ArubaOS and Controllers

Reply
New Contributor
Posts: 4
Registered: ‎01-18-2010

TLS Renogotiation

Does anyone know if there is a timer setting in ArubaOS for TLS renegotiation? We have a client device on a Remote AP wired port (doing 802.1x PEAP-TLS) that stops talking after five minutes. Normal company laptops don't have this issue (they keep communicating). Doing a packet capture on the laptops, we see that after five minutes, a TLS renegotiation occurs. The laptop handles it without a problem. I'm fairly certain that this is what is tripping up the other device. Since the renegotiation is initiated by the RAP/NAS, I'm wondering if there is a place that I can turn this timer off to accommodate the other client?
Guru Elite
Posts: 19,991
Registered: ‎03-29-2007

Re: TLS Renogotiation




Please open a TAC case to ensure that is what is happening with that specific device. You can also do a "show auth-tracebuf mac " on the controller to see what is going on with that client.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 4
Registered: ‎01-18-2010

Re: TLS Renogotiation

I decided to try a simple test first: enabling re authentication on the controller. I set the timer there for 7 minutes. After 7 minutes, successful re-auth occurs from the device and the connection remains stable. It appears that setting the re-auth timer stops the RAP from requesting the TLS renegotiation. The device in question can seemingly handle the re-authentication but not the cipher renegotiation.