Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Timeout Configuration Overview

    You can configure an idle timeout or a session timeout. The values you set are the default values for Point-to-Point Protocol Broadband Remote Access Server users. Attributes returned by RADIUS override these default settings on a per-user basis.

    When you set an idle timeout, the PPP application on the router monitors both ingress (inbound) traffic and egress (outbound) traffic by default for the configured idle timeout period to determine whether to disconnect an inactive PPP session. If there is no activity in either direction on the interfaces for more than the configured idle timeout period, the router terminates the PPP session.

    You can optionally configure the router to monitor only ingress traffic for the configured idle timeout period to determine session inactivity and subsequent disconnection of an inactive PPP session. Monitoring only ingress traffic for the idle timeout is useful for networks in which the PPP keepalive timer is disabled for wireless subscribers. Without the keepalive timer, the router cannot detect whether a wireless subscriber has been disconnected. Monitoring egress traffic does not indicate inactivity for wireless subscribers because egress traffic is always flowing. Enabling the router to monitor only ingress traffic enables you to selectively disconnect subscribers, including wireless subscribers, if no traffic is received for the configured idle timeout period.

    If you do not configure a session timeout, or you set its value to 0, the session remains active for an infinite lifetime. You can use the show ppp session-To-Thirteen-Years command along with show ppp interface full in Privileged Exec or User Exec mode to verify whether the capability to preserve PPP sessions for a timeout duration of 13 years is enabled. If the show ppp session-To-Thirteen-Years command is not executed, the session timeout value is set to the maximum session timeout value of 366 days.

    If the RADIUS server returns the value 0 for the Session-Timeout attribute, then the session remains active for an infinite lifetime even if a value is configured through the CLI.

    The following sections describe timeout configuration:

    Limiting Active Subscribers

    You can limit the number of active subscribers on a port or virtual router.

    AAA Failure Notification for RADIUS

    If a user passes RADIUS authentication, but fails AAA authentication, the RADIUS server may still allocate an address for the user from its internal address pool. To indicate to the RADIUS server to free the address, you can set up the router to send an Acct-Stop message if a user fails AAA.

    Configuring AAA Session Timeout

    You can use the aaa timeout session sessionTimeout command to configure a session timeout. Restoring the session timeout to the default value causes the PPP B-RAS session to remain active for an infinite lifetime.

    Published: 2014-08-20