Only 802.1X
This scenario shows how to configure the only-802.1x
authentication mode.
Test Successful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses the correct username and password.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18FsBGSQ7+hS0VpndBFKLVQdDtnobEQ/hZlQL5KyxKmmpw60qhTObMxTgYqmBg0fX4FN0ImN7olZw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.790 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.790/0.790/0.790/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set interfaces ethernet eth1 supplicant encrypted-password U2FsdGVkX1+9A5GonfKfPyc/FQRPJeHe0vigS+NxX30= set interfaces ethernet eth1 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command interfaces ethernet eth1 supplicant show status on DUT1 and check whether the output contains the following tokens:
AuthorizedShow output
--------------------------------------------------- Field Value --------------------------------------------------- EAP State SUCCESS EAP TLS Cipher ECDHE-RSA-AES256-GCM-SHA384 EAP TLS Version TLSv1.2 PAE State AUTHENTICATED Supplicant Port Status Authorized WPA State COMPLETED
Step 5: Run the command interfaces ethernet eth1 supplicant show stats on DUT1 and check whether the output matches the following regular expressions:
Port Status\s+AuthorizedShow output
------------------------------- Field Value ------------------------------- EAPoL Frames (Rx) 11 EAPoL Frames (Tx) 11 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Authorized Req Frames (Rx) 9 Req ID Frames (Rx) 1 Resp Frames (Tx) 10 Start Frames (Tx) 1
Step 6: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
Authentication Successes\s+1 Authentication Mode\s+802\.1XShow output
--------------------------------------------- Field Value --------------------------------------------- Access Challenges 9 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode 802.1X Authentication Status Authorized (802.1X) Authentication Successes 1 EAPoL frames (Rx) 11 EAPoL frames (Tx) 11 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name testing
Step 7: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.742 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.742/0.742/0.742/0.000 ms
Step 8: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: authenticated - EAP type: 25 (PEAP)Show output
Jun 03 08:51:45.916832 osdx hostapd[49709]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. Jun 03 08:51:45.916846 osdx hostapd[49709]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 08:51:45.917187 osdx hostapd[49709]: connect[radius]: Network is unreachable Jun 03 08:51:45.916884 osdx hostapd[49709]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Jun 03 08:51:45.916887 osdx hostapd[49709]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jun 03 08:51:45.929121 osdx hostapd[49709]: Discovery mode enabled on eth1 Jun 03 08:51:45.929121 osdx hostapd[49709]: eth1: interface state UNINITIALIZED->ENABLED Jun 03 08:51:45.929121 osdx hostapd[49709]: eth1: AP-ENABLED Jun 03 08:51:49.503360 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added Jun 03 08:51:49.503375 osdx hostapd[49710]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jun 03 08:51:49.528655 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication Jun 03 08:51:49.528689 osdx hostapd[49710]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Jun 03 08:51:49.528709 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAPOL-Start from STA Jun 03 08:51:49.528719 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port Jun 03 08:51:49.528737 osdx hostapd[49710]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jun 03 08:51:49.528750 osdx hostapd[49710]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE Jun 03 08:51:49.528765 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 140) Jun 03 08:51:49.529195 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=140 len=12) from STA: EAP Response-Identity (1) Jun 03 08:51:49.529209 osdx hostapd[49710]: IEEE 802.1X: OSDX-EAP: getDecision: -> PASSTHROUGH Jun 03 08:51:49.529214 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: STA identity 'testing' Jun 03 08:51:49.529251 osdx hostapd[49710]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 08:51:49.531702 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.536804 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.536839 osdx hostapd[49710]: eth1: RADIUS Received 80 bytes from RADIUS server Jun 03 08:51:49.536842 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.536847 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.536880 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=141 len=22) from RADIUS server: EAP-Request-MD5 (4) Jun 03 08:51:49.536889 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 141) Jun 03 08:51:49.537233 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=141 len=6) from STA: EAP Response-unknown (3) Jun 03 08:51:49.537304 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.537321 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.537623 osdx hostapd[49710]: eth1: RADIUS Received 64 bytes from RADIUS server Jun 03 08:51:49.537632 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.537636 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.537655 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=142 len=6) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:51:49.537662 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 142) Jun 03 08:51:49.538100 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=142 len=194) from STA: EAP Response-PEAP (25) Jun 03 08:51:49.538178 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.538193 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.539535 osdx hostapd[49710]: eth1: RADIUS Received 1068 bytes from RADIUS server Jun 03 08:51:49.539545 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.539550 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.539576 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=143 len=1004) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:51:49.539587 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 143) Jun 03 08:51:49.539828 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=143 len=6) from STA: EAP Response-PEAP (25) Jun 03 08:51:49.539880 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.539895 