Only 802.1X
This scenario shows how to configure the only-802.1x
authentication mode.
Test Successful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses the correct username and password.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18bpp0xTM0SdnmJcMKleK94x2SS/rZ9qCHvCs0/TdHCKXGtmnGGN8Srnl/mJwJcy0wgoTfP2k6fEg== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.331 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.331/0.331/0.331/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set interfaces ethernet eth1 supplicant encrypted-password U2FsdGVkX19uPtGYXQKIWyaack0MpSXCJXScjkUW24g= set interfaces ethernet eth1 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command interfaces ethernet eth1 supplicant show status on DUT1 and check whether the output contains the following tokens:
AuthorizedShow output
--------------------------------------------------- Field Value --------------------------------------------------- EAP State SUCCESS EAP TLS Cipher ECDHE-RSA-AES256-GCM-SHA384 EAP TLS Version TLSv1.2 PAE State AUTHENTICATED Supplicant Port Status Authorized WPA State COMPLETED
Step 5: Run the command interfaces ethernet eth1 supplicant show stats on DUT1 and check whether the output matches the following regular expressions:
Port Status\s+AuthorizedShow output
------------------------------- Field Value ------------------------------- EAPoL Frames (Rx) 11 EAPoL Frames (Tx) 11 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Authorized Req Frames (Rx) 9 Req ID Frames (Rx) 1 Resp Frames (Tx) 10 Start Frames (Tx) 1
Step 6: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
Authentication Successes\s+1 Authentication Mode\s+802\.1XShow output
--------------------------------------------- Field Value --------------------------------------------- Access Challenges 9 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode 802.1X Authentication Status Authorized (802.1X) Authentication Successes 1 EAPoL frames (Rx) 11 EAPoL frames (Tx) 11 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name testing
Step 7: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.357 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.357/0.357/0.357/0.000 ms
Step 8: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: authenticated - EAP type: 25 (PEAP)Show output
May 19 21:16:32.059014 osdx hostapd[136896]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. May 19 21:16:32.059045 osdx hostapd[136896]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:16:32.059495 osdx hostapd[136896]: connect[radius]: Network is unreachable May 19 21:16:32.059126 osdx hostapd[136896]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 May 19 21:16:32.059133 osdx hostapd[136896]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 19 21:16:32.082821 osdx hostapd[136896]: Discovery mode enabled on eth1 May 19 21:16:32.082899 osdx hostapd[136896]: eth1: interface state UNINITIALIZED->ENABLED May 19 21:16:32.082957 osdx hostapd[136896]: eth1: AP-ENABLED May 19 21:16:35.308375 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added May 19 21:16:35.308401 osdx hostapd[136897]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 19 21:16:35.322962 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication May 19 21:16:35.323026 osdx hostapd[136897]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames May 19 21:16:35.323065 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAPOL-Start from STA May 19 21:16:35.323085 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port May 19 21:16:35.323102 osdx hostapd[136897]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 19 21:16:35.323135 osdx hostapd[136897]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE May 19 21:16:35.323170 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 31) May 19 21:16:35.323660 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=31 len=12) from STA: EAP Response-Identity (1) May 19 21:16:35.323681 osdx hostapd[136897]: IEEE 802.1X: OSDX-EAP: getDecision: -> PASSTHROUGH May 19 21:16:35.323691 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: STA identity 'testing' May 19 21:16:35.323742 osdx hostapd[136897]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:16:35.328282 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.328339 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.328813 osdx hostapd[136897]: eth1: RADIUS Received 80 bytes from RADIUS server May 19 21:16:35.328830 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.328839 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.328895 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=32 len=22) from RADIUS server: EAP-Request-MD5 (4) May 19 21:16:35.328914 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 32) May 19 21:16:35.329250 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=32 len=6) from STA: EAP Response-unknown (3) May 19 21:16:35.329292 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.329303 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.329432 osdx hostapd[136897]: eth1: RADIUS Received 64 bytes from RADIUS server May 19 21:16:35.329436 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.329439 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.329452 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=33 len=6) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:35.329457 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 33) May 19 21:16:35.329719 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=33 len=194) from STA: EAP Response-PEAP (25) May 19 21:16:35.329749 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.329758 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.331422 osdx hostapd[136897]: eth1: RADIUS Received 1068 bytes from RADIUS server May 19 21:16:35.331436 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.331443 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.331485 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=34 len=1004) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:35.331498 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 34) May 19 21:16:35.331870 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=34 len=6) from STA: EAP Response-PEAP (25) May 19 21:16:35.331955 