This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

End-System reason 'End-System Session Detected'?

End-System reason 'End-System Session Detected'?

Anonymous
Not applicable

‎04-06-2021 07:04 PM

Hi,

Have recently migrated a mobile providers APN device over to Extremecontrol. 

In the example below the third line down is a legitimate authentication requested from a mobile device, and these use PAP to authenticate.

 

13c1ac6a01d94e32b4d9e775bd40b043_e3f6bd8a-4f0b-499b-bdb6-8ed55889e67e.png

 

The question is in relation to the lines shown in red.

When debugging requests shown below (IP’s and MAC’s have been masked), and further validated through a pcap, these are just accounting (port 1813) messages and not real authentication (port 1812) requests. 

2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Accounting Session-Timeout disabled, Switch: 10.x.x.x RADIUS accounting is: enabled
2021-03-31 20:53:51,945 INFO [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Processing Accounting Request for MAC: 44-79-71-xx-xx-xx, userName: GPRSWINP8, AuthType: AUTH_8021X, Status Type: INTERIM_UPDATE
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Evaluating 1 sessions to see if they affect this session.
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x - Evaluating session MAC: 44-79-71-xx-xx-xx, authType: AUTH_8021X, connectionState: ACTIVE_WITH_HIGHEST_PRECEDENCE
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x - this is the same session: 44-79-71-xx-xx-xx, authType: AUTH_8021X, already set to the highest precedence.
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Setting all auth types: AUTH_8021X for MAC: 44-79-71-xx-xx-xx, auth type: AUTH_8021X

My question is if in XMC how does the End-systems show the distinction between the two i.e. what's a real request or not? I get you you shouldn’t really get accounting information without the original authentication request, so might be a corner case?

I see one difference in that just the accounting information has the ‘End-System Session Detected’, where as valid authentication requests show an actual rule, would that just be it?

 

0 Kudos
0 REPLIES 0
GTM-P2G8KFN