cancel
Showing results for 
Search instead for 
Did you mean: 

End-System reason 'End-System Session Detected'?

End-System reason 'End-System Session Detected'?

Anonymous
Not applicable

Hi,

Have recently migrated a mobile providers APN device over to Extremecontrol. 

In the example below the third line down is a legitimate authentication requested from a mobile device, and these use PAP to authenticate.

 

13c1ac6a01d94e32b4d9e775bd40b043_e3f6bd8a-4f0b-499b-bdb6-8ed55889e67e.png

 

The question is in relation to the lines shown in red.

When debugging requests shown below (IP’s and MAC’s have been masked), and further validated through a pcap, these are just accounting (port 1813) messages and not real authentication (port 1812) requests. 

2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Accounting Session-Timeout disabled, Switch: 10.x.x.x RADIUS accounting is: enabled
2021-03-31 20:53:51,945 INFO [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Processing Accounting Request for MAC: 44-79-71-xx-xx-xx, userName: GPRSWINP8, AuthType: AUTH_8021X, Status Type: INTERIM_UPDATE
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Evaluating 1 sessions to see if they affect this session.
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x - Evaluating session MAC: 44-79-71-xx-xx-xx, authType: AUTH_8021X, connectionState: ACTIVE_WITH_HIGHEST_PRECEDENCE
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x - this is the same session: 44-79-71-xx-xx-xx, authType: AUTH_8021X, already set to the highest precedence.
2021-03-31 20:53:51,945 DEBUG [com.enterasys.tesNb.server.rmi.RadiusAccountingManager] (AcctReq57773:127.0.0.1:) ESDMAC:37-34-10,ESDIP:10.x.x.x Setting all auth types: AUTH_8021X for MAC: 44-79-71-xx-xx-xx, auth type: AUTH_8021X

My question is if in XMC how does the End-systems show the distinction between the two i.e. what's a real request or not? I get you you shouldn’t really get accounting information without the original authentication request, so might be a corner case?

I see one difference in that just the accounting information has the ‘End-System Session Detected’, where as valid authentication requests show an actual rule, would that just be it?

 

0 REPLIES 0
GTM-P2G8KFN