Dot1x works until a switch is reloaded, afterward ports do not re-authenticate until they are bounced again, or endpoint is rebooted (NIC bounced)
Looking at logs with TAC they say the host is not responding (windows box) but why would bouncing the port fix it and not the switch reload in the first place? Is the port coming up before the switch is ready to authenticate? Someone must have run into a similar problem in a large scale deployment, we can recreate this with multiple switches and hosts.
config:
authentication event fail action next-method
authentication event server dead action authorize vlan 1
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
snmp trap mac-notification change added
snmp trap mac-notification change removed