Reset Search
 

 

Article

NAC/Extreme Control -How to terminate a session after a specified amount of time

« Go Back

Information

 
TitleNAC/Extreme Control -How to terminate a session after a specified amount of time
Objective
  • To limit the amount of time a user stays connected to a session.
  • To use NAC to limit the amount of time a user can connect to the network.
Environment
  • Extreme Control
  • Extreme Control Center
  • NAC 
  • NAC Manager
Procedure
There are two changes that need to occur in order for the NAC to deliver a timeout value to an authenticated session.
1. Change of the Radius attribute Settings or create a new Radius attribute setting to put the session timeout variable in.
2.  Edit the policy mapping or create a new policy mapping to reflect the value needed for the timeout attribute.

First, lets create a new a new radius attribute to send to the devices that support the session timeout variable.
In NAC manager, select a switch from the edit switches tab

User-added image

Double click on the switch/s that will need to have an edited attribute
Under the checkbox for Gateway RADIUS attributes to send, click on the closest working attribute/ and select Edit Radius Attributes from the pulldown.
Click on the closest one and click edit button to edit an existing set of attributes, or Add to create a new Set of attributes with a unique name. You may want to copy and paste the current attributes into a notepad to re-use.
User-added image

This will bring up the window for Create new Radius Attribute Settings, for this, we have chosen the Add Method to create a unique Setting for Identifi Wireless with Session TImeout added.
You can see at the end, the Session-Timeout= was added to the with the policy attributes that were pasted from the defaults. 
User-added image
This Setting will now need to be assigned to switches, but before doing that, you will first need to properly configure or edit the policy mappings to reflect the new attribute.
There are several methods to get to the policy mapping. For this, however, we will use the following

Click on Tools->Management and Configuration->Advanced Configuration->Select NAC profiles-Select Policy Mappings.
User-added image
Add or edit a policy mapping. 
In the following, you can see the Custom 1 field. Here we enter in the value in seconds we wish for the session to timeout.

User-added image

The new or altered policy mapping must then be applied and enforced to the devices.
At this point, you can go back to the radius attribute settings and select them for the appropriate switch.
This too will need to be enforced to the nac appliance which will write the settings to the switches themselves.







 
Additional notes
It is worth noting that the session timeout will be ineffective in situations that are not based on a web portal login environment, where simple reauthentication of a device may occur without the user noticing.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255