Use the following commands to configure session timeout and idle timeout locally. These commands take effect if RADIUS access-accept has not returned any session timeout/idle timeout:

Note
If you want to scale to 65,000 authenticated users, use a session timeout value of at least 300 minutes.configure netlogin idle-timeout {convergence-endpoint | dot1x | mac | web-based} timeout
These commands appear in show configuration {module-name} {detail} for "policy" rather than "netlogin," since they are specific to ONEPolicy mode.
# show netlogin session Multiple authentication session entries --------------------------------------- Port : 1:1 Station address : 00:00:03:00:00:00 Auth status : success Last attempt : Tue May 23 08:24:17 2017 Agent type : mac Session applied : true Server type : radius VLAN-Tunnel-Attr : None Policy index : 1 Policy name : Extreme (active) Session timeout : 40 Session duration : 0:00:02 Idle timeout : 20 Idle time : 0:00:00 Auth-Override : enabled Termination time: Not Terminated
# show netlogin port 1:1
 Port                          : 1:1
 Authentication                : mac-based
 Port State                    : Enabled
 Authentication Mode           : Required (Policy Enabled only)
 Max Supported Users           : 1024 (Policy Enabled only)
 Allowed Users                 : 1024 (Policy Enabled only)
 Current Users                 : 2 (Policy Enabled only)
 ------------------------------------------------
         MAC Mode Port Configuration
 ------------------------------------------------
 Re-authentication period      : 3600
 Re-authentication             : Off
 Authentication Delay          : 0 seconds (Default)
 ------------------------------------------------
         Netlogin Clients
 ------------------------------------------------
 MAC                IP address       Authenticated     Type    ReAuth-Timer   User
 00:00:03:00:00:00  0.0.0.0          Yes, Radius       MAC     0              000003000000
 00:00:03:00:00:01  0.0.0.0          Yes, Radius       MAC     0              000003000001
 -----------------------------------------------
 (B) - Client entry Blackholed in FDB
 Number of Clients Authenticated  : 2
When idle timeout is configured and if the FDB is removed, the show netlogin session and show netlogin port / mac/dot1x/web-based commands show the NetLogin authenticated entries untill the idle timer expires. NetLogin session and NetLogin MAC/dot1x/web table is cleared only after the idle timer expires.
 Print
                        this page
Print
                        this page Email this topic
Email this topic Feedback
Feedback View PDF
View PDF Download EPUB
Download EPUB