Hello,

I am in the early stages of pushing out wired NAC to locations. I have the same two profiles, one that is doing EAP-Chaining and one open authentication. I have tested these two profiles for pre-deployment, switches aren't configure to do 802.1x with ISE will be doing open authentication. Switches that are configure to do 802.1x will do EAP-Chaining, but have you run into situations where the PC is doing EAP-Chaining with Machine authentication (no user logged in) at a branch site. The site loses WAN connection back to the ISE node at hub location, machine switches profile to open authentication and allows user to login based on being logged in before. Once the WAN link is back up, profile is stuck on open authentication and wont re authentication (user+machine) with EAP-chaining for full network access unless the port bounce or the machine is restarted. Thanks for the great info and help!  
 

What is your switchport config look like?

interface FastEthernet0/1
 description Data Port
 switchport access vlan 116
 switchport mode access
 ip access-group ACL-DEFAULT in
 speed 10
 duplex full
 authentication event fail action next-method
 authentication event server dead action authorize
 authentication event server alive action reinitialize
 authentication host-mode multi-domain
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity 180
 authentication violation restrict
 mab
 no snmp trap link-status
 dot1x pae authenticator
 dot1x timeout tx-period 10
 no mdix auto
 spanning-tree portfast
 spanning-tree bpduguard enable

Is there a setting that I am missing to re-authenticate when the WAN links are up

Good job on figuring out the solution to your problem and for taking the time to share it everyone here (+5 from me) :)