Hi John,
That is interesting looking at your trace. It appears that the client is never attempting to exchange it client certificate. If you have a look at this successful auth-tracebuf below you will see what is expected next in the transaction.
(Aruba6xx) #(Aruba6xx) #show auth-tracebuf count 20
Auth Trace Buffer
-----------------
Jun 21 16:50:19 station-up * e8:06:88:9c:a3:50 00:24:6c:34:bd:8a - - open system
Jun 21 16:50:19 station-data-ready * e8:06:88:9c:a3:50 00:00:00:00:00:00 1 -
Jun 21 16:51:16 station-up * e8:06:88:9c:a3:50 00:24:6c:34:bd:8a - - open system
Jun 21 16:51:16 station-data-ready * e8:06:88:9c:a3:50 00:00:00:00:00:00 1 -
Jun 21 16:51:40 station-down * 5c:59:48:aa:59:e8 00:24:6c:34:bd:80 - -
Jun 21 16:51:45 station-up * 5c:59:48:aa:59:e8 00:24:6c:34:bd:80 - - wpa2 aes
Jun 21 16:51:45 station-term-start * 5c:59:48:aa:59:e8 00:24:6c:34:bd:80 1 -
Jun 21 16:51:46 client-cert -> 5c:59:48:aa:59:e8 00:24:6c:34:bd:80/corp-employee-dot1x 915 915
Jun 21 16:51:46 client-finish -> 5c:59:48:aa:59:e8 00:24:6c:34:bd:80/corp-employee-dot1x - -
Jun 21 16:51:46 server-finish <- 5c:59:48:aa:59:e8 00:24:6c:34:bd:80/corp-employee-dot1x - -
Jun 21 16:51:46 server-finish-ack -> 5c:59:48:aa:59:e8 00:24:6c:34:bd:80/corp-employee-dot1x - -
Jun 21 16:51:46 eap-success <- 5c:59:48:aa:59:e8 00:24:6c:34:bd:80/corp-employee-dot1x - -
Jun 21 16:51:46 station-data-ready * 5c:59:48:aa:59:e8 00:00:00:00:00:00 1 -
Jun 21 16:51:46 wpa2-key1 <- 5c:59:48:aa:59:e8 00:24:6c:34:bd:80 - 117
Jun 21 16:51:47 wpa2-key1 <- 5c:59:48:aa:59:e8 00:24:6c:34:bd:80 - 117
Jun 21 16:51:47 wpa2-key2 -> 5c:59:48:aa:59:e8 00:24:6c:34:bd:80 - 117
Jun 21 16:51:47 wpa2-key3 <- 5c:59:48:aa:59:e8 00:24:6c:34:bd:80 - 151
Jun 21 16:51:47 wpa2-key4 -> 5c:59:48:aa:59:e8 00:24:6c:34:bd:80 - 95
Jun 21 16:52:22 station-up * e8:06:88:9c:a3:50 00:24:6c:34:bd:8a - - open system
Jun 21 16:52:22 station-data-ready * e8:06:88:9c:a3:50 00:00:00:00:00:00 1 -
(Aruba6xx) #
This can sometimes indicate that the client is not happy with the client certificate for some reason and therfore wont initiate the certificate exchange. I will follow up on the support case and see what else I can find out.
Rgds
Cam.