Reset Search
 

 

Article

Session-timeout value configured on switch takes precedence over value returned from RADIUS server

« Go Back

Information

 
TitleSession-timeout value configured on switch takes precedence over value returned from RADIUS server
Symptoms
When a reply packet from a RADIUS Server passes down a session-timeout value greater than 2 bytes (65535).  Netlogin, ignores this value and uses the aging time configured locally
Session-timeout
# show netlogin port <port>

<<truncated for brevity>>
------------------------------------------------
        Netlogin Clients
------------------------------------------------

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
54:ee:75:0f:58:ca  0.0.0.0          Yes, Radius       MAC     0             54EE750F58CA
-----------------------------------------------
(B) - Client entry Blackholed in FDB

 
Environment
EXOS
Cause
While processing session-timeout value from Radius, there is check in Netlogin which blocks value greater than 2 bytes(>65535)
Resolution
This has been changed in 22.2.3 and can be tracked with: xos0068660
Workaround: set the intended aging-time value at the CLI:
configure netlogin agingtime <value>
NOTE: RADIUS session-timeout value is in seconds, while Netlogin agining time is in minutes

 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255