page. See “Access Controller Advanced Configuration Options” on page 6-27 for more
information.
The Reauthentication Timeout
The remaining fields on the Timeout tab let you specify how long a client’s rights remain valid before
they are required to reauthenticate. If you set a reauthentication timeout, users will be required to
reauthenticate (log in again) periodically, even if they have remained connected and active the entire
time.
For example, if you check
Force users to reauthenticate after a specified amount of time, and set the
interval to two hours, then any client getting rights through this Access Policy will have to
reauthenticate every two hours.
You can specify reauthentication as an interval (some number of minutes, hours, or days) or as a fixed
time of day. The default is to not require reauthentication at all.
Note:
If you are using a RADIUS server for authentication and the RADIUS server attribute specifies a
reauthentication interval; then any client authenticating with that RADIUS server and getting rights
through an Access Policy that specifies a reauthentication interval or time of day will be required to
reauthenticate at whichever interval or time of day is encountered first.
On the Timeout tab, as shown in Figure 4-29, select or enter data into the fields as described in Table 4-24
below.