I have read the release notes for ArubaOS 6.3.1.11 and it is stated:
Symptom: When previously idle clients reconnected to the network, a configured CLASS attribute was
missing from the accounting messages sent from the RADIUS server. This issue is resolved with the
introduction of the delete-keycache parameter in the 802.1X authentication profile. When this
parameter is enabled, it deletes the user keycache when the client's user entries get deleted. This
forces the client to complete a full 802.1X authentication process when the client reconnects after an
idle timeout, so the CLASS attributes will again be sent by the RADIUS servers.
Scenario: This issue occurred in a deployment using RADIUS accounting, where the RADIUS server
pushed CLASS attributes in the access-accept messages for 802.1X authentication. When an idle user
timed out from the network, ArubaOS deleted the CLASS attribute for the user along with rest of the
user data.
I have updated to 6.3.1.11.
I have enabled delete-keycache under Dot1x profile and will monitor it. Our school is close for another week and I will test it once school re-open.