Reauth Period
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Test Reauth Period In 802.1X Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX19LgAE17HK7dlZnAJTZqoW22S4RoBjdzEbIhTzqU1aBmfy0LJjt9KLVilo7h/+rzpzsGYcw4QpNUg== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.273 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.273/0.273/0.273/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set interfaces ethernet eth1 supplicant encrypted-password U2FsdGVkX1+ALfwUkphiMvJ57dy4T92uQXBQd5KHcnk= set interfaces ethernet eth1 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: authenticatedShow output
Jun 03 09:19:14.623342 osdx hostapd[88345]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. Jun 03 09:19:14.623355 osdx hostapd[88345]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 09:19:14.623613 osdx hostapd[88345]: connect[radius]: Network is unreachable Jun 03 09:19:14.623395 osdx hostapd[88345]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Jun 03 09:19:14.623399 osdx hostapd[88345]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jun 03 09:19:14.651147 osdx hostapd[88345]: Discovery mode enabled on eth1 Jun 03 09:19:14.651097 osdx hostapd[88345]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Jun 03 09:19:14.651281 osdx hostapd[88345]: eth1: interface state UNINITIALIZED->ENABLED Jun 03 09:19:14.651281 osdx hostapd[88345]: eth1: AP-ENABLED Jun 03 09:19:16.283161 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:17.951858 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added Jun 03 09:19:17.951873 osdx hostapd[88346]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jun 03 09:19:17.971185 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication Jun 03 09:19:17.971217 osdx hostapd[88346]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Jun 03 09:19:17.971240 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAPOL-Start from STA Jun 03 09:19:17.971252 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port Jun 03 09:19:17.971272 osdx hostapd[88346]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jun 03 09:19:17.971283 osdx hostapd[88346]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE Jun 03 09:19:17.971304 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 120) Jun 03 09:19:17.971816 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=120 len=12) from STA: EAP Response-Identity (1) Jun 03 09:19:17.971829 osdx hostapd[88346]: IEEE 802.1X: OSDX-EAP: getDecision: -> PASSTHROUGH Jun 03 09:19:17.971835 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: STA identity 'testing' Jun 03 09:19:17.971871 osdx hostapd[88346]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 09:19:17.974597 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.974639 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.974990 osdx hostapd[88346]: eth1: RADIUS Received 80 bytes from RADIUS server Jun 03 09:19:17.974997 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.975002 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.975052 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=121 len=22) from RADIUS server: EAP-Request-MD5 (4) Jun 03 09:19:17.975063 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 121) Jun 03 09:19:17.975569 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=121 len=6) from STA: EAP Response-unknown (3) Jun 03 09:19:17.975642 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.975739 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.975915 osdx hostapd[88346]: eth1: RADIUS Received 64 bytes from RADIUS server Jun 03 09:19:17.975919 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.975925 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.975951 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=122 len=6) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:17.975959 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 122) Jun 03 09:19:17.976594 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=122 len=194) from STA: EAP Response-PEAP (25) Jun 03 09:19:17.976648 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.976699 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.978117 osdx hostapd[88346]: eth1: RADIUS Received 1068 bytes from RADIUS server Jun 03 09:19:17.978131 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.978137 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.978179 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=123 len=1004) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:17.978191 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 123) Jun 03 09:19:17.978967 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=123 len=6) from STA: EAP Response-PEAP (25) Jun 03 09:19:17.979055 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.979278 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.979325 osdx hostapd[88346]: eth1: RADIUS Received 229 bytes from RADIUS server Jun 03 09:19:17.979329 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.979333 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.979355 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=124 len=171) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:17.979363 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 124) Jun 03 09:19:17.981521 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=124 len=103) from STA: EAP Response-PEAP (25) Jun 03 09:19:17.981610 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.981634 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.982134 osdx hostapd[88346]: eth1: RADIUS Received 115 bytes from RADIUS server Jun 03 09:19:17.982141 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.982145 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.982168 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=125 len=57) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:17.982176 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 125) Jun 03 09:19:17.982723 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=125 len=6) from STA: EAP Response-PEAP (25) Jun 03 09:19:17.982776 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.982826 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.982988 osdx hostapd[88346]: eth1: RADIUS Received 98 bytes from RADIUS server Jun 03 09:19:17.982995 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.982999 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.983038 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=126 len=40) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:17.983046 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 126) Jun 03 09:19:17.983314 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=126 len=43) from STA: EAP Response-PEAP (25) Jun 03 09:19:17.983373 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.983397 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.983613 osdx hostapd[88346]: eth1: RADIUS Received 131 bytes from RADIUS server Jun 03 09:19:17.983620 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.983624 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.983648 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=127 len=73) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:17.983655 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 127) Jun 03 09:19:17.984001 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=127 len=97) from STA: EAP Response-PEAP (25) Jun 03 09:19:17.984053 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.984065 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.984447 osdx hostapd[88346]: eth1: RADIUS Received 140 bytes from RADIUS server Jun 03 09:19:17.984453 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.984457 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.984476 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=128 len=82) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:17.984483 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 128) Jun 03 09:19:17.984792 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=128 len=37) from STA: EAP Response-PEAP (25) Jun 03 09:19:17.984839 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.984909 