Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

delay-query-time (Services User Identification)

Syntax

delay-query-time delay-time-in-seconds;

Hierarchy Level

[edit services user-identification authentication-source aruba-clearpass user-query]

Release Information

Statement introduced in Junos OS Release 12.3X48-D30.

Description

Configure the amount of time for the SRX Series device to delay before sending queries to the Aruba ClearPass Policy Manager (CPPM) for authentication and identity information for individual users. If the CPPM does not send to the SRX Series device authentication and identity information for a particular user, the SRX Series device can request that information for the user if you configure the user query function.

Delays can occur from when the CPPM initially posts user authentication information to the SRX Series device to when the SRX Series device updates its ClearPass authentication table with that information. In its transit, the user identity information must first pass through the CPPM device’s control plane and the control plane of the SRX Series device.

During that period, traffic might arrive at the SRX Series device that is generated by an access request from a user whose authentication and identity information is in transit from the CPPM to the SRX Series device. Rather than allow the SRX Series device to respond automatically by sending a user query request immediately, you can set the delay time parameter specifying in seconds how long the SRX Series device should wait before sending the request.

After the delay timeout expires, the SRX Series device sends the query to the CPPM and creates a pending entry for the user in the Routing Engine authentication table. During this period, any arriving traffic matches the default policy whose action on the traffic you can configure.

Range: 0 through 60

Required Privilege Level

  • services—To view this statement in the configuration.
  • services-control—To add this statement to the configuration.

Modified: 2016-05-01