Management and Configuration Guide (Includes ACM xl) 2005-12
ProCurve Secure Access 700wl Series Management and Configuration Guide 6-29
Configuring the Network
receive a response to repeated polling after a specified timeout interval (by default five minutes) the
system disassociates the client.
The actual poll interval may be up to 2 times the configured interval—if the client responds to the ARP,
the client is not considered idle. However, if the client is not sending any other traffic, then after the
appropriate interval another ARP request is sent— but the actual interval between those ARPs will be
the the time taken for the ARP response plus the configured idle time interval.
When the Access Controller disassociates a client, the following happens:
• The Access Controller removes the client, the client’s MAC address, and the definition of its rights
from memory.
• The Access Controller sends a message to the Rights Manager that the client is no longer connected.
The Rights Manager starts a linger timeout for that client. The value of the linger timeout is defined
in the Access Policy associated with the client. If the client has not re-established communication
before the linger timeout expires, any active sessions belonging to the client are terminated. The
client is not logged out by this action—whether it will need to reauthenticate depends on the
authentication timeout specified in the Access Policy.
If the client re-establishes communication with any Access Controller before the linger timer expires,
that Access Controller informs the Access Control Server and gets the previous definition of the
client’s rights. Depending on the encryption mechanism and the type of addressing in force, the
client’s existing sessions may be tunneled from the original Access Controller to the new Access
Controller.
To change the client polling settings, do the following:
Step 1. To change the length of time a client must be idle to generate a client probe, change the value in
the
Poll clients after field. The default idle time is 30 seconds.
When the client is idle, that is, when it is not sending any packets to the network, this timer runs.
When the client idle timer expires, the Access Controller probes the client by sending it an ARP
request. If the client responds, it is no longer considered idle. If the client does not respond the
Access Controller continues sending ARP requests at approximately the specified frequency as
long as the client is idle, until the time-out is reached.
Step 2. To change the timeout counter, which determines when the client should be disassociated,
change the number of seconds in the
Start linger timer after field.
This counter determines how long a client must be idle before the Access Controller disassociates
that client. The default is 5 minutes (300 seconds).
Note that the disassociate action can in itself take 30-40 seconds.
See “The Timeout Tab” on page 4-58 in Chapter 4, “Configuring Rights” for more information on
the linger timer.
Access Control Server Advanced Configuration Options
The following settings appear on this page if you are configuring a Access Control Server or an
Integrated Access Manager. They do not appear if you are configuring an Access Controller.
DHCP Network for NAT Clients
Note: When you change this range, it also changes the default address (http://42.0.0.1) for the
Administrative Interface. The Administrative Interface URL becomes the first address in the new range.