To limit the lifetime of a PPP session or DHCPv4 host to a fixed time interval, a timeout can be specified from RADIUS. By default, a PPP session or DHCPv4 host has no session timeout (infinite).
For PPP sessions, a session-timeout can be configured in the ppp-policy. A RADIUS specified session-timeout overrides the CLI configured value.
subscriber-mgmt
ppp-policy "ppp-policy-1" create
session-timeout 86400
exit
exit
When the session timeout expires a PPP session is terminated and a DHCPv4 host deleted. For a DHCPv4 host, a DHCP release message is also sent to the server.
The following two attributes can be used in RADIUS Access-Accept and CoA messages to limit the PPP session or DHCPv4 host session time (Table: Subscriber session timeout):
Attribute ID | Attribute name | Type | Limits | Purpose and format |
---|---|---|---|---|
27 |
Session-Timeout |
integer |
2147483647 seconds |
0 = infinite (no session-timeout) (1 to 2147483647) in seconds For example: Session-Timeout = 3600 |
26-6527-160 |
Alc-Relative-Session-Timeout |
integer |
[0 to 2147483647] seconds |
0 = infinite (no session-timeout) (1 to 2147483647) in seconds For example: Alc-Relative-Session-Timeout = 3600 |
When specified in a RADIUS Access-Accept message, both attributes specify an absolute value for session timeout. When specified in a RADIUS CoA message, attribute [26-6527-160] Alc-Relative-Session-Timeout specifies a relative session timeout value in addition to the current session time while attribute [27] Session-Timeout specifies an absolute session timeout value. If the current session time is greater than the received Session-Timeout, a CoA NAK is sent with error cause ‟Invalid Attribute Value (407)”.
Only one of the above attributes to specify a session timeout can be present in a single RADIUS message. An event is raised when both are specified in a single message.
The output of the show service id service-id ppp session detail command contains following fields related to session timeout for PPP sessions:
Up Time: the PPP session uptime
Session Time Left: the remaining time before the session is terminated
RADIUS Session-TO: the RADIUS received session timeout value.
The output of the show service id service-id dhcp lease-state detail command contains following fields related to session timeout for DHCPv4 hosts:
Up Time
the DHCPv4 host uptime
Remaining Lease Time
the remaining time before the lease expires in the DHCP server. The client should renew its lease before this time.
Remaining SessionTime
the remaining time before the DHCPv4 host is deleted
Session-Timeout
the DHCPv4 host is deleted when its uptime reaches the Session-Timeout value.
Lease-Time
the lease time specified by the DHCPv4 server