cjoseph,
we'll definitely continue working with TAC on this. my supervisor and I just wanted to see if there was anything else that could be suggested, and possibly help us interprete what we're seeing, since TAC is focused on resolving the issue.
With termination disabled, show auth-tracebuf gave us the following (two different devices):
Feb 2 16:30:15 station-up * XX:XX:XX:XX:1c:6b 6c:f3:7f:XX:XX:92 - - wpa2 aes
Feb 2 16:30:15 eap-id-req <- XX:XX:XX:XX:1c:6b 6c:f3:7f:XX:XX:92 1 5
Feb 2 16:30:15 eap-id-resp -> XX:XX:XX:XX:1c:6b 6c:f3:7f:XX:XX:92 1 14 E00###689
Feb 2 16:30:15 rad-req -> XX:XX:XX:XX:1c:6b 6c:f3:7f:XX:XX:92 251 199
Feb 2 16:30:15 rad-resp <- XX:XX:XX:XX:1c:6b 6c:f3:7f:XX:XX:92/NPS_server 251 90
Feb 2 16:30:15 eap-req <- XX:XX:XX:XX:1c:6b 6c:f3:7f:XX:XX:92 2 6
Feb 2 16:30:15 eap-resp -> XX:XX:XX:XX:1c:6b 6c:f3:7f:XX:XX:92 2 152
Feb 2 16:30:15 station-down * XX:XX:XX:XX:1c:6b 6c:f3:7f:XX:XX:92 - -
Feb 2 16:31:23 eap-start -> XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 - -
Feb 2 16:31:23 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 1 5
Feb 2 16:31:28 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 1 5
Feb 2 16:31:34 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 2 5
Feb 2 16:31:39 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 2 5
Feb 2 16:31:44 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 2 5
Feb 2 16:31:50 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 3 5
Feb 2 16:31:56 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 3 5
Feb 2 16:32:01 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 3 5
Feb 2 16:32:08 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 4 5
Feb 2 16:32:14 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 4 5
Feb 2 16:32:20 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 4 5
Feb 2 16:32:25 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 5 5
Feb 2 16:32:30 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 5 5
Feb 2 16:32:35 eap-id-req <- XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 5 5
Feb 2 16:32:41 station-down * XX:XX:XX:XX:d5:b9 6c:f3:7f:XX:XX:f0 - -
Coupled with that are Access-Requests and Access-Challenges, but never anything else. We also searched for the Event ID 13 as suggested and didn't find it in Event Viewer.
Also when doing a show log, there are tons of the following for many users:
"Maximum number of retries was attempted for station [User Name] [station MAC] [AP MAC], authenticating the station"
"Dropping the radius packet for Station [station MAC] [AP MAC] doing 802.1x"
"Failed to send the radius request for Station [station MAC] [AP MAC]"
And an occasional "Dropping the radius packet for Station [station MAC] [AP MAC]"
We'll keep waiting for TAC's response, but just wanted to see if we could get some insight while we wait. If not, then not a big deal.
Thanks