https://community.cisco.com/t5/network-access-control/peap-eap-tls-replication-in-node-group/m-p/3454507#M527918 <HTML><HEAD></HEAD><BODY><DIV><P>Feature is based on master key that is common to all so that connection to different PSN will allow resumption based on initial negotiation for same master key.</P></DIV></BODY></HTML> Mon, 07 Aug 2017 16:44:33 GMT Craig Hyps 2017-08-07T16:44:33Z https://community.cisco.com/t5/network-access-control/peap-eap-tls-replication-in-node-group/m-p/3454506#M527917 <HTML><HEAD></HEAD><BODY><P class="p1"><SPAN class="s1">Hi there,</SPAN></P><P class="p1"><SPAN class="s1"><BR /></SPAN></P><P class="p1"><SPAN class="s1">My customer has a concern around millisecond network/IP outages for the traders. </SPAN></P><P class="p1"><SPAN class="s1"><BR /></SPAN></P><P class="p1"><SPAN class="s1">Question:</SPAN></P><P class="p1"><SPAN class="s1"><BR /></SPAN></P><P class="p1"><SPAN class="s1">1. How is the PEAP/EAP-TLS session resumption replicated between PSNs in a node group? </SPAN></P><P class="p1"></P><P class="p1"><SPAN class="s1">My customer recognises that in a normal office environment, the PEAP/EAP-TLS exchange and failover process is "almost invisible" and not an issue however extra due diligence is required for trader workstations.</SPAN></P><P class="p1"><SPAN class="s1"><BR /></SPAN></P><P class="p1"><SPAN class="s1">Thank you,</SPAN></P><P class="p1"><SPAN class="s1">Arron<BR /></SPAN></P></BODY></HTML> Mon, 07 Aug 2017 16:24:20 GMT https://community.cisco.com/t5/network-access-control/peap-eap-tls-replication-in-node-group/m-p/3454506#M527917 kerai08 2017-08-07T16:24:20Z https://community.cisco.com/t5/network-access-control/peap-eap-tls-replication-in-node-group/m-p/3454507#M527918 <HTML><HEAD></HEAD><BODY><DIV><P>Feature is based on master key that is common to all so that connection to different PSN will allow resumption based on initial negotiation for same master key.</P></DIV></BODY></HTML> Mon, 07 Aug 2017 16:44:33 GMT https://community.cisco.com/t5/network-access-control/peap-eap-tls-replication-in-node-group/m-p/3454507#M527918 Craig Hyps 2017-08-07T16:44:33Z https://community.cisco.com/t5/network-access-control/peap-eap-tls-replication-in-node-group/m-p/3454508#M527919 <HTML><HEAD></HEAD><BODY><P>Thanks, Craig!</P></BODY></HTML> Mon, 07 Aug 2017 16:50:58 GMT https://community.cisco.com/t5/network-access-control/peap-eap-tls-replication-in-node-group/m-p/3454508#M527919 kerai08 2017-08-07T16:50:58Z https://community.cisco.com/t5/network-access-control/peap-eap-tls-replication-in-node-group/m-p/3454509#M527920 <HTML><HEAD></HEAD><BODY><P>Sure.&nbsp; I should add that the implementation is based on RFC 5077 for session ticket extensions with EAP-TLS.&nbsp; The feature is not limited to node group, but config is common across all PSNs as all will leverage the same master ticket.&nbsp; A bit more info is provided in the Reference presentation for BRKSEC-3699 (CiscoLive.com&nbsp; &gt;&gt; Session Catalog &gt;&gt; BRKSEC-3699 @ CLUS Vegas 2017).</P><P></P><P>Also, the implementation is specific to EAP-TLS.</P></BODY></HTML> Mon, 07 Aug 2017 20:32:23 GMT https://community.cisco.com/t5/network-access-control/peap-eap-tls-replication-in-node-group/m-p/3454509#M527920 Craig Hyps 2017-08-07T20:32:23Z