but why would it say Auth - NO...the laptops here are all same make and model...also ip address not mentioned though it has actually picked up an ip address?

Wat do we see if we search fore the client on the WLC??

Regards

Surendra

just found out that

Policy Manager State  8021X_REQD

on the rest which gets an ip address , it is marked as

Policy Manager State RUN

not sure what this is ?

somewhere i read this is due to DHCP Server Required box being unchecked as we have two dhcp servers so this can happen (both trying to issue ip addrss). this problem can be overcome by checking DHCP Server and giving an ip address. not sure if this is the resolution but looks like this is sorted the problem on our other wlans

No.  That "DHCP Required" checkbox would on apply if you client was trying to use its own address (not DHCP) and the policy manager state would be saying DHCP_REQD.

Since you are saying the policy state is 8021X_REQD, then that means the client hasn't even passed L2 Authentication (its not even in a state to get an IP address).

If a client is in 8021X_REQD, then there is no way it should be passing traffic......   So are you sure clients are passing traffic though the WLC says 8021X_REQD?

The WLC should never let traffic through the WLC untill you have passed L2 AUTH (which sets up the encryption), and then it should only allow a small subset of traffic untill you pass DHCP_REQD....

I seriously doubt an 8021X_REQD client is passing traffic.......     Maybe if its HREAP and the WLC just isn't updating the state? But even that wouldn't make sense....  

Perhaps you can do a "debug client "   and several sets of "show client detail" over the course of a few minutes for a client in 8021x_Reqd.   I bet after a few seconds/minutes that client is continually being deauthenticated....