So I called Aruba support earlier this week to see if they had any suggestions and had a pretty poor experience. I got a low-level tech who basically told me I had to redesign our entire network to "have an external power supply." We already have UPS battery backups for all our edge switches. But this issue will still crop up during other times we have a cold boot of the device (such as switch location move) or if for some reason power is out for an extended period time and runs through the UPS's battery.
What I was hoping for was a way to have the switch ignore the date validity period on the RADIUS peap MSCHAPv2 certificate or have a date hard-coded into the startup config that sets the date to a period within the certificate valid period or maybe detect ports with a status of "rejected,unauth vlan" then disable and enable those individual ports or a way to delay bringing up certain interfaces upon a cold boot so that SNTP can sync first before authenticating devices. Something...
But, she kept repeating we needed to redesign our network and that she couldn't offer any suggestions because I was not actually experiencing a device malfunction. All the other companyies I've worked with have offered to assist in our configuration needs so this was really a let down.
I asked to escalate the case and she said she would instead check with a senior engineer and let me know. She called back and said they said the same thing she told me earlier. I asked again to see if they could provide some sort of workaround for this issue and she said she would check again with a senior tech. Later that day my case was closed without further contact from the her.
So... I'm resorting back to this post in hopes I can get some suggestions as a workaround.