Reauth Period
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Test Reauth Period In 802.1X Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX19WYjoWU+iTKkqkcokKPf344tFTZaVxKmZeVzoX8McymxsCk6pBM99UwS2qGovQxXI4cjGcPtAiTw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.237 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.237/0.237/0.237/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set interfaces ethernet eth1 supplicant encrypted-password U2FsdGVkX1+iYooioPerLXWaGWp9i3MmJJC49vScktE= set interfaces ethernet eth1 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: authenticatedShow output
May 19 21:30:56.060457 osdx hostapd[157487]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. May 19 21:30:56.060472 osdx hostapd[157487]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:30:56.060742 osdx hostapd[157487]: connect[radius]: Network is unreachable May 19 21:30:56.060521 osdx hostapd[157487]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 May 19 21:30:56.060526 osdx hostapd[157487]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 19 21:30:56.092241 osdx hostapd[157487]: Discovery mode enabled on eth1 May 19 21:30:56.092247 osdx hostapd[157487]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames May 19 21:30:56.092306 osdx hostapd[157487]: eth1: interface state UNINITIALIZED->ENABLED May 19 21:30:56.092306 osdx hostapd[157487]: eth1: AP-ENABLED May 19 21:30:57.598366 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:30:59.307748 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added May 19 21:30:59.307767 osdx hostapd[157488]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 19 21:30:59.320283 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication May 19 21:30:59.320330 osdx hostapd[157488]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames May 19 21:30:59.320349 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAPOL-Start from STA May 19 21:30:59.320365 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port May 19 21:30:59.320376 osdx hostapd[157488]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 19 21:30:59.320396 osdx hostapd[157488]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE May 19 21:30:59.320410 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 4) May 19 21:30:59.320729 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=4 len=12) from STA: EAP Response-Identity (1) May 19 21:30:59.320746 osdx hostapd[157488]: IEEE 802.1X: OSDX-EAP: getDecision: -> PASSTHROUGH May 19 21:30:59.320752 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: STA identity 'testing' May 19 21:30:59.320790 osdx hostapd[157488]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:30:59.323672 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.323713 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.324061 osdx hostapd[157488]: eth1: RADIUS Received 80 bytes from RADIUS server May 19 21:30:59.324071 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.324078 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.324117 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=5 len=22) from RADIUS server: EAP-Request-MD5 (4) May 19 21:30:59.324129 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 5) May 19 21:30:59.324492 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=5 len=6) from STA: EAP Response-unknown (3) May 19 21:30:59.324583 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.324606 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.324907 osdx hostapd[157488]: eth1: RADIUS Received 64 bytes from RADIUS server May 19 21:30:59.324916 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.324922 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.324946 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=6 len=6) from RADIUS server: EAP-Request-PEAP (25) May 19 21:30:59.324956 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 6) May 19 21:30:59.325447 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=6 len=194) from STA: EAP Response-PEAP (25) May 19 21:30:59.325526 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.325548 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.327641 osdx hostapd[157488]: eth1: RADIUS Received 1068 bytes from RADIUS server May 19 21:30:59.327653 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.327659 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.327696 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=7 len=1004) from RADIUS server: EAP-Request-PEAP (25) May 19 21:30:59.327709 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 7) May 19 21:30:59.328044 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=7 len=6) from STA: EAP Response-PEAP (25) May 19 21:30:59.328120 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.328141 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.328357 osdx hostapd[157488]: eth1: RADIUS Received 229 bytes from RADIUS server May 19 21:30:59.328369 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.328375 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.328406 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=8 len=171) from RADIUS server: EAP-Request-PEAP (25) May 19 21:30:59.328418 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 8) May 19 21:30:59.331781 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=8 len=103) from STA: EAP Response-PEAP (25) May 19 21:30:59.331878 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.331907 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.332589 osdx hostapd[157488]: eth1: RADIUS Received 115 bytes from RADIUS server May 19 21:30:59.332601 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.332608 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.332640 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=9 len=57) from RADIUS server: EAP-Request-PEAP (25) May 19 21:30:59.332652 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 9) May 19 21:30:59.333065 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=9 len=6) from STA: EAP Response-PEAP (25) May 19 21:30:59.333136 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.333157 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.333483 osdx hostapd[157488]: eth1: RADIUS Received 98 bytes from RADIUS server May 19 21:30:59.333496 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.333503 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.333550 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=10 len=40) from RADIUS server: EAP-Request-PEAP (25) May 19 21:30:59.333563 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 10) May 19 21:30:59.333861 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=10 len=43) from STA: EAP Response-PEAP (25) May 19 21:30:59.333935 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.333956 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.334270 