Clients being dropped/put into the remediation vlan instead of the production vlan

book

Article ID: 177573

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Clients being dropped/put into the remediation vlan instead of the production vlan

Symptoms
Clients failing authentication and being put into the remediation vlan instead of the production vlan


Cause

An ACS Radius server was configured to supply the AAA (Authentication, Authorization & Accounting), information for clients accessing the 802.1x network and was configured to use both port 1812 for Authentication/Authorization and port 1813 for Accounting. However, the Lan Enforcer was only configured to pass port 1812 Authentication/Authorization packets and would sometimes block the port 1813 packets for the Accounting packets. The fix for this issue is to turn on Accounting on the Lan Enforcer to allow port 1813 Accounting packets to pass through the Lan Enforcer without being blocked.

Resolution

On the Enforcer, you would go to "Configure" then "Advanced" then type in "enable acc_port 1813". This will allow the Enforcer to pass the port 1813 accounting packets. The Lan EnforcerĀ supports port 1812 forĀ authentication/authorization and port 1813 for accounting. In fact, the Enforcer will ONLY support 1813 for accounting.


References
The procedure can also be found on page 245 in the Enforcer Implementation Guide.