Wireless Access

Reply
Contributor I
Posts: 26
Registered: ‎03-28-2012

802.1X Authentication Timeout - 12 hour intervals

I wanted to post this out here to see if there are any suggestions/comments on this issue.

 

We recently upgraded our RADIUS infrastructure to Cisco ACS. During this upgrade we moved our 802.1X authentication over to this new system. Since then, we've been having timeouts every 12 hours for users in which are authenticated - active and non-active sessions. The RADIUS logs indicate "empty TLS messages" which indicate to me a problem with either the supplicant or the RADIUS ACS. To troubleshoot, we removed the load balancer out of the equation and also pointed to a single RADIUS server instead of the cluster. I've checked settings on the Aruba side - which are set 24 hours, but since the controller is responsible for just passing the credentials through -- I'm not sure there is much more I can check/fine tune.

 

Has anyone deployed the Cisco ACS and had similar issues? We do use certificates on a CAC card to make things more interesting.

MVP
Posts: 4,269
Registered: ‎07-20-2011

Re: 802.1X Authentication Timeout - 12 hour intervals

 

You should probably look at the certificate setup.

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 26
Registered: ‎03-28-2012

Re: 802.1X Authentication Timeout - 12 hour intervals

Are you suggesting that something change on the PKI infrastructure?

Guru Elite
Posts: 21,010
Registered: ‎03-29-2007

Re: 802.1X Authentication Timeout - 12 hour intervals

Ask Cisco what the Empty TLS message means?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,269
Registered: ‎07-20-2011

Re: 802.1X Authentication Timeout - 12 hour intervals

I have seen these type error message and it is related to the you way you have installed the cert on ACS server it's been a while that I worked with ACS so I don't remember all the steps but like Colin said try looking up what that error message means
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: