I recently deployed this at a customer site and noticed inconsistent results based on the avaya code used.
With this code i didnt experienced any issues:
vfabian@integrationpartners.com - Outlook.png" alt="2017-10-31 15_56_11-Sent Items - vfabian@integrationpartners.com - Outlook.png">
This is the working config where if an 802.1X enabled client connects this authentication will happen first:
RADIUS SERVER CONFIGURATION
radius server host CLEARPASS-IP acct-enable retry 5
radius server host key "KEY"
radius server host CLEARPASS-IP used-by eapol acct-enable
radius server host key "KEY" used-by eapol
radius server host CLEARPASS-IP used-by non-eapol acct-enable
radius server host key "KEY" used-by non-eapol
COA CONFIGURATION
radius dynamic-server client CLEARPASS-IP
radius dynamic-server client CLEARPASS-IP secret "KEY"
radius dynamic-server client CLEARPASS-IP process-change-of-auth-requests
radius dynamic-server client CLEARPASS-IP process-disconnect-requests
GLOBAL EAP CONFIGURATION
eapol multihost allow-non-eap-enable
eapol multihost radius-non-eap-enable
eapol multihost non-eap-phone-enable
eapol multihost eap-packet-mode unicast
eapol multihost multivlan enable
eapol multihost adac-non-eap-enable
EAP INTERFACE CONFIGURATION
interface Ethernet ALL
eapol multihost port 1-46 enable eap-mac-max 3 allow-non-eap-enable non-eap-mac-max 3 radius-non-eap-enable auto-non-eap-mhsa-enable non-eap-phone-enable non-eap-use-radius-assigned-vlan eap-packet-mode unicast adac-non-eap-enable
exit
no eapol multihost non-eap-pwd-fmt ip-addr
no eapol multihost non-eap-pwd-fmt port-number
interface Ethernet ALL
eapol port 1-46 status auto re-authentication enable re-authentication-period 1000 supplicant-timeout 3 server-timeout 10
interface Ethernet ALL
eapol port 1-46 radius-dynamic-server enable