Good Day, All,

We are currently encountering a problem where a small number of MacBooks are failing to process Identity Request packets for wired authentication before the connected ports are falling back to MAB.  This seems to occur when the devices are awakened from sleep or upon reboot and are connected to the wired network through Dell WD19TBS or DA300 docks.  It seems very clear to me, after taking a number of packet captures, that the devices are not able to process such packets for somewhere between 40 and 70 seconds after link-up.  Our retransmissions are currently set to occur at most twice with intervening 10-second timeouts, such that the switch will not retransmit again beyond 20 seconds after link-up.  This configuration seems to be in line with best practice.

I know I could extend the number of retransmissions and/or the timer to encompass the 70-second delay that our MacBooks may encounter, but we are heavily reliant on MAB for non-dot1X-capable devices, some of which I expect may stop doing DHCP after 60 seconds.  We are also operating in closed mode, such that if I stretch the timers and retransmissions as far as possible within a 60-second window, then I may be essentially allowing our MAB devices only one chance to perform DHCP upon initialization.

So, I guess my question is, has anyone else run into this problem with Macs, successfully tackled it, and if so, how?  Our endpoint support team will be opening a ticket with Apple to request troubleshooting of the initialization delay.

Thank you,

Nathan