Security

 View Only

  • 1.  Controller logon role disconnections

    Posted Apr 09, 2026 07:04 AM

    Hello community,

    Need your kind help!

    A client has a controller running 6.5.4.13 (due to old AP models - planning to upgrade soon).

    Users connected are under initial role "logon" with default aaa profile and PSK - no PEF license.

    The issue is that all clients are getting disconnected every 5 min and auto-reconnecting - in user debug, this msg pops up "authmgr MAC=<value> IP=<value> User entry deleted: reason=logon role lifetime reached".

    I can see that the logon lifetime default value is 5 min, but if roles don't really matter without PEF, why is the process deleting clients even after successful auth? Any advice?

    Thanks in advance.



    -------------------------------------------


  • 2.  RE: Controller logon role disconnections

    Posted Apr 09, 2026 07:27 AM

    Hello,

    From memory even without PEF licenses, roles still apply and enforce their values; however, role derivation cannot be used to move clients into different roles. Since the controller cannot automatically transition users out of the initial logon state, the system assumes an incomplete login and purges the session when the timer hits 300 seconds.

    I hope this helped



    ------------------------------
    Ben Casey
    KHIPU Networks
    ------------------------------



  • 3.  RE: Controller logon role disconnections

    Posted Apr 15, 2026 10:21 AM

    If it's a PSK network, default user role should be authenticated. They will not get a role until they have entered the correct key so unless you are doing some other auth method that pushes different roles (i.e. MAC Auth) then as soon as they have entered the key, they should be in the authenticated, i.e. allow any any role.

    -------------------------------------------



Related Content