10-11-2016 12:52 AM
That question is not so easy to answer. WPA2-PSK and WPA2-Enterprise both use 128 bit keys (TK1 & TK2) for the data encryption. However that key is derived from a Master key (MK) that must be at least 128 bits long (key strength), and it depends on what provides the MK what the actual strength is. For WPA2-PSK it is derived from the PSK, for WPA2 Enterprise it is derived during the authentication.
This is defined in the 802.11i standard (https://www.ietf.org/rfc/rfc4017.txt), and if you want to understand it more, you can check the standard itself or a better readable summary like http://tldp.org/HOWTO/8021X-HOWTO/intro.html#Key
Be warned: there are quite some keys, derivation, algorithms used together each with its own key length and purpose. That makes is impossible to answer your question.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
10-11-2016 08:56 AM
I've found mention of Aruba platforms supporting AES-256-GCM with an ACR license, and that Aruba platforms also support suite B cyphers. Without the license, we use AES-CCM .
If I understand it correctly, it sounds as if 256 bit encryption is possible. Without the ACR license, it is unlikely that a normal controller running WPA2-AES w/ 802.1x auth is using 256 bit encryption, though.
10-11-2016 09:08 AM
It isn't so much as we -need- 256-bit or suite b encryption -- we are currently under an audit, and I'm trying to find out a definitive yes/no for the standard wpa2-aes encryption opmode bitrate. The documentation I've found doesn't clearly say it one way or another.