Controller Based WLANs

What does delete-keycache option in dot1x profile do ?

by on ‎04-05-2015 06:00 AM

Answer- 

PMK cache exists on controller even after user deleted from user-table. Controller doesn’t send Class attribute in accounting packet if user reconnects after user idle time out when PMK cache exits


(host) (config) #aaa authentication dot1x  test
(host) (802.1X Authentication Profile "test") #?
delete-keycache         Delete key cache entry when user entry is deleted.
                        Default is disabled.
 

Delete pmk cache knob introduced in dot1x profile to clear pmk cache after user ages out. By Default delete pmkcache knob is in disable state. 


To verify, enable Debugging on below modules. 
      logging level debugging security
and look for below message to make sure the key-cache is deleted. 
  

Oct 19 08:51:44 :524136:  <DBUG> |authmgr|  dot1x_gsm_delete_pmkcache(): MAC:12:cc:00:00:01:00 BSS:d8:c7:c8:8a:88:d0 GSM: Successfully deleted PMK-cache object.
Oct 19 08:51:44 :524131:  <DBUG> |authmgr|  dot1x_gsm_delete_keycache(): MAC:12:cc:00:00:01:00 GSM: Successfully deleted Key-cache object.

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.