Good Day Support Team around the world,

Having started recently  tests with 802.1x in a lab environment, I noticed  a strange behavior related to authentication. First let me provide you with the network components I used.

supplicant:                    domain-joined laptop with Windows XP SP3 802.1x embedded client

authenticator1:              Cisco 2950-24   

authenticator2:              Cisco 3750-24

authentication server:     MS NPS Windows Server 2008

1.     In the first scenario with 3750 switch when I connect the laptop to relevant port the machine authentication is successful. Then I try to login with a domain account and again the authentication is completed without any problem. Then I log off and user authentication is revoked and the machine authentication is used again without any issue. When I try to login again as local user the authentication fails as expected but the port remains disabled (port blinking amber) regardless the fact that port is configured for Auth-Fail Vlan. When I log off then the machine authentication is used again and the access is granted.

2.     In the second scenario with 2950 switch as authenticator, I follow the same steps as before and when I try to login as local user the authentication is failed and the port is assigned the Auth-Fail Vlan (as expected based on configuration). However when I log off it seems that the 2950 switch still use the Auth-Fail Vlan for that port and never authenticates again for machine authentication.

Could you please let me someone know if this is normal ( I suppose no). Please find attached the relevant debug output from the second scenario.

Thank you!!!