Clients being dropped/put into the remediation vlan instead of the production vlan
Symptoms Clients failing authentication and being put into the remediation vlan instead of the production vlan
An ACS Radius server was configured to supply the AAA (Authentication, Authorization & Accounting), information for clients accessing the 802.1x network and was configured to use both port 1812 for Authentication/Authorization and port 1813 for Accounting. However, the Lan Enforcer was only configured to pass port 1812 Authentication/Authorization packets and would sometimes block the port 1813 packets for the Accounting packets. The fix for this issue is to turn on Accounting on the Lan Enforcer to allow port 1813 Accounting packets to pass through the Lan Enforcer without being blocked.
On the Enforcer, you would go to "Configure" then "Advanced" then type in "enable acc_port 1813". This will allow the Enforcer to pass the port 1813 accounting packets. The Lan Enforcer supports port 1812 for authentication/authorization and port 1813 for accounting. In fact, the Enforcer will ONLY support 1813 for accounting.
The procedure can also be found on page 245 in the Enforcer Implementation Guide.
Imported Document ID: TECH92892
Subscribing will provide email updates when this Article is updated. Login is required.