osdx hostapd[157488]: eth1: RADIUS Received 131 bytes from RADIUS server May 19 21:30:59.334283 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.334290 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.334319 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=11 len=73) from RADIUS server: EAP-Request-PEAP (25) May 19 21:30:59.334331 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 11) May 19 21:30:59.334753 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=11 len=97) from STA: EAP Response-PEAP (25) May 19 21:30:59.334824 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.334842 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.335200 osdx hostapd[157488]: eth1: RADIUS Received 140 bytes from RADIUS server May 19 21:30:59.335212 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.335219 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.335248 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=12 len=82) from RADIUS server: EAP-Request-PEAP (25) May 19 21:30:59.335260 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 12) May 19 21:30:59.335590 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=12 len=37) from STA: EAP Response-PEAP (25) May 19 21:30:59.335672 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.335696 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.335935 osdx hostapd[157488]: eth1: RADIUS Received 104 bytes from RADIUS server May 19 21:30:59.335947 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.335954 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.335983 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=13 len=46) from RADIUS server: EAP-Request-PEAP (25) May 19 21:30:59.335995 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 13) May 19 21:30:59.336296 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=13 len=46) from STA: EAP Response-PEAP (25) May 19 21:30:59.336369 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:30:59.336389 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:30:59.336684 osdx hostapd[157488]: eth1: RADIUS Received 175 bytes from RADIUS server May 19 21:30:59.336696 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:30:59.336703 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:30:59.336749 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' May 19 21:30:59.336758 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=3 id=13 len=4) from RADIUS server: EAP Success May 19 21:30:59.336791 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 13) May 19 21:30:59.336821 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port May 19 21:30:59.336829 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session E181E7B6A06E7AA8 May 19 21:30:59.336837 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Step 5: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
May 19 21:30:59.892634 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:01.991433 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:04.058265 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:06.122996 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:08.201641 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:10.274549 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:12.337568 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:14.406167 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:16.471418 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:18.540974 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:19.337556 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication May 19 21:31:19.337566 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Starting re-authentication (port will be unauthorized until authentication succeeds) May 19 21:31:19.337572 osdx hostapd[157488]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 19 21:31:19.337606 osdx hostapd[157488]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE May 19 21:31:19.337619 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 212) May 19 21:31:19.338036 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=212 len=12) from STA: EAP Response-Identity (1) May 19 21:31:19.338051 osdx hostapd[157488]: IEEE 802.1X: OSDX-EAP: getDecision: -> PASSTHROUGH May 19 21:31:19.338057 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: STA identity 'testing' May 19 21:31:19.338140 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.338176 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.338460 osdx hostapd[157488]: eth1: RADIUS Received 80 bytes from RADIUS server May 19 21:31:19.338467 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.338471 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.338493 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=213 len=22) from RADIUS server: EAP-Request-MD5 (4) May 19 21:31:19.338500 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 213) May 19 21:31:19.338720 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=213 len=6) from STA: EAP Response-unknown (3) May 19 21:31:19.338769 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.338786 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.338964 osdx hostapd[157488]: eth1: RADIUS Received 64 bytes from RADIUS server May 19 21:31:19.338970 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.338974 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.338991 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=214 len=6) from RADIUS server: EAP-Request-PEAP (25) May 19 21:31:19.338999 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 214) May 19 21:31:19.339263 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=214 len=194) from STA: EAP Response-PEAP (25) May 19 21:31:19.339305 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.339318 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.341373 osdx hostapd[157488]: eth1: RADIUS Received 1068 bytes from RADIUS server May 19 21:31:19.341385 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.341392 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.341419 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=215 len=1004) from RADIUS server: EAP-Request-PEAP (25) May 19 21:31:19.341427 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 215) May 19 21:31:19.341564 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=215 len=6) from STA: EAP Response-PEAP (25) May 19 21:31:19.341605 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.341616 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.341713 osdx hostapd[157488]: eth1: RADIUS Received 229 bytes from RADIUS server May 19 21:31:19.341719 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.341721 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.341736 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=216 len=171) from RADIUS server: EAP-Request-PEAP (25) May 19 21:31:19.341743 