End-System reason 'End-System Session Detected'?

Anonymous — Wed, 07 Apr 2021 02:04:03 GMT

Hi,

Have recently migrated a mobile providers APN device over to Extremecontrol.

In the example below the third line down is a legitimate authentication requested from a mobile device, and these use PAP to authenticate.

The question is in relation to the lines shown in red.

When debugging requests shown below (IP’s and MAC’s have been masked), and further validated through a pcap, these are just accounting (port 1813) messages and not real authentication (port 1812) requests.

2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Accounting Session-Timeout disabled, Switch: 10.x.x.x RADIUS accounting is: enabled
2021-03-31 20:53:51,945 INFO [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Processing Accounting Request for MAC: 44-79-71-xx-xx-xx, userName: GPRSWINP8, AuthType: AUTH_8021X, Status Type: INTERIM_UPDATE
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Evaluating 1 sessions to see if they affect this session.
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x - Evaluating session MAC: 44-79-71-xx-xx-xx, authType: AUTH_8021X, connectionState: ACTIVE_WITH_HIGHEST_PRECEDENCE
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x - this is the same session: 44-79-71-xx-xx-xx, authType: AUTH_8021X, already set to the highest precedence.
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Setting all auth types: AUTH_8021X for MAC: 44-79-71-xx-xx-xx, auth type: AUTH_8021X

My question is if in XMC how does the End-systems show the distinction between the two i.e. what's a real request or not? I get you you shouldn’t really get accounting information without the original authentication request, so might be a corner case?

I see one difference in that just the accounting information has the ‘End-System Session Detected’, where as valid authentication requests show an actual rule, would that just be it?

topic End-System reason 'End-System Session Detected'? in ExtremeControl

End-System reason 'End-System Session Detected'?