Thanks for the reply, clembo. Responses below...
>What type of switch are you using?
Mostly Enterasys C3/C5 stack switches
>Why is the port trying to do MAC Auth if the computer is asleep?
Wake on LAN. When the workstations go to sleep, the integrated NIC renegotiates to a lower speed (usually 100M-FD) so the system can still do WOL. The renegotiation causes the port to flap, terminating the 802.1x session. The system is incapable of doing 802.1x while in sleep, and the switch begins attempting MAC auth generating tons of failed login attempts.
>Do you need MAC Auth on those ports if they are capable of 802.1X?
I want to avoid only enabling MAC auth on specific ports, so yes. We're a University, non-802.1x-capable devices move around constantly.
>It is common for switches (or wireless controllers) to send the MAC as both the username and password; this is not something unique to CPPM.
Yup, I know. I'm looking for a workaround in CPPM because it's flexible.