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 216) May 19 21:31:19.342831 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=216 len=103) from STA: EAP Response-PEAP (25) May 19 21:31:19.342863 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.342874 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.343103 osdx hostapd[157488]: eth1: RADIUS Received 115 bytes from RADIUS server May 19 21:31:19.343108 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.343110 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.343124 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=217 len=57) from RADIUS server: EAP-Request-PEAP (25) May 19 21:31:19.343130 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 217) May 19 21:31:19.343285 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=217 len=6) from STA: EAP Response-PEAP (25) May 19 21:31:19.343315 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.343325 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.343450 osdx hostapd[157488]: eth1: RADIUS Received 98 bytes from RADIUS server May 19 21:31:19.343454 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.343457 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.343470 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=218 len=40) from RADIUS server: EAP-Request-PEAP (25) May 19 21:31:19.343476 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 218) May 19 21:31:19.343588 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=218 len=43) from STA: EAP Response-PEAP (25) May 19 21:31:19.343618 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.343627 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.343734 osdx hostapd[157488]: eth1: RADIUS Received 131 bytes from RADIUS server May 19 21:31:19.343739 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.343743 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.343755 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=219 len=73) from RADIUS server: EAP-Request-PEAP (25) May 19 21:31:19.343760 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 219) May 19 21:31:19.343915 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=219 len=97) from STA: EAP Response-PEAP (25) May 19 21:31:19.343944 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.343953 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.344069 osdx hostapd[157488]: eth1: RADIUS Received 140 bytes from RADIUS server May 19 21:31:19.344073 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.344076 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.344089 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=220 len=82) from RADIUS server: EAP-Request-PEAP (25) May 19 21:31:19.344094 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 220) May 19 21:31:19.344202 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=220 len=37) from STA: EAP Response-PEAP (25) May 19 21:31:19.344239 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.344248 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.344320 osdx hostapd[157488]: eth1: RADIUS Received 104 bytes from RADIUS server May 19 21:31:19.344325 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.344328 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.344339 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=221 len=46) from RADIUS server: EAP-Request-PEAP (25) May 19 21:31:19.344345 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 221) May 19 21:31:19.344451 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=221 len=46) from STA: EAP Response-PEAP (25) May 19 21:31:19.344542 osdx hostapd[157488]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:19.344566 osdx hostapd[157488]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:19.344887 osdx hostapd[157488]: eth1: RADIUS Received 175 bytes from RADIUS server May 19 21:31:19.344898 osdx hostapd[157488]: eth1: RADIUS Received RADIUS message May 19 21:31:19.344905 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:19.344959 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' May 19 21:31:19.344970 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=3 id=221 len=4) from RADIUS server: EAP Success May 19 21:31:19.345007 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 221) May 19 21:31:19.345030 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port May 19 21:31:19.345039 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session E181E7B6A06E7AA8 May 19 21:31:19.345049 osdx hostapd[157488]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Reauth Period In MAB Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-MAB set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX19X6tDeVspipoRTbVPDe2tBGFs3SAAB5T4VvlmJfVkRJP8CqQ1llhzoXcjbKmKU5Pev7lS5wx+yPw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.311 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.311/0.311/0.311/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
MAB: station successfully authenticatedShow output
May 19 21:31:27.004313 osdx hostapd[158127]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. May 19 21:31:27.004335 osdx hostapd[158127]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:31:27.004567 osdx hostapd[158127]: connect[radius]: Network is unreachable May 19 21:31:27.004376 osdx hostapd[158127]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-only, eap_server=0, eap_quiet_period=60, eap_max_retrans=5 May 19 21:31:27.004379 osdx hostapd[158127]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 19 21:31:27.020190 osdx hostapd[158127]: Discovery mode enabled on eth1 May 19 21:31:27.020247 osdx hostapd[158127]: eth1: interface state UNINITIALIZED->ENABLED May 19 21:31:27.020270 osdx hostapd[158127]: eth1: AP-ENABLED May 19 21:31:30.364826 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:32.022549 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 DRIVER: Device discovered, triggering MAB authentication May 19 21:31:32.022588 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added May 19 21:31:32.022596 osdx hostapd[158128]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 19 21:31:32.036229 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB-only mode: Starting MAB authentication May 19 21:31:32.036260 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query May 19 21:31:32.036280 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 May 19 21:31:32.038323 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 May 19 21:31:32.038334 osdx hostapd[158128]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:31:32.038407 osdx hostapd[158128]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:32.038435 osdx hostapd[158128]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:32.038706 osdx hostapd[158128]: eth1: RADIUS Received 20 bytes from RADIUS server May 19 21:31:32.038711 osdx hostapd[158128]: eth1: RADIUS Received RADIUS message May 19 21:31:32.038715 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:32.038719 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response May 19 21:31:32.038729 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:11' May 19 21:31:32.038741 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated May 19 21:31:32.038744 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 19 21:31:32.038747 osdx hostapd[158128]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 19 21:31:32.038755 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port May 19 21:31:32.038758 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session 3A090D0C0E4A7CDC