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.540075 osdx hostapd[49710]: eth1: RADIUS Received 229 bytes from RADIUS server Jun 03 08:51:49.540081 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.540085 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.540108 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=144 len=171) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:51:49.540116 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 144) Jun 03 08:51:49.542105 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=144 len=103) from STA: EAP Response-PEAP (25) Jun 03 08:51:49.542173 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.542188 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.542670 osdx hostapd[49710]: eth1: RADIUS Received 115 bytes from RADIUS server Jun 03 08:51:49.542678 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.542683 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.542704 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=145 len=57) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:51:49.542712 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 145) Jun 03 08:51:49.543054 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=145 len=6) from STA: EAP Response-PEAP (25) Jun 03 08:51:49.543099 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.543113 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.543304 osdx hostapd[49710]: eth1: RADIUS Received 98 bytes from RADIUS server Jun 03 08:51:49.543311 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.543315 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.543334 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=146 len=40) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:51:49.543341 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 146) Jun 03 08:51:49.543550 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=146 len=43) from STA: EAP Response-PEAP (25) Jun 03 08:51:49.543593 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.543609 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.544001 osdx hostapd[49710]: eth1: RADIUS Received 131 bytes from RADIUS server Jun 03 08:51:49.544010 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.544014 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.544044 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=147 len=73) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:51:49.544052 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 147) Jun 03 08:51:49.544387 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=147 len=97) from STA: EAP Response-PEAP (25) Jun 03 08:51:49.544428 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.544489 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.544746 osdx hostapd[49710]: eth1: RADIUS Received 140 bytes from RADIUS server Jun 03 08:51:49.544755 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.544759 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.544785 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=148 len=82) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:51:49.544793 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 148) Jun 03 08:51:49.545030 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=148 len=37) from STA: EAP Response-PEAP (25) Jun 03 08:51:49.545077 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.545133 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.545277 osdx hostapd[49710]: eth1: RADIUS Received 104 bytes from RADIUS server Jun 03 08:51:49.545283 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.545287 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.545306 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=149 len=46) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:51:49.545312 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 149) Jun 03 08:51:49.545590 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=149 len=46) from STA: EAP Response-PEAP (25) Jun 03 08:51:49.545633 osdx hostapd[49710]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:51:49.545650 osdx hostapd[49710]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:51:49.545932 osdx hostapd[49710]: eth1: RADIUS Received 175 bytes from RADIUS server Jun 03 08:51:49.545941 osdx hostapd[49710]: eth1: RADIUS Received RADIUS message Jun 03 08:51:49.545946 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:51:49.545979 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Jun 03 08:51:49.545984 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=3 id=149 len=4) from RADIUS server: EAP Success Jun 03 08:51:49.546008 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 149) Jun 03 08:51:49.546027 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port Jun 03 08:51:49.546031 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session 39AB0DD19341A27A Jun 03 08:51:49.546039 osdx hostapd[49710]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Unsuccessful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses an incorrect username.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1/W8XOYnxcuD5AFEGK8NSRBsBBTAHGNObQj39dCWu65+rBYuDwaWPNo+Dz5sVxq62vgB1Dt5C3a1g== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.468 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.468/0.468/0.468/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set interfaces ethernet eth1 supplicant encrypted-password U2FsdGVkX18otecGCbFCrLfPWdaC1LtFuQN/UvGoawk= set interfaces ethernet eth1 supplicant username wrong set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command interfaces ethernet eth1 supplicant show stats on DUT1 and check whether the output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 0 EAPoL Frames (Tx) 0 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 0 Req ID Frames (Rx) 0 Resp Frames (Tx) 0 Start Frames (Tx) 0
Step 5: Run the command interfaces ethernet eth1 supplicant show stats on DUT1 and check whether the output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 9 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 6: Run the command interfaces ethernet eth1 supplicant show stats on DUT1 and check whether the output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 10 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 7: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
