As there is no detail provided, I could only speculate that this could be related to session reauth and the expected behaviour of FlexAuth configuration on the switch.

See How to Ask the Community for Help 

Sorry Team,

I would like to share detail here and the sample switch configuration.

- Endpoint is windows 10 and No being sleep mode/Standby

- I have verify service start automatically start (wired autoconfig) and certificate is correct

- Issue happen every morning for only 2-3 hours after reauthentication session reached, Endpoint back to 802.1X.

Thank You

Hi @LY YIHEANG 

I see this a lot with Windows supplicants. And only Windows. Other supplicants (like cameras and phones using 802.1X) are rock solid and you never hear from them again after their initial authentication. Windows, on the other hand, is just doing whatever it likes to. 

I am fighting the same battle - I was on a Teams call with a customer, whose laptop decided to do this DURING the call, and he was using that laptop (therefore no energy saving or sleep would have triggered). I plan to look at the Windows Event Viewer logs for the Wired 802.1X Service to see what might have caused it to fail.

In most default GPOs, 802.1X will restart only in 10 minutes again. This can be tuned. But it's only a band aid solution. The real question is why the supplicant doesn't behave itself.

My troubleshooting advice:

- run a monitor capture on the interface and use a circular buffer to capture both directions of traffic. Once you notice the session has gone to MAB, stop the capture and analyse in Wireshark - look for possible causes and look at who sent the EAPOL frames

- Check the Windows Event Viewer Logs. Drill down to Applications and Services Logs > Microsoft > Windows > Wired-AutoConfig > Operational

It could be a device driver issue that is causing problems with the rest of Windows.