Step 5: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
May 19 21:31:34.779922 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:37.923945 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:41.092935 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:44.238811 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:47.380042 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:50.519452 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:31:52.053519 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication May 19 21:31:52.053536 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query May 19 21:31:52.053580 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 May 19 21:31:52.053607 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 May 19 21:31:52.053625 osdx hostapd[158128]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:31:52.053661 osdx hostapd[158128]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:31:52.053948 osdx hostapd[158128]: eth1: RADIUS Received 20 bytes from RADIUS server May 19 21:31:52.053953 osdx hostapd[158128]: eth1: RADIUS Received RADIUS message May 19 21:31:52.053956 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:31:52.053959 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response May 19 21:31:52.053973 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated May 19 21:31:52.053976 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 19 21:31:52.053978 osdx hostapd[158128]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 19 21:31:52.053981 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port May 19 21:31:52.053984 osdx hostapd[158128]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session 3A090D0C0E4A7CDC
Test Reauth Period In MAB-Fallback Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode 802.1x-MAB set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1/aNErwECqh5M7fU+1qbsKKm66PNt3ufzyL0x4UhCrNV98rs+hr1odlkhpOUPj41n8/QGiW86I33g== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.238 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
MAB: station successfully authenticatedShow output
May 19 21:32:00.067039 osdx hostapd[158743]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. May 19 21:32:00.067049 osdx hostapd[158743]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:32:00.067261 osdx hostapd[158743]: connect[radius]: Network is unreachable May 19 21:32:00.067077 osdx hostapd[158743]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X+MAB-fallback, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 May 19 21:32:00.067080 osdx hostapd[158743]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 19 21:32:00.082930 osdx hostapd[158743]: Discovery mode enabled on eth1 May 19 21:32:00.082929 osdx hostapd[158743]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames May 19 21:32:00.083004 osdx hostapd[158743]: eth1: interface state UNINITIALIZED->ENABLED May 19 21:32:00.083004 osdx hostapd[158743]: eth1: AP-ENABLED May 19 21:32:03.375470 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:05.085350 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 DRIVER: Device discovered, triggering MAB authentication May 19 21:32:05.085428 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added May 19 21:32:05.085446 osdx hostapd[158744]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 19 21:32:05.099031 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication May 19 21:32:05.099088 osdx hostapd[158744]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames May 19 21:32:05.099097 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB fallback mode: Scheduling MAB trigger in 30 seconds if no 802.1X response May 19 21:32:05.099104 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response May 19 21:32:05.099142 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port May 19 21:32:05.099173 osdx hostapd[158744]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 19 21:32:05.099212 osdx hostapd[158744]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE May 19 21:32:05.099233 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 3) May 19 21:32:07.540108 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:08.101280 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 3) May 19 21:32:11.700358 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:14.106246 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 3) May 19 21:32:15.870862 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:20.036575 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:24.204418 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:26.117262 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: aborting authentication May 19 21:32:26.117269 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: EAP max retrans reached, triggering MAB fallback immediately May 19 21:32:26.117273 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query May 19 21:32:26.117309 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 May 19 21:32:26.118975 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 May 19 21:32:26.118985 osdx hostapd[158744]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:32:26.119045 osdx hostapd[158744]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:32:26.119072 osdx hostapd[158744]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:32:26.119087 osdx hostapd[158744]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 19 21:32:26.119095 osdx hostapd[158744]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE May 19 21:32:26.119107 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 203) May 19 21:32:26.119320 osdx hostapd[158744]: eth1: RADIUS Received 20 bytes from RADIUS server May 19 21:32:26.119325 osdx hostapd[158744]: eth1: RADIUS Received RADIUS message May 19 21:32:26.119328 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:32:26.119332 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response May 19 21:32:26.119342 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:11' May 19 21:32:26.119352 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated May 19 21:32:26.119354 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 19 21:32:26.119357 osdx hostapd[158744]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 19 21:32:26.119364 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port May 19 21:32:26.119367 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session F2BB4E45E9E23D45
