Extreme Networks

Have been working with an Extreme engineer regarding a Wireless Controller implementation.  Since my new company is also running FortiNAC that is EOL and they want us to upgrade, we decided to roll the Extreme Control NAC implementation in to the same project as the wireless.  Currently our FortiNAC solution is only doing basic MAC authorization.  

The Extreme Engineer was able to build the NAC engines and begin creating rule sets.  We were able to add one XOS stack of Extreme X440 G2 switches to NAC as a RADIUS client and saw the dynamic VLAN control working flawlessly.  A few more days into implementation the Engineer introduced 802.1x rules.  I explained we had not implemented 802.1x in the environment yet, but he insisted it was necessary for WiFi 6 and something we would want, so he configured AAA rules within Extreme control and some base 802.1x NAC policy rules.

We have attempted to add two more switch stacks as RADIUS clients to Extreme Control and both stacks are unable to process Dynamic VLAN control.  Devices connected to these switches are seen by the Extreme Control End-Systems screen and the End-Systems screen even shows the appropriate policy is being applied based on MAC address, but the switches never seem to receive or process anything back.  Looking at logs from the Switch side I can only see 802.1x failures on the port, but never successful MAC auths.

I have a GTAC case open, as well as the installation engineer reviewing configs, but no one has been able to explain why the first switch stack worked or why any other subsequent switches added as RADIUS clients are not processing MAC authorization appropriately.  My thought was this had something to do with 802.1x implementation, but has anyone else experience this issue? 

Running the command "Show netlogin session" on the switch stack that is working shows the sessions and authorizations, but running "show netlogin session" on any other switch added in NAC says there are no Netlogin entries.