Okay. Here is my log below:
Please click on "show references" in your 802.1x profile to ensure that is the correct one referenced.
Below is a blacklist done with authentication failure 1 with an ipad:
Sep 14 04:12:23 :522042: <NOTI> |authmgr| User Authentication Failed: username=tyutty MAC=44:2a:60:c3:b8:fe IP=0.0.0.0 auth method=802.1x auth server=eTips
Sep 14 04:12:23 :522004: <DBUG> |authmgr| skipping mac : 44:2a:60:c3:b8:fe, from AP : 0.0.0.0, with authtype : 802.1x
Sep 14 04:12:23 :522030: <INFO> |authmgr| MAC=44:2a:60:c3:b8:fe Station deauthenticated: BSSID=00:1a:1e:82:41:33, ESSID=ACME-TLS
Sep 14 04:12:23 :522049: <INFO> |authmgr| MAC=44:2a:60:c3:b8:fe,IP=N/A User role updated, existing Role=logon/none, new Role=logon/none, reason=Station is L2 deauthenticated
Sep 14 04:12:23 :522050: <INFO> |authmgr| MAC=44:2a:60:c3:b8:fe,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Download driven by user role setting
Sep 14 04:12:23 :527000: <DBUG> |mdns| mdns_parse_auth_userrole_message 265 Auth User ROLE: MAC:44:2a:60:c3:b8:fe, NAME:tyutty, ROLE_NAME:logon
Sep 14 04:12:23 :501103: <WARN> |stm| Blacklist add: 44:2a:60:c3:b8:fe: Reason: auth-failure
Sep 14 04:12:23 :501065: <DBUG> |stm| Sending STA 44:2a:60:c3:b8:fe message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x3e8, wmm:1, rsn_cap:c
Sep 14 04:12:23 :522036: <INFO> |authmgr| MAC=44:2a:60:c3:b8:fe Station DN: BSSID=00:1a:1e:82:41:33 ESSID=ACME-TLS VLAN=1000 AP-name=AP125-Mesh-Portal
Sep 14 04:12:23 :522004: <DBUG> |authmgr| MAC=44:2a:60:c3:b8:fe ingress 0x108c (tunnel 12), u_encr 64, m_encr 64, slotport 0x1043 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 14 04:12:23 :522004: <DBUG> |authmgr| MAC=44:2a:60:c3:b8:fe Send Station delete message to mobility
Sep 14 04:12:23 :500511: <DBUG> |mobileip| Station 44:2a:60:c3:b8:fe, 0.0.0.0: Received disassociation on ESSID: ACME-TLS Mobility service Off, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP125-Mesh-Portal Group default BSSID 00:1a:1e:82:41:33, phy a, VLAN 1000
Sep 14 04:12:23 :500010: <NOTI> |mobileip| Station 44:2a:60:c3:b8:fe, 255.255.255.255: Mobility trail, on switch 192.168.1.3, VLAN 1000, AP AP125-Mesh-Portal, ACME-TLS/00:1a:1e:82:41:33/a
Sep 14 04:12:23 :522004: <DBUG> |authmgr| 44:2a:60:c3:b8:fe: station datapath entry deleted
Sep 14 04:12:23 :501080: <NOTI> |stm| Deauth to sta: 44:2a:60:c3:b8:fe: Ageout AP 192.168.1.251-00:1a:1e:82:41:33-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:12:23 :501000: <DBUG> |stm| Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:23 :501105: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Deauth from sta: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:33-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:12:23 :501000: <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm| Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:24 :501095: <NOTI> |stm| Assoc request @ 04:12:24.264729: 44:2a:60:c3:b8:fe (SN 1251): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501097: <WARN> |stm| Assoc request: 44:2a:60:c3:b8:fe: Dropped AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:12:24 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:24 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:12:28.942129: 44:2a:60:c3:b8:fe (SN 1251): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501100: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc success @ 04:12:28.943210: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501105: <NOTI> |stm| Deauth from sta: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:12:24 :501000: <DBUG> |stm| Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:24 :501103: <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm| Blacklist add: 44:2a:60:c3:b8:fe: Reason: user-defined
Sep 14 04:12:24 :501080: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Deauth to sta: 44:2a:60:c3:b8:fe: Ageout AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:12:24 :501000: <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm| Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:25 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:25 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:12:29.982688: 44:2a:60:c3:b8:fe (SN 1258): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501097: <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request: 44:2a:60:c3:b8:fe: Dropped AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:12:25 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:25 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:12:30.378050: 44:2a:60:c3:b8:fe (SN 1260): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501097: <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request: 44:2a:60:c3:b8:fe: Dropped AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:12:26 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:26 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:26 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:12:30.772492: 44:2a:60:c3:b8:fe (SN 1262): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:26 :501097: <WARN> |AP AP125-
And now, with an Android:
