I´m facing some issues with our Cisco AP (C9120AXI-E). When I connect them to our MX68CW Router with configured dot1x it works just fine. But as soon as I disconnect and reconnect the AP the authentication fails.
Reconnect of AP:
So I guess that the RADIUS server (ISE) is configured correctly because of the authentication success of the first plug-in.
I am just thinking that after reconnect the AP is getting a new IP and the Radius packet a sourced from different IP if the policy is not checking for the NAS ID... but I am not radius expert at all...
and last but not least - go away from EAP-FAST on ISE<2.6 and iPhones 🙂 I had too much trouble with TLS version miss-match.