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.331981 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.332262 osdx hostapd[136897]: eth1: RADIUS Received 229 bytes from RADIUS server May 19 21:16:35.332277 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.332288 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.332325 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=35 len=171) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:35.332339 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 35) May 19 21:16:35.335694 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=35 len=103) from STA: EAP Response-PEAP (25) May 19 21:16:35.335788 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.335812 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.336537 osdx hostapd[136897]: eth1: RADIUS Received 115 bytes from RADIUS server May 19 21:16:35.336550 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.336557 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.336591 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=36 len=57) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:35.336605 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 36) May 19 21:16:35.337136 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=36 len=6) from STA: EAP Response-PEAP (25) May 19 21:16:35.337212 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.337233 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.337537 osdx hostapd[136897]: eth1: RADIUS Received 98 bytes from RADIUS server May 19 21:16:35.337550 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.337557 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.337590 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=37 len=40) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:35.337602 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 37) May 19 21:16:35.337932 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=37 len=43) from STA: EAP Response-PEAP (25) May 19 21:16:35.338012 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.338038 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.338349 osdx hostapd[136897]: eth1: RADIUS Received 131 bytes from RADIUS server May 19 21:16:35.338363 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.338371 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.338404 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=38 len=73) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:35.338417 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 38) May 19 21:16:35.338947 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=38 len=97) from STA: EAP Response-PEAP (25) May 19 21:16:35.339030 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.339070 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.339484 osdx hostapd[136897]: eth1: RADIUS Received 140 bytes from RADIUS server May 19 21:16:35.339497 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.339503 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.339533 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=39 len=82) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:35.339545 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 39) May 19 21:16:35.339877 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=39 len=37) from STA: EAP Response-PEAP (25) May 19 21:16:35.339950 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.339969 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.340302 osdx hostapd[136897]: eth1: RADIUS Received 104 bytes from RADIUS server May 19 21:16:35.340316 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.340323 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.340357 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=40 len=46) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:35.340369 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 40) May 19 21:16:35.340698 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=40 len=46) from STA: EAP Response-PEAP (25) May 19 21:16:35.340774 osdx hostapd[136897]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:35.340800 osdx hostapd[136897]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:35.341189 osdx hostapd[136897]: eth1: RADIUS Received 175 bytes from RADIUS server May 19 21:16:35.341201 osdx hostapd[136897]: eth1: RADIUS Received RADIUS message May 19 21:16:35.341209 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:35.341263 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' May 19 21:16:35.341275 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=3 id=40 len=4) from RADIUS server: EAP Success May 19 21:16:35.341310 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 40) May 19 21:16:35.341341 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port May 19 21:16:35.341350 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session 03EB8C5C73FDA552 May 19 21:16:35.341405 osdx hostapd[136897]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Unsuccessful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses an incorrect username.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX19eRMjBFyjlmtF5yelP1s2K0Bv6ML8jmxPTObSaPauP/iGq/dTdQny0m4FYqCcs3BH+CANOHYHTSw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.228 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.228/0.228/0.228/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set interfaces ethernet eth1 supplicant encrypted-password U2FsdGVkX18+jhbjjryKd5kYhh0eMRHF93EPZnzdRJY= set interfaces ethernet eth1 supplicant username wrong set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command interfaces ethernet eth1 supplicant show stats on DUT1 and check whether the output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 0 EAPoL Frames (Tx) 0 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 0 Req ID Frames (Rx) 0 Resp Frames (Tx) 0 Start Frames (Tx) 0
Step 5: Run the command interfaces ethernet eth1 supplicant show stats on DUT1 and check whether the output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 9 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 6: Run the command interfaces ethernet eth1 supplicant show stats on DUT1 and check whether the output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 10 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 7: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
