We have done following configuration on cisco switch and dot1x authentications are working fine on clearpass. However we are getting repeated radius requets on clearpass with login status as "accept" due to which users are facing intermittent disconnection issue. Please help.
ip device tracking
aaa new-model
aaa authorization network default local group radius
radius-server vsa send authentication
radius-server host <CPPM IP> auth-port 1812 acct-port 1813 key <secret key>
radius-server host <CPPM IP> key 7 <secret key>
radius-server host <CPPM IP> key 7 <secret key>
radius-server retry method reorder
radius-server retransmit 3
radius-server timeout 15
radius-server deadtime 15
aaa authentication dot1x default group radius local
aaa authorization network default local group radius
aaa authorization auth-proxy default group radius
aaa accounting dot1x default start-stop group radius
dot1x system-auth-control
!
aaa server radius dynamic-author
client <CPPM IP> server-key <secret key>
port 3799
auth-type all
!
ip access-list extended CPG
deny tcp any host <CPPM IP>
permit tcp any any
!
interface GigabitEthernet1/0/12
switchport access vlan <VLAN>
switchport mode access
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x max-reauth-req 2
dot1x max-req 2
dot1x timeout supp-timeout 20
spanning-tree portfast
!