Q: What is the default time for which Aruba will wait for client to respond before resending the last Key message?
A: During 802.1x authentication, after EAP success, keys are exchanged between the Aruba and the client. Subsequently the client starts sending / receiving IP traffic and he falls into appropriate user role. From Over The Air(OTA) PCAPs of the process, we can see the following:
Above image, we see 4 Key exchange message complete in 0.005 seconds.
However, sometimes the reply from the client take more time than usual. By default, Aruba will wait for 1000ms for before it resends the key message. In the example below, we see that Aruba waits for about a 1000 milliseconds before it resends the first key exchange message:
We can change this value in the dot1x profile:
(Master) #configure t
Enter Configuration commands, one per line. End with CNTL/Z
(Master) (config) #aaa authentication dot1x default
(Master) (802.1X Authentication Profile "default") #timer wpa-key-period ?
<wk-period> Time interval in Milli-Seconds. Range: 10-5000. Default: 1000.