dot1x sessions not expiring, unable to establish device connectivity on a different port

Hello,

We are running N3048 using software 6.5.4.17

When hosts are connected through an intermediate switch we are having issues with Dot1x combined with the mac address table.

Mini-switch connected downstream on a port with dot1x/mab enabled.

Dell N3048P   --Link1--   Miniswitch   --Link2---   Device

dot1x

#show dot1x clients ...

Interface...................................... Gi3/0/35
User Name...................................... A066xxxxx
Supp MAC Address............................... A066.xxxx.1562
Session Time................................... 10794190 ---------------- it was once connected ages ago, yet the session remains?
Filter Id......................................
RADIUS Framed IPv4/IPv6 address................
VLAN Assigned.................................. 102

fdb

#show mac address-table interface gigabitethernet 3/0/35

Aging time is 300 Sec ------- why is it not timing out?

Vlan Mac Address Type Port
-------- --------------------- ----------- ---------------------
100 6400.xxxx.7CE7 Dynamic Gi3/0/35
100 E446.xxxx.D85D Dynamic Gi3/0/35
102 A066.xxxx.1562 Dynamic Gi3/0/35 ---------------- it has not been connected for ages here, why is it still in the FDB?

Obviously the link on Gi3/0/35 is always up because of the intermediate switch.

When you plug device A066.xxxx.1562 into some other port of Dell N3048 where authentication is not enabled (VLAN is statically defined on the port), then you have no connectivity. It does not learn the MAC on a different port which uses no authentication. (I have not tested a different port which actually does use authentication.)

Clearly, the auth session on the FDB entry on Gi3/0/35 should have timed out and independently of that allowed the device to be connected to another (unauthenticated) port.

When we restart the intermediate switch which thus resets the dot1x and fdb state on Dell N3048, then connectivity can be established on a different port.

Thoughts?