Authentication Failures\s+[1-9]\d?Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 8 Authentication Backend RADIUS Authentication Failures 1 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 10 EAPoL frames (Tx) 10 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name N/A
Step 8: Expect a failure in the following command:
Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
Step 9: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)Show output
Jun 03 08:51:58.745190 osdx hostapd[50268]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. Jun 03 08:51:58.745209 osdx hostapd[50268]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 08:51:58.745425 osdx hostapd[50268]: connect[radius]: Network is unreachable Jun 03 08:51:58.745255 osdx hostapd[50268]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Jun 03 08:51:58.745259 osdx hostapd[50268]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jun 03 08:51:58.769016 osdx hostapd[50268]: Discovery mode enabled on eth1 Jun 03 08:51:58.769111 osdx hostapd[50268]: eth1: interface state UNINITIALIZED->ENABLED Jun 03 08:51:58.769111 osdx hostapd[50268]: eth1: AP-ENABLED Jun 03 08:52:02.229833 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added Jun 03 08:52:02.229849 osdx hostapd[50269]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jun 03 08:52:02.245071 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication Jun 03 08:52:02.245110 osdx hostapd[50269]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Jun 03 08:52:02.245132 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAPOL-Start from STA Jun 03 08:52:02.245147 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port Jun 03 08:52:02.245156 osdx hostapd[50269]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jun 03 08:52:02.245171 osdx hostapd[50269]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE Jun 03 08:52:02.245192 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 228) Jun 03 08:52:02.245711 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=228 len=10) from STA: EAP Response-Identity (1) Jun 03 08:52:02.245720 osdx hostapd[50269]: IEEE 802.1X: OSDX-EAP: getDecision: -> PASSTHROUGH Jun 03 08:52:02.245724 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: STA identity 'wrong' Jun 03 08:52:02.245749 osdx hostapd[50269]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 08:52:02.247595 osdx hostapd[50269]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:52:02.247624 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:52:02.247882 osdx hostapd[50269]: eth1: RADIUS Received 80 bytes from RADIUS server Jun 03 08:52:02.247888 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:02.247891 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:52:02.247910 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=229 len=22) from RADIUS server: EAP-Request-MD5 (4) Jun 03 08:52:02.247918 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 229) Jun 03 08:52:02.248186 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=229 len=6) from STA: EAP Response-unknown (3) Jun 03 08:52:02.248231 osdx hostapd[50269]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:52:02.248244 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:52:02.248423 osdx hostapd[50269]: eth1: RADIUS Received 64 bytes from RADIUS server Jun 03 08:52:02.248427 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:02.248430 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:52:02.248449 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=230 len=6) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:52:02.248456 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 230) Jun 03 08:52:02.248781 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=230 len=194) from STA: EAP Response-PEAP (25) Jun 03 08:52:02.248812 osdx hostapd[50269]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:52:02.248822 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:52:02.249829 osdx hostapd[50269]: eth1: RADIUS Received 1068 bytes from RADIUS server Jun 03 08:52:02.249836 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:02.249840 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:52:02.249874 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=231 len=1004) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:52:02.249887 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 231) Jun 03 08:52:02.250095 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=231 len=6) from STA: EAP Response-PEAP (25) Jun 03 08:52:02.250145 osdx hostapd[50269]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:52:02.250161 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:52:02.250299 osdx hostapd[50269]: eth1: RADIUS Received 229 bytes from RADIUS server Jun 03 08:52:02.250306 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:02.250310 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:52:02.250330 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=232 len=171) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:52:02.250335 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 232) Jun 03 08:52:02.251849 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=232 len=103) from STA: EAP Response-PEAP (25) Jun 03 08:52:02.251908 osdx hostapd[50269]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:52:02.251923 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:52:02.252227 osdx hostapd[50269]: eth1: RADIUS Received 115 bytes from RADIUS server Jun 03 08:52:02.252232 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:02.252235 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:52:02.252250 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=233 len=57) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:52:02.252255 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 233) Jun 03 08:52:02.252514 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=233 len=6) from STA: EAP Response-PEAP (25) Jun 03 08:52:02.252548 osdx hostapd[50269]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:52:02.252558 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:52:02.252727 osdx hostapd[50269]: eth1: RADIUS Received 98 bytes from RADIUS server Jun 03 08:52:02.252732 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:02.252735 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:52:02.252747 