Juniper JUNOSE SOFTWARE 11.2.X - BROADBAND ACCESS CONFIGURATION GUIDE 7-20-2010 Configuration Manual page 123

aaa timeout
Copyright © 2010, Juniper Networks, Inc.
You can optionally configure the router to monitor only ingress traffic for the configured
idle timeout period to determine session inactivity and subsequent disconnection of an
inactive PPP session. Monitoring only ingress traffic for the idle timeout is useful for
networks in which the PPP keepalive timer is disabled for wireless subscribers. Without
the keepalive timer, the router cannot detect whether a wireless subscriber has been
disconnected. Monitoring egress traffic does not indicate inactivity for wireless subscribers
because egress traffic is always flowing. Enabling the router to monitor only ingress traffic
enables you to selectively disconnect subscribers, including wireless subscribers, if no
traffic is received for the configured idle timeout period.
Use to set either an idle or a session timeout.
The range in seconds for an idle timeout is 300–86400.
To enable the PPP application to monitor only ingress traffic for the configured idle
timeout period to determine whether to disconnect an inactive PPP session, use the
ingress-only keyword with the aaa timeout idle command. If there is no ingress traffic
on the interface for more than the configured idle timeout period, the router terminates
the PPP session.
To enable ingress-only traffic monitoring for the idle timeout, you must also configure
the idle timeout value by issuing the aaa timeout idle command.
If you do not specify the ingress-only keyword, PPP monitors both ingress traffic and
egress traffic for the idle timeout period to determine inactivity and subsequent
disconnection of an inactive PPP session.
The range in seconds for a session timeout is a minimum of 1 minute (60 seconds)
through a maximum of 366 days (31622400 seconds).
These values can also be set by RADIUS, where the range is not enforceable. PPP and
L2TP will round the timeout values from RADIUS as follows:
If the session timeout is less than the minimum (60 seconds), that value is used.
If the idle timeout is less than the minimum (300 seconds), it is rounded up to the
minimum.
If either timeout is greater than the maximum, it is rounded down to the maximum.
All other timeouts are rounded to the nearest minute.
For a session timeout, the router interprets the default value (indicated by 0) to mean
that the PPP or L2TP user session should be forced to the maximum session timeout,
366 days. This means that the duration of a PPP or an L2TP user session cannot exceed
366 days; once the maximum session timeout is reached, the router terminates the
user session.
Example 1—Sets the idle timeout to 1200 seconds, and enables the router to monitor
only ingress traffic for this idle timeout period to determine whether to disconnect the
inactive PPP session.
host1(config)#aaa timeout idle 1200
host1(config)#aaa timeout idle ingress-only
Chapter 1: Configuring Remote Access
85