cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Setting a session time?

Highlighted
Kind of a big deal

Setting a session time?

I can't see anywhere but is it possible when using Active Directory for authentication to set a maximum session time before the user has to re-authenticate? 

 

Currently a Sonciwall appliance is being used and users have a maximum session time of 600 minutes before they have to login again. Its also set to logout idle users after an hour.

 

Is anything like this possible when using AD authentication which is needed because the client is not using Meraki's AP's but they need to have content filtering for specific users and without Meraki AP's this feature requires AD.

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
4 REPLIES 4
Highlighted
Kind of a big deal

Re: Setting a session time?

I think Meraki relies on a "logoff" event.  If another user log's on using the same IP address then that also updates it.

 

I'm not sure why you would need a session time out if you are tracking the actively logged in user?

Highlighted
Kind of a big deal

Re: Setting a session time?

That seems like an awfully resource intensive way of doing it, So if you started the year with 1000 people logging in on day one its going to keep all of those sessions open until a users IP address changes which if they were statically assigned using DHCP would be never....

 

It also sounds very insecure all it would take is for another person to spoof their MAC and set the same IP and they get access...

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Highlighted
Kind of a big deal

Re: Setting a session time?

It constantly scans the domain controllers event log for login and logout events.  Yes, the more users the more resources required.  Now you know why Meraki publish a guide suggesting boxes based on the number of users.  The more users the more RAM and CPU are required.

 

If you are worried about users changing their MAC and IP addresses then you are not going to be protected with either way.  You probably need to deploy additional measures such as 802.1x, IP Source guard and dynamic ARP inspection at the switching layer (I'm not sure the Meraki line up have IP Source Guard and Dynamic ARP inspection available yet).

Highlighted
Kind of a big deal

Re: Setting a session time?

I still find it hard to work out why such a simple feature which other major vendors i.e. Palo Alto, Sonicwall all allow this feature. While I love the Meraki products and brand I think the MX units still have a long way to come in terms of features and reporting.

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.