Authentication Failures\s+[1-9]\d?Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 8 Authentication Backend RADIUS Authentication Failures 1 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 10 EAPoL frames (Tx) 10 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name N/A
Step 8: Expect a failure in the following command:
Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
Step 9: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)Show output
May 19 21:16:43.097159 osdx hostapd[137455]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. May 19 21:16:43.097176 osdx hostapd[137455]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:16:43.097622 osdx hostapd[137455]: connect[radius]: Network is unreachable May 19 21:16:43.097236 osdx hostapd[137455]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 May 19 21:16:43.097242 osdx hostapd[137455]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 19 21:16:43.113018 osdx hostapd[137455]: Discovery mode enabled on eth1 May 19 21:16:43.113018 osdx hostapd[137455]: eth1: interface state UNINITIALIZED->ENABLED May 19 21:16:43.113102 osdx hostapd[137455]: eth1: AP-ENABLED May 19 21:16:46.436655 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added May 19 21:16:46.436678 osdx hostapd[137456]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 19 21:16:46.448983 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication May 19 21:16:46.449009 osdx hostapd[137456]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames May 19 21:16:46.449020 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAPOL-Start from STA May 19 21:16:46.449027 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port May 19 21:16:46.449038 osdx hostapd[137456]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 19 21:16:46.449049 osdx hostapd[137456]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE May 19 21:16:46.449058 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 167) May 19 21:16:46.449304 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=167 len=10) from STA: EAP Response-Identity (1) May 19 21:16:46.449313 osdx hostapd[137456]: IEEE 802.1X: OSDX-EAP: getDecision: -> PASSTHROUGH May 19 21:16:46.449317 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: STA identity 'wrong' May 19 21:16:46.449339 osdx hostapd[137456]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:16:46.451383 osdx hostapd[137456]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:46.451413 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:46.451711 osdx hostapd[137456]: eth1: RADIUS Received 80 bytes from RADIUS server May 19 21:16:46.451719 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:46.451724 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:46.451751 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=168 len=22) from RADIUS server: EAP-Request-MD5 (4) May 19 21:16:46.451760 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 168) May 19 21:16:46.451987 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=168 len=6) from STA: EAP Response-unknown (3) May 19 21:16:46.452040 osdx hostapd[137456]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:46.452064 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:46.452222 osdx hostapd[137456]: eth1: RADIUS Received 64 bytes from RADIUS server May 19 21:16:46.452233 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:46.452237 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:46.452256 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=169 len=6) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:46.452264 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 169) May 19 21:16:46.452613 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=169 len=194) from STA: EAP Response-PEAP (25) May 19 21:16:46.452661 osdx hostapd[137456]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:46.452677 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:46.454015 osdx hostapd[137456]: eth1: RADIUS Received 1068 bytes from RADIUS server May 19 21:16:46.454022 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:46.454026 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:46.454049 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=170 len=1004) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:46.454057 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 170) May 19 21:16:46.454250 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=170 len=6) from STA: EAP Response-PEAP (25) May 19 21:16:46.454297 osdx hostapd[137456]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:46.454312 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:46.454465 osdx hostapd[137456]: eth1: RADIUS Received 229 bytes from RADIUS server May 19 21:16:46.454472 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:46.454476 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:46.454496 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=171 len=171) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:46.454504 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 171) May 19 21:16:46.456425 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=171 len=103) from STA: EAP Response-PEAP (25) May 19 21:16:46.456476 osdx hostapd[137456]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:46.456491 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:46.456804 osdx hostapd[137456]: eth1: RADIUS Received 115 bytes from RADIUS server May 19 21:16:46.456811 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:46.456815 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:46.456831 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=172 len=57) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:46.456838 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 172) May 19 21:16:46.457065 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=172 len=6) from STA: EAP Response-PEAP (25) May 19 21:16:46.457104 osdx hostapd[137456]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:46.457115 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:46.457266 osdx hostapd[137456]: eth1: RADIUS Received 98 bytes from RADIUS server May 19 21:16:46.457273 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:46.457276 