Step 5: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
May 19 21:32:28.645779 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:31.810273 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:34.954828 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:38.129930 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:41.274663 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:44.417057 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:32:46.136264 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication May 19 21:32:46.136290 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB fallback: Scheduling MAB trigger in 30 seconds if no 802.1X response May 19 21:32:46.136298 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response May 19 21:32:46.136349 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port May 19 21:32:46.136356 osdx hostapd[158744]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 19 21:32:46.136371 osdx hostapd[158744]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE May 19 21:32:46.136385 osdx hostapd[158744]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 38)
Test Reauth Period In MAB-First Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB/802.1X authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode MAB-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX19lj0EkfPws584Fc6yZ4QJSTLHcy2KczcqQz8d+AAdjF5M2B7dzWX0PKDKF7meX4UqxgZTd7f+0dQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.327 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.327/0.327/0.327/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
MAB: station successfully authenticatedShow output
May 19 21:32:55.032510 osdx hostapd[159386]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. May 19 21:32:55.032521 osdx hostapd[159386]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:32:55.032698 osdx hostapd[159386]: connect[radius]: Network is unreachable May 19 21:32:55.032554 osdx hostapd[159386]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-first, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 May 19 21:32:55.032559 osdx hostapd[159386]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 19 21:32:55.052417 osdx hostapd[159386]: Discovery mode enabled on eth1 May 19 21:32:55.052416 osdx hostapd[159386]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames May 19 21:32:55.052492 osdx hostapd[159386]: eth1: interface state UNINITIALIZED->ENABLED May 19 21:32:55.052492 osdx hostapd[159386]: eth1: AP-ENABLED May 19 21:32:58.379852 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:33:00.055835 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 DRIVER: Device discovered, triggering MAB authentication May 19 21:33:00.055931 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added May 19 21:33:00.055950 osdx hostapd[159387]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 19 21:33:00.068533 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB-first mode: Starting MAB authentication May 19 21:33:00.068607 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query May 19 21:33:00.068656 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 May 19 21:33:00.073079 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 May 19 21:33:00.073108 osdx hostapd[159387]: eth1: RADIUS Authentication server 10.215.168.1:1812 May 19 21:33:00.073326 osdx hostapd[159387]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:33:00.073395 osdx hostapd[159387]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:33:00.073512 osdx hostapd[159387]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame May 19 21:33:00.073630 osdx hostapd[159387]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds May 19 21:33:00.073942 osdx hostapd[159387]: eth1: RADIUS Received 20 bytes from RADIUS server May 19 21:33:00.073956 osdx hostapd[159387]: eth1: RADIUS Received RADIUS message May 19 21:33:00.073966 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:33:00.073977 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response May 19 21:33:00.074010 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:11' May 19 21:33:00.074044 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated May 19 21:33:00.074054 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 19 21:33:00.074062 osdx hostapd[159387]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 19 21:33:00.074099 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port May 19 21:33:00.074108 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session E60D8502B26F4828
Step 5: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
May 19 21:33:02.800297 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:33:05.946239 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:33:09.087069 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:33:12.509902 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:33:15.660824 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:33:18.820698 osdx OSDxCLI[103550]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 19 21:33:20.073796 osdx hostapd[159387]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame May 19 21:33:20.073819 osdx hostapd[159387]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds May 19 21:33:20.084766 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication May 19 21:33:20.084776 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query May 19 21:33:20.084796 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 May 19 21:33:20.084830 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 May 19 21:33:20.084853 osdx hostapd[159387]: eth1: RADIUS Sending RADIUS message to authentication server May 19 21:33:20.084882 osdx hostapd[159387]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds May 19 21:33:20.085099 osdx hostapd[159387]: eth1: RADIUS Received 20 bytes from RADIUS server May 19 21:33:20.085103 osdx hostapd[159387]: eth1: RADIUS Received RADIUS message May 19 21:33:20.085106 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 19 21:33:20.085109 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response May 19 21:33:20.085124 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated May 19 21:33:20.085127 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 19 21:33:20.085129 osdx hostapd[159387]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 19 21:33:20.085132 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port May 19 21:33:20.085135 osdx hostapd[159387]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session E60D8502B26F4828