Re: Cisco 2511 & Session-timeout problem

Dale E. Reed Jr. ( (no email) )
Wed, 05 Mar 1997 10:49:19 -0800

Isaev Gamid wrote:
> Hi
> We have some problems:
> 1) on login PPP-user into system Radius-server sends to Cisco
> attribute Session-Timeout=7200, but parameter absolute-timeout
> for appropriate Async-line doesn't be set on Cisco.

Support for this attribute is NAS dependant. If the Cisco doesn't
support it, you can see if they have something similiar, or ask
them for a resolution. There is nothing on the RADIUS server
side we can do besides send the attribute.

> 2) Radius-server sends the same value of attribute Session-
> Timeout for all PPP-session, but it would be preferable that
> Session-Timeout=SubAccounts.TimeLeft.

You need to enable time banking, in the RadiusNT administrator before
it will do this. It will actually take the smaller of the two
Session-Timeout values and send it to the NAS.

> Questions:
> 1) How can we make Cisco to set absolute-timeout according to
> the value of attribute Session-Timeout received from Radius-server.

I don't know, to be honest. I don't have a lot of experience with
Cisco's RADIUS implementation.

> 2) Can the Radius-server set the value of attribute
> Session-Timeout=SubAccounts.TimeLeft for specified user

If you enable it to. You'll also want to turn on sub-accounts
update, as well.

-- Dale E. Reed Jr.  (       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |