Just to update you here.......after running some debugs on Swicth i found that....(Scenario-2)
When we connect 8021X enabled PCs (Coporate users) and Boot them...they initially behave like Non-8021X client while booting and during that time switch puts them in guest vlan but when workstation comes to a state (login prompt)where they start communicating like 8021X client.....switch just fails to put them in appropriate VLANs.. may be due to some time out issues.........I feel like i am very close to get the solution but just wondering which timers need to change or may be i am wrong if there is something else need to be put in...........any way i just shared my things with you....
Same Workstations are working fine with old swicthes without any problem...it is windows XP SP3
This should work either way, but FYI you have tweaked the following timer:
dot1x timeout tx-period 5
This means as soon as link comes up, the switch will send EAPOL-Id-Req frames on the wire to look for a supplicant. If it doesn't find on after 3 of these requests (15-sec) then if you also have the Guest-VLAN enabled, the port will be emabled blindly into the Guest-VLAN. The supplicant must certainly now send an EAPOL-Start to "get out" of the Guest-VLAN, but it should work either way, else it's a bug (or mis-config). Make sure your supplicant sends EAPOL-Starts either way.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...