I'll give it a go. Thanks for the information guys. The cisco attribute list says Session-Timeout : Sets the maximum number of seconds of service to be provided to the user before the session terminates. This attribute value becomes the per-user "absolute timeout." Not that helpful, and why I discarded it as an option which might be useful. Let's see.. Thanks andy
-----Original Message----- From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org [mailto:[email protected] s.org] On Behalf Of Phil Mayers Sent: 04 July 2013 15:28 To: [email protected] Subject: Re: Access-challenge timeout on IOS On 04/07/13 14:34, David Mitton wrote: > Quoting Phil Mayers <[email protected]>: > >> On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote: >>> Hi, > .... >> >>> >>> Session-timeout and Idle-timeout are attributes mentioned by the >>> cisco docs but neither of these seem to be what I'm after. >> >> Neither are relevant; they're for established sessions, not timeouts >> in >> *establishing* one. >> - > Actually, that is incorrect Session-Timeout _is_ used to control the > authentication timeout, when in the initial AccReq. I'd quote the > RFC, but I'm not at home. The *-Timeouts in the Acc-Accept control the session. > Hmm, so it does; 5.27 of 2865 and 2.3.2 of 2869. However - does any equipment actually *honour* this? Also, I note the wording is very loose indeed - no MUST. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
