I encountered the following: after successful 802.1x authentication, the "passed authentication" log on ACS is filling with "authen OK" logs from the same user - every 2 minutes one new entry. The reauthentication on the switch is for sure turned off. Every two minutes on user's WinXP station there is baloon info that network is now connected, and there is a break in pings (about 2-4 seconds). What is causing this, and how can it be removed? Switch 6500, Catos 8.5.8, ACS 4.1.3, WinXp are using machine authentication.
I am having a similar issue. The access switch is a 3560 running 12.2(25)SED1 going against ACS 4.1. Reauthentication is disabled in the port configuration and the workstations are configured with the AuthMode=2 and SupplicantMode=3 DWord registry settings.
Unlike your scenario, I only see one (the first) success entry in ACS until right at 14 hours later, when I start seeing one every 30 seconds or so. At that point, I see the same scenario you mention above with the client baloon message as well every 30 seconds. If someone else does not provide an answer or insight, perhaps we can collaborate and solve this issue ourselves.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...