I have 802.1x setup on a Catalyst 2950 switch with Cisco ACS 4.2 Radius server. Authentication and authorization for machine authentication is working fine. I see the records in the "passed authentication" cvs file on the ACS server. Problem is, when I test a random non authorized laptop by plugging in to a dot1x configured port, the authentication and authorization works by rejecting the laptop and the switch port remains unauthorized but the record is never logged in the "Failed Attempts" cvs file.
the only time I see entries in there is when I mess with the authorized computers credentials and kill thir authorizes status, they show up. I want to see when strangers wander up to a wall jack and try to gain access by seeing their attempts recorded.