Wireless Access

I wanted to post this out here to see if there are any suggestions/comments on this issue.

 

We recently upgraded our RADIUS infrastructure to Cisco ACS. During this upgrade we moved our 802.1X authentication over to this new system. Since then, we've been having timeouts every 12 hours for users in which are authenticated - active and non-active sessions. The RADIUS logs indicate "empty TLS messages" which indicate to me a problem with either the supplicant or the RADIUS ACS. To troubleshoot, we removed the load balancer out of the equation and also pointed to a single RADIUS server instead of the cluster. I've checked settings on the Aruba side - which are set 24 hours, but since the controller is responsible for just passing the credentials through -- I'm not sure there is much more I can check/fine tune.

 

Has anyone deployed the Cisco ACS and had similar issues? We do use certificates on a CAC card to make things more interesting.

 

You should probably look at the certificate setup.

Are you suggesting that something change on the PKI infrastructure?

Ask Cisco what the Empty TLS message means?

I have seen these type error message and it is related to the you way you have installed the cert on ACS server it's been a while that I worked with ACS so I don't remember all the steps but like Colin said try looking up what that error message means