Sep 14 04:04:05 :522042: <NOTI> |authmgr| User Authentication Failed: username=fldoff MAC=10:bf:48:e8:1e:17 IP=0.0.0.0 auth method=802.1x auth server=eTips
Sep 14 04:04:05 :522004: <DBUG> |authmgr| skipping mac : 10:bf:48:e8:1e:17, from AP : 0.0.0.0, with authtype : 802.1x
Sep 14 04:04:05 :522030: <INFO> |authmgr| MAC=10:bf:48:e8:1e:17 Station deauthenticated: BSSID=00:1a:1e:82:41:21, ESSID=ACME-TLS
Sep 14 04:04:05 :522049: <INFO> |authmgr| MAC=10:bf:48:e8:1e:17,IP=N/A User role updated, existing Role=logon/none, new Role=logon/none, reason=Station is L2 deauthenticated
Sep 14 04:04:05 :522050: <INFO> |authmgr| MAC=10:bf:48:e8:1e:17,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Download driven by user role setting
Sep 14 04:04:05 :527000: <DBUG> |mdns| mdns_parse_auth_userrole_message 265 Auth User ROLE: MAC:10:bf:48:e8:1e:17, NAME:fldoff, ROLE_NAME:logon
Sep 14 04:04:05 :501103: <WARN> |stm| Blacklist add: 10:bf:48:e8:1e:17: Reason: auth-failure
Sep 14 04:04:05 :501065: <DBUG> |stm| Sending STA 10:bf:48:e8:1e:17 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x3e8, wmm:1, rsn_cap:0
Sep 14 04:04:05 :500511: <DBUG> |mobileip| Station 10:bf:48:e8:1e:17, 0.0.0.0: Received disassociation on ESSID: ACME-TLS Mobility service Off, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP125-Mesh-Portal Group default BSSID 00:1a:1e:82:41:21, phy g, VLAN 1000
Sep 14 04:04:05 :522036: <INFO> |authmgr| MAC=10:bf:48:e8:1e:17 Station DN: BSSID=00:1a:1e:82:41:21 ESSID=ACME-TLS VLAN=1000 AP-name=AP125-Mesh-Portal
Sep 14 04:04:05 :500010: <NOTI> |mobileip| Station 10:bf:48:e8:1e:17, 255.255.255.255: Mobility trail, on switch 192.168.1.3, VLAN 1000, AP AP125-Mesh-Portal, ACME-TLS/00:1a:1e:82:41:21/g
Sep 14 04:04:05 :522004: <DBUG> |authmgr| MAC=10:bf:48:e8:1e:17 ingress 0x108d (tunnel 13), u_encr 64, m_encr 64, slotport 0x1043 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 14 04:04:05 :522004: <DBUG> |authmgr| MAC=10:bf:48:e8:1e:17 Send Station delete message to mobility
Sep 14 04:04:05 :522004: <DBUG> |authmgr| 10:bf:48:e8:1e:17: station datapath entry deleted
Sep 14 04:04:05 :501080: <NOTI> |stm| Deauth to sta: 10:bf:48:e8:1e:17: Ageout AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:04:05 :501000: <DBUG> |stm| Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:05 :501105: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Deauth from sta: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:04:05 :501000: <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm| Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:06 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:06 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501095: <NOTI> |stm| Assoc request @ 04:04:06.678868: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501097: <WARN> |stm| Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:06 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:04:12.423278: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501100: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc success @ 04:04:12.424440: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501105: <NOTI> |stm| Deauth from sta: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:04:06 :501000: <DBUG> |stm| Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:06 :501103: <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm| Blacklist add: 10:bf:48:e8:1e:17: Reason: user-defined
Sep 14 04:04:06 :501080: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Deauth to sta: 10:bf:48:e8:1e:17: Ageout AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:04:06 :501000: <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm| Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:08 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:08 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:04:13.863754: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501097: <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:08 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:08 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:04:14.249761: 10:bf:48:e8:1e:17 (SN 6): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501097: <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:08 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:08 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:04:14.638410: 10:bf:48:e8:1e:17 (SN 8): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501097: <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:11 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:11 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:04:17.102131: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501097: <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:11 :501109: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:11 :501093: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501095: <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request @ 04:04:17.487217: 10:bf:48:e8:1e:17 (SN 6): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501097: <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm| Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection