802.1x PowerConnect MAB

We have two PowerConnect stacks at the moment and we will likely be purchasing more. We have been implementing 802.1x on our network throughout the last few months which has gone well on our Cisco estate however, now we are moving to Dell we are running into authentication issues. Here is my port configuration:

spanning-tree portfast
switchport access vlan 43
dot1x port-control mac-based
dot1x reauthentication
dot1x timeout re-authperiod 300
dot1x max-req 3
dot1x unauth-vlan 242
dot1x max-reauth-req 3
mab
authentication order dot1x mab
switchport voice vlan 44

 

here's our RADIUS configuration:

radius server auth 172.30.0.187
primary
name "Default-RADIUS-Server"
timeout 5
source-ip 172.30.255.3
attribute 31 mac format unformatted lower-case
key 7 "XXXXXXX"
exit

 

The device in question connects and has to wait a minute or two before the switch begins the authentication process which is one problem. Here the device is a printer with no 802.1x supplicant so we are attempting to use MAB. I can see the packets hit the RADIUS Server and it responds back with an Access-Challenge to which the switch immediately responds with the Access-Request which is based on MD5-Challenge EAP. This is then the error that the server throws:

Network Policy Server discarded the request for a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: NULL SID
Account Name: 0017c8107e20
Account Domain: -
Fully Qualified Account Name: -

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: f8:b1:56:6a:fc:dd
Calling Station Identifier: 0017c8107e20

NAS:
NAS IPv4 Address: 172.30.254.11
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Ethernet
NAS Port: 147

RADIUS Client:
Client Friendly Name: XXXXXX
Client IP Address: 172.30.255.3

Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: XXXXX
Authentication Type: -
EAP Type: -
Account Session Identifier: -
Reason Code: 96
Reason: Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete.

I have enabled MD5 Challenge on my Policy however, the authentication request doesn't pick that up as the desired policy. I'm sure im missing something daft but if anyone could shed some light on this it would be appreciated. Here is the following configuration of my NPS policy:

Condiitons:

NAS Port Type: Ethernet

Windows Groups: MAC-Bypass

Constraints:

Authentication Methods:

EAP Types: MD5-Challenge, Microsoft: Secured Password (EAP-MSCHAP v2), Microsoft: Protected EAP (PEAP)

Encrypted Authentication (Chap)

Unencrypted Authentication (PAP, SPAP)

Allow clients to connect without negotiating an authentication method

 

Settings

Radius Attributes - Standard
Framed-MTU: 1344

All other settings have been left at their defaults and some of these settings have been what I have found online based on the error we are getting. I know the RADIUS Client configuration is working fine as I authenticate to the management of the switch using the service. I haven't tested connecting using 802.1x supplicants yet as we need to get this piece working first.

Finally, the version of switch we are using is 6.5.4.10.

Cheers,

Talan