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=234 len=40) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:52:02.252753 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 234) Jun 03 08:52:02.252928 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=234 len=41) from STA: EAP Response-PEAP (25) Jun 03 08:52:02.252974 osdx hostapd[50269]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:52:02.252983 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:52:02.253170 osdx hostapd[50269]: eth1: RADIUS Received 131 bytes from RADIUS server Jun 03 08:52:02.253178 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:02.253182 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:52:02.253198 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=235 len=73) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:52:02.253205 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 235) Jun 03 08:52:02.253484 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=235 len=95) from STA: EAP Response-PEAP (25) Jun 03 08:52:02.253528 osdx hostapd[50269]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:52:02.253540 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:52:02.253707 osdx hostapd[50269]: eth1: RADIUS Received 104 bytes from RADIUS server Jun 03 08:52:02.253713 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:02.253716 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:52:02.253730 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=236 len=46) from RADIUS server: EAP-Request-PEAP (25) Jun 03 08:52:02.253735 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 236) Jun 03 08:52:02.253908 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=236 len=46) from STA: EAP Response-PEAP (25) Jun 03 08:52:02.253961 osdx hostapd[50269]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 08:52:02.253976 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 08:52:03.254063 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Resending RADIUS message (id=8) Jun 03 08:52:03.254094 osdx hostapd[50269]: eth1: RADIUS Next RADIUS client retransmit in 2 seconds Jun 03 08:52:03.254267 osdx hostapd[50269]: eth1: RADIUS Received 44 bytes from RADIUS server Jun 03 08:52:03.254270 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:03.254273 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 08:52:03.254319 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=4 id=236 len=4) from RADIUS server: EAP Failure Jun 03 08:52:03.254344 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 236) Jun 03 08:52:03.254355 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port Jun 03 08:52:03.254358 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authentication failed - EAP type: 25 (PEAP) Jun 03 08:52:03.254361 osdx hostapd[50269]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Authentication failed, enforcing quiet period (60 seconds) Jun 03 08:52:03.254365 osdx hostapd[50269]: eth1: RADIUS Received 44 bytes from RADIUS server Jun 03 08:52:03.254368 osdx hostapd[50269]: eth1: RADIUS Received RADIUS message Jun 03 08:52:03.254370 osdx hostapd[50269]: eth1: RADIUS No matching RADIUS request found (type=0 id=8) - dropping packet
Test Unsupported 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 does not support 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1/ZDMoQD1xhPx3vtbIa0wRzL8Dl50XJJ1I9QhtUijSnGzj5ioLgtmn0WiTeU3fCiI79Ovd3VgpNpw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.311 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.311/0.311/0.311/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 2 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name N/A
Step 5: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name N/A
Step 6: Run the command interfaces ethernet eth1 authenticator show stats on DUT0 and check whether the output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:11 Session User Name N/A
Step 7: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: EAP authentication timeoutShow output
Jun 03 08:52:15.575005 osdx hostapd[50830]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. Jun 03 08:52:15.575018 osdx hostapd[50830]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 08:52:15.575338 osdx hostapd[50830]: connect[radius]: Network is unreachable Jun 03 08:52:15.575063 osdx hostapd[50830]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Jun 03 08:52:15.575067 osdx hostapd[50830]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jun 03 08:52:15.602778 osdx hostapd[50830]: Discovery mode enabled on eth1 Jun 03 08:52:15.602878 osdx hostapd[50830]: eth1: interface state UNINITIALIZED->ENABLED Jun 03 08:52:15.602878 osdx hostapd[50830]: eth1: AP-ENABLED Jun 03 08:52:20.602911 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 DRIVER: Device discovered, triggering MAB authentication Jun 03 08:52:20.602959 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added Jun 03 08:52:20.602971 osdx hostapd[50831]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jun 03 08:52:20.618838 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication Jun 03 08:52:20.618869 osdx hostapd[50831]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Jun 03 08:52:20.618887 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port Jun 03 08:52:20.618903 osdx hostapd[50831]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jun 03 08:52:20.618920 osdx hostapd[50831]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE Jun 03 08:52:20.618935 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 13) Jun 03 08:52:23.621048 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 13) Jun 03 08:52:28.820799 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 08:52:29.625972 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 13) Jun 03 08:52:37.154999 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 08:52:41.636081 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: aborting authentication Jun 03 08:52:41.636100 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: EAP authentication timeout - enforcing 60 second quiet period before retrying Jun 03 08:52:41.636118 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 MLME: MLME-DEAUTHENTICATE.indication(de:ad:be:ef:6c:11, 2) Jun 03 08:52:41.636122 osdx hostapd[50831]: eth1: STA de:ad:be:ef:6c:11 MLME: MLME-DELETEKEYS.request(de:ad:be:ef:6c:11)