Powerconnect 6224/6248 802.1X issues

Hi,

I'm running a stack of 6224/6248 switches in a windows 2008R2 environment. They are configured to control access through 802.1 (auto-mode) and to get the authentication information, including vlan assignment from my primary NPS server (RADIUS). Everything seemed to be running ok at first, but at random times, clients are dropped and are no longer able to access the network. However, when I look at the port status at that time, the port still shows up as 'authenticated'; however no packets can flow. Sometimes it helps to disable and enable the network adapter or to physically disconnect the cable. However, that is not a good solution for 100+ PCs

I've checked the NPS logs, but everything seems fine there; it indicates that users are granted access and put into the right VLAN. Looking at the remote syslog of the switch stack, I get entries like these throughout the day :

8 192.168.100.100-1 TRAPMGR[152722416]: traputil.c(611) 4735 %% Link on 6/0/16 is failed
2012-01-06 09:53:31	Local7.Notice	192.168.100.100	 JAN 06 09:53:18 192.168.100.100-1 TRAPMGR[152722416]: traputil.c(611) 4736 %% 6/0/16 is transitioned from the Forwarding state to the Blocking state in instance 0
2012-01-06 09:53:31	Local7.Error	192.168.100.100	 JAN 06 09:53:19 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(853) 4737 %% Notification(2) received for entry(4400) not present 
2012-01-06 09:53:31	Local7.Error	192.168.100.100	 JAN 06 09:53:19 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(853) 4738 %% Notification(2) received for entry(4416) not present 
2012-01-06 09:53:31	Local7.Error	192.168.100.100	 JAN 06 09:53:19 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(853) 4739 %% Notification(2) received for entry(4432) not present 
2012-01-06 09:53:31	Local7.Error	192.168.100.100	 JAN 06 09:53:19 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(853) 4740 %% Notification(2) received for entry(4448) not present 
2012-01-06 09:53:31	Local7.Error	192.168.100.100	 JAN 06 09:53:19 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(853) 4741 %% Notification(2) received for entry(4544) not present 
2012-01-06 09:53:31	Local7.Error	192.168.100.100	 JAN 06 09:53:19 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(853) 4742 %% Notification(2) received for entry(4560) not present 
2012-01-06 09:53:31	Local7.Error	192.168.100.100	 JAN 06 09:53:19 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(853) 4743 %% Notification(2) received for entry(4656) not present 
2012-01-06 09:53:31	Local7.Error	192.168.100.100	 JAN 06 09:53:19 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(853) 4744 %% Notification(2) received for entry(4800) not present 
2012-01-06 09:53:31	Local7.Error	192.168.100.100	 JAN 06 09:53:19 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(853) 4745 %% Notification(2) received for entry(4816) not present 
2012-01-06 09:53:35	Local7.Notice	192.168.100.100	 JAN 06 09:53:22 192.168.100.100-1 TRAPMGR[152722416]: traputil.c(611) 4746 %% 6/0/16 status is Unauthorized
2012-01-06 09:53:35	Local7.Notice	192.168.100.100	 JAN 06 09:53:22 192.168.100.100-1 TRAPMGR[152722416]: traputil.c(611) 4747 %% Link Up: 6/0/16

At other times, the log is filled with entries like these 

0	 JAN 06 09:53:44 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(827) 4780 %% Notification(1) received for entry(4432) already present 

2012-01-06 09:53:56	Local7.Error	192.168.100.100	 JAN 06 09:53:44 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(827) 4781 %% Notification(1) received for entry(4448) already present 
2012-01-06 09:53:56	Local7.Error	192.168.100.100	 JAN 06 09:53:44 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(827) 4782 %% Notification(1) received for entry(4544) already present 
2012-01-06 09:53:56	Local7.Error	192.168.100.100	 JAN 06 09:53:44 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(827) 4783 %% Notification(1) received for entry(4560) already present 
2012-01-06 09:53:56	Local7.Error	192.168.100.100	 JAN 06 09:53:44 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(827) 4784 %% Notification(1) received for entry(4656) already present 
2012-01-06 09:53:56	Local7.Error	192.168.100.100	 JAN 06 09:53:44 192.168.100.100-6 DOT1X[140205616]: dot1x_nsf.c(827) 4785 %% Notification(1) received for entry(4800) already present

Does anyone have any idea what could be going wrong ? As I said, the state of the port remains 'authenticated' in the switch. I've tried raising the re-authentication period to no avail.

Thanks

Regards,

Peter