I wanted to post this out here to see if there are any suggestions/comments on this issue.
We recently upgraded our RADIUS infrastructure to Cisco ACS. During this upgrade we moved our 802.1X authentication over to this new system. Since then, we've been having timeouts every 12 hours for users in which are authenticated - active and non-active sessions. The RADIUS logs indicate "empty TLS messages" which indicate to me a problem with either the supplicant or the RADIUS ACS. To troubleshoot, we removed the load balancer out of the equation and also pointed to a single RADIUS server instead of the cluster. I've checked settings on the Aruba side - which are set 24 hours, but since the controller is responsible for just passing the credentials through -- I'm not sure there is much more I can check/fine tune.
Has anyone deployed the Cisco ACS and had similar issues? We do use certificates on a CAC card to make things more interesting.