I have been part of a team that is deploying dot1x on a Cisco based switching enterprise. Ever since dot1x has been turned on, the subnet we are testing on has had Windows machines (vista/win7 - 32/64 bit both) getting their DHCP reservations CORRPUTED. For some reason, dot1x came online, and several (not all) of the same machines with DHCP reservations on the subnet have been subjected to their DHCP reservation "breaking" -- the DHCP MMC lists "bad_address", and the MAC is CHANGED from the original, AND malformed - but here's the weird part -- the machine whose reservation is corrupted is DENIED a DHCP IP address, and self-assigns a 169.254.x.x -- so even though the "wrong" MAC is listed on the reservation, the DHCP server still "knows" to DENY that "reserved" MAC an address. Then, to top it off - I tested my own machine (that has a reservation in the DHCP database) -- except I set my address on my workstation to be a static one. My machine - with a STATIC IP address - from time to time gets an "IP conflict" with 0.0.0.0 (I was reading something about this being a gratuitous arp from the cisco switch), and the MAC address listed as being conflicting is the MAC of the switchport on the Cisco switch. My workstation THEN has a 169.254.x.x address even though it's STATIC! The fastest way I have found to remedy this is to disable and enable the NIC. It obviously has something to do with how cisco handles dot1x traffic, but I can't explain it. I just have to delete the "bad/corrupted" DHCP reservation and make a new one with the proper address. and it will last anywhere from a few days to a couple of weeks. . . then it will break again. And it's not *every* machine, which is really strange, too. Ideas?

What type of authentication you are using during the time of configuring Dot1x with windows 7Regards, Kalyan.

Hi, For 802.1X issue, I suggest you post at http://social.technet.microsoft.com/Forums/en-IE/winserverNAP/threads for hlep. Thanks for understanding.Juke Chou TechNet Community Support

We are having an almost identical issue, with the same systems and Dot1x in place. I've noticed that the conflict MAC address is the same address as the cisco switch interface too. If you find any further information on this, can you let me know? We're looking into this, and I'll post everything we come up with.

Hi, For 802.1X issue, I suggest you post at http://social.technet.microsoft.com/Forums/en-IE/winserverNAP/threads for hlep. Thanks for understanding.Juke Chou TechNet Community Support

I wonder what would happen if you setup DHCP snooping and dynamic ARP inspection on the switch? Thanks, Alex