Is that the authentication for client? Does your AP have a static IP, or is it DHCP? Is the AP connected to a controller or is EBW? Is the policy checking for NAS ID? I am just thinking that after reconnect the AP is getting a new IP and the Radius packet a sourced from different IP if the policy is not checking for the NAS ID... but I am not radius expert at all... and last but not least - go away from EAP-FAST on ISE<2.6 and iPhones 🙂 I had too much trouble with TLS version miss-match.
... View more
