Configuring Timeout

You can configure an idle timeout or a session timeout. The values you set are the default values for PPP B-RAS users. Attributes returned by RADIUS override these default settings on a per-user basis.

When you set the idle timeout, the PPP application on the router monitors both ingress (inbound) traffic and egress (outbound) traffic by default for the configured idle timeout period to determine whether to disconnect an inactive PPP session. If there is no activity in either direction on the interfaces for more than the configured idle timeout period, the router terminates the PPP session.

You can optionally configure the router to monitor only ingress traffic for the configured idle timeout period to determine session inactivity and subsequent disconnection of an inactive PPP session. Monitoring only ingress traffic for the idle timeout is useful for networks in which the PPP keepalive timer is disabled for wireless subscribers. Without the keepalive timer, the router cannot detect whether a wireless subscriber has been disconnected. Monitoring egress traffic does not indicate inactivity for wireless subscribers because egress traffic is always flowing. Enabling the router to monitor only ingress traffic enables you to selectively disconnect subscribers, including wireless subscribers, if no traffic is received for the configured idle timeout period.

aaa timeout

• Use to set either an idle or a session timeout.
• The range in seconds for an idle timeout is 300–86400.
• To enable the PPP application to monitor only ingress traffic for the configured idle timeout period to determine whether to disconnect an inactive PPP session, use the ingress-only keyword with the aaa timeout idle command. If there is no ingress traffic on the interface for more than the configured idle timeout period, the router terminates the PPP session.
• To enable ingress-only traffic monitoring for the idle timeout, you must also configure the idle timeout value by issuing the aaa timeout idle command.
• If you do not specify the ingress-only keyword, PPP monitors both ingress traffic and egress traffic for the idle timeout period to determine inactivity and subsequent disconnection of an inactive PPP session.
• The range in seconds for a session timeout is a minimum of 1 minute (60 seconds) through a maximum of 366 days (31622400 seconds).
• These values can also be set by RADIUS, where the range is not enforceable. PPP and L2TP will round the timeout values from RADIUS as follows:
  • If the session timeout is less than the minimum (60 seconds), that value is used.
  • If the idle timeout is less than the minimum (300 seconds), it is rounded up to the minimum.
  • If either timeout is greater than the maximum, it is rounded down to the maximum.
  • All other timeouts are rounded to the nearest minute.
• For a session timeout, the router interprets the default value (indicated by 0) to mean that the PPP or L2TP user session should be forced to the maximum session timeout, 366 days. This means that the duration of a PPP or an L2TP user session cannot exceed 366 days; once the maximum session timeout is reached, the router terminates the user session.
• Example 1—Sets the idle timeout to 1200 seconds, and enables the router to monitor only ingress traffic for this idle timeout period to determine whether to disconnect the inactive PPP session.

  host1(config)#aaa timeout idle 1200

  host1(config)#aaa timeout idle ingress-only

• Example 2—Sets the session timeout to 3600 seconds.

  host1(config)#aaa timeout session 3600

• Use the no version to restore the idle or session timeout to its default value, 0 seconds, and to disable ingress-only traffic monitoring for the idle timeout if it is configured.
• See aaa timeout

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.