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:46.457292 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=173 len=40) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:46.457298 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 173) May 19 21:16:46.457516 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=173 len=41) from STA: EAP Response-PEAP (25) May 19 21:16:46.457554 osdx hostapd[137456]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:46.457566 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:46.457720 osdx hostapd[137456]: eth1: RADIUS Received 131 bytes from RADIUS server May 19 21:16:46.457726 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:46.457730 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:46.457747 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=174 len=73) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:46.457753 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 174) May 19 21:16:46.457985 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=174 len=95) from STA: EAP Response-PEAP (25) May 19 21:16:46.458026 osdx hostapd[137456]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:46.458037 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:46.458217 osdx hostapd[137456]: eth1: RADIUS Received 104 bytes from RADIUS server May 19 21:16:46.458222 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:46.458232 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:46.458247 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=175 len=46) from RADIUS server: EAP-Request-PEAP (25) May 19 21:16:46.458253 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 175) May 19 21:16:46.458430 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=175 len=46) from STA: EAP Response-PEAP (25) May 19 21:16:46.458469 osdx hostapd[137456]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:16:46.458481 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:16:47.458569 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Resending RADIUS message (id=8) May 19 21:16:47.458607 osdx hostapd[137456]: eth1: RADIUS Next RADIUS client retransmit in 2 seconds May 19 21:16:47.458762 osdx hostapd[137456]: eth1: RADIUS Received 44 bytes from RADIUS server May 19 21:16:47.458765 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:47.458768 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:16:47.458813 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=4 id=175 len=4) from RADIUS server: EAP Failure May 19 21:16:47.458837 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 175) May 19 21:16:47.458848 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port May 19 21:16:47.458852 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authentication failed - EAP type: 25 (PEAP) May 19 21:16:47.458855 osdx hostapd[137456]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Authentication failed, enforcing quiet period (60 seconds) May 19 21:16:47.458859 osdx hostapd[137456]: eth1: RADIUS Received 44 bytes from RADIUS server May 19 21:16:47.458862 osdx hostapd[137456]: eth1: RADIUS Received RADIUS message May 19 21:16:47.458866 osdx hostapd[137456]: eth1: RADIUS No matching RADIUS request found (type=0 id=8) - dropping packet
Test Unsupported 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 does not support 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18CGZkFMPIquB2yuJVBN15Rg3AitAXyFW01Azrgl3ekZLWFoC+WpI2SflObGWJ9dG9d6VyCieAEpg== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.235 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.235/0.235/0.235/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 2 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name N/A
Step 5: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name N/A
Step 6: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name N/A
Step 7: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: EAP authentication timeoutShow output
May 19 21:16:57.043623 osdx hostapd[138015]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. May 19 21:16:57.043662 osdx hostapd[138015]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:16:57.044083 osdx hostapd[138015]: connect[radius]: Network is unreachable May 19 21:16:57.043739 osdx hostapd[138015]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 May 19 21:16:57.043747 osdx hostapd[138015]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 19 21:16:57.071161 osdx hostapd[138015]: Discovery mode enabled on eth1 May 19 21:16:57.071227 osdx hostapd[138015]: eth1: interface state UNINITIALIZED->ENABLED May 19 21:16:57.071227 osdx hostapd[138015]: eth1: AP-ENABLED May 19 21:17:02.071574 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 DRIVER: Device discovered, triggering MAB authentication May 19 21:17:02.071655 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added May 19 21:17:02.071683 osdx hostapd[138016]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 19 21:17:02.087201 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication May 19 21:17:02.087239 osdx hostapd[138016]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames May 19 21:17:02.087260 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port May 19 21:17:02.087270 osdx hostapd[138016]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 19 21:17:02.087288 osdx hostapd[138016]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE May 19 21:17:02.087306 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 159) May 19 21:17:05.089565 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 159) May 19 21:17:09.885349 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:17:11.093498 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 159) May 19 21:17:18.172232 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:17:23.103575 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: aborting authentication May 19 21:17:23.103604 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: EAP authentication timeout - enforcing 60 second quiet period before retrying May 19 21:17:23.103645 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 MLME: MLME-DEAUTHENTICATE.indication(de:ad:be:ef:6c:11, 2) May 19 21:17:23.103652 osdx hostapd[138016]: eth1: STA de:ad:be:ef:6c:11 MLME: MLME-DELETEKEYS.request(de:ad:be:ef:6c:11)