This issue was enventually resolved. Prior to this 802.1X rollout we had Cisco AnyConnect installed on all our machines. We did push an uninstall to have this removed from all devices, but it seems even after an uninstall there are still remenants of AnyConnect installed. AnyConnect was intercepting EAP packets and thus failing the 802.1X authentication. Cisco TAC gave us a AnyConnect uninstall .exe and a command to run which removed all remaining remenants of AnyConnect. Once that was done, everything has been working great with zero issues since.
If you previously used AnyConnect, reach out to Cisco TAC and ask them for the "PurgeNotifyObjects.exe". run this on all machines.