Subscriber session timeout

To limit the lifetime of a PPP session or DHCPv4 host to a fixed time interval, a timeout can be specified from RADIUS. By default, a PPP session or DHCPv4 host has no session timeout (infinite).

For PPP sessions, a session-timeout can be configured in the ppp-policy. A RADIUS specified session-timeout overrides the CLI configured value.

    subscriber-mgmt
        ppp-policy "ppp-policy-1" create
            session-timeout 86400
        exit
    exit

When the session timeout expires a PPP session is terminated and a DHCPv4 host deleted. For a DHCPv4 host, a DHCP release message is also sent to the server.

The following two attributes can be used in RADIUS Access-Accept and CoA messages to limit the PPP session or DHCPv4 host session time (Table: Subscriber session timeout):

Table: Subscriber session timeout
Attribute ID	Attribute name	Type	Limits	Purpose and format
27	Session-Timeout	integer	2147483647 seconds	0 = infinite (no session-timeout) (1 to 2147483647) in seconds For example: Session-Timeout = 3600
26-6527-160	Alc-Relative-Session-Timeout	integer	[0 to 2147483647] seconds	0 = infinite (no session-timeout) (1 to 2147483647) in seconds For example: Alc-Relative-Session-Timeout = 3600

When specified in a RADIUS Access-Accept message, both attributes specify an absolute value for session timeout. When specified in a RADIUS CoA message, attribute [26-6527-160] Alc-Relative-Session-Timeout specifies a relative session timeout value in addition to the current session time while attribute [27] Session-Timeout specifies an absolute session timeout value. If the current session time is greater than the received Session-Timeout, a CoA NAK is sent with error cause ‟Invalid Attribute Value (407)”.

Only one of the above attributes to specify a session timeout can be present in a single RADIUS message. An event is raised when both are specified in a single message.

The output of the show service id service-id ppp session detail command contains following fields related to session timeout for PPP sessions:

Up Time: the PPP session uptime
Session Time Left: the remaining time before the session is terminated
RADIUS Session-TO: the RADIUS received session timeout value.

The output of the show service id service-id dhcp lease-state detail command contains following fields related to session timeout for DHCPv4 hosts:

Up Time

the DHCPv4 host uptime
Remaining Lease Time

the remaining time before the lease expires in the DHCP server. The client should renew its lease before this time.
Remaining SessionTime

the remaining time before the DHCPv4 host is deleted
Session-Timeout

the DHCPv4 host is deleted when its uptime reaches the Session-Timeout value.
Lease-Time

the lease time specified by the DHCPv4 server

Note: In a radius-proxy scenario or when a DHCPv4 host is created with a RADIUS CoA message, the RADIUS attribute [26-6527-174] Alc-Lease-Time attribute must be used to specify the lease time. If the [26-6527-174] Alc-Lease-Time is not present in these scenarios, then the RADIUS attribute [27] Session-Timeout is interpreted as DHCPv4 lease time.