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.985085 osdx hostapd[88346]: eth1: RADIUS Received 104 bytes from RADIUS server Jun 03 09:19:17.985092 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.985096 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.985130 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=129 len=46) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:17.985139 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 129) Jun 03 09:19:17.985363 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=129 len=46) from STA: EAP Response-PEAP (25) Jun 03 09:19:17.985409 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:17.985457 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:17.985643 osdx hostapd[88346]: eth1: RADIUS Received 175 bytes from RADIUS server Jun 03 09:19:17.985650 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:17.985654 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:17.985679 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Jun 03 09:19:17.985684 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=3 id=129 len=4) from RADIUS server: EAP Success Jun 03 09:19:17.985700 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 129) Jun 03 09:19:17.985763 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port Jun 03 09:19:17.985767 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session 8D8747259571116B Jun 03 09:19:17.985771 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Step 5: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Jun 03 09:19:18.720634 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:20.832959 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:22.919621 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:25.045332 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:27.140723 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:29.268154 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:31.386300 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:33.490173 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:35.589162 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:37.690628 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:37.991318 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Jun 03 09:19:37.991328 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Starting re-authentication (port will be unauthorized until authentication succeeds) Jun 03 09:19:37.991332 osdx hostapd[88346]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jun 03 09:19:37.991360 osdx hostapd[88346]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE Jun 03 09:19:37.991369 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 136) Jun 03 09:19:37.991802 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=136 len=12) from STA: EAP Response-Identity (1) Jun 03 09:19:37.991812 osdx hostapd[88346]: IEEE 802.1X: OSDX-EAP: getDecision: -> PASSTHROUGH Jun 03 09:19:37.991816 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: STA identity 'testing' Jun 03 09:19:37.991879 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.991917 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.992157 osdx hostapd[88346]: eth1: RADIUS Received 80 bytes from RADIUS server Jun 03 09:19:37.992162 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.992166 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.992187 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=137 len=22) from RADIUS server: EAP-Request-MD5 (4) Jun 03 09:19:37.992194 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 137) Jun 03 09:19:37.992381 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=137 len=6) from STA: EAP Response-unknown (3) Jun 03 09:19:37.992416 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.992428 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.992613 osdx hostapd[88346]: eth1: RADIUS Received 64 bytes from RADIUS server Jun 03 09:19:37.992620 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.992623 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.992650 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=138 len=6) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:37.992657 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 138) Jun 03 09:19:37.992912 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=138 len=194) from STA: EAP Response-PEAP (25) Jun 03 09:19:37.992951 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.992966 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.993994 osdx hostapd[88346]: eth1: RADIUS Received 1068 bytes from RADIUS server Jun 03 09:19:37.993999 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.994003 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.994026 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=139 len=1004) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:37.994031 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 139) Jun 03 09:19:37.994196 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=139 len=6) from STA: EAP Response-PEAP (25) Jun 03 09:19:37.994239 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.994250 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.994348 osdx hostapd[88346]: eth1: RADIUS Received 229 bytes from RADIUS server Jun 03 09:19:37.994352 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.994355 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.994369 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=140 len=171) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:37.994373 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 140) Jun 03 09:19:37.995450 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=140 len=103) from STA: EAP Response-PEAP (25) Jun 03 09:19:37.995496 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.995509 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.995779 osdx hostapd[88346]: eth1: RADIUS Received 115 bytes from RADIUS server Jun 03 09:19:37.995785 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.995788 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.995801 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=141 len=57) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:37.995807 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 141) Jun 03 09:19:37.996014 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=141 len=6) from STA: EAP Response-PEAP (25) Jun 03 09:19:37.996046 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.996057 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.996179 osdx hostapd[88346]: eth1: RADIUS Received 98 bytes from RADIUS server Jun 03 09:19:37.996184 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.996186 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.996198 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=142 len=40) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:37.996206 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 142) Jun 03 09:19:37.996345 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=142 len=43) from STA: EAP Response-PEAP (25) Jun 03 09:19:37.996374 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.996386 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.996553 osdx hostapd[88346]: eth1: RADIUS Received 131 bytes from RADIUS server Jun 03 09:19:37.996557 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.996560 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.996571 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=143 len=73) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:37.996576 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 143) Jun 03 09:19:37.996842 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=143 len=97) from STA: EAP Response-PEAP (25) Jun 03 09:19:37.996875 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.996885 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.997054 osdx hostapd[88346]: eth1: RADIUS Received 140 bytes from RADIUS server Jun 03 09:19:37.997058 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.997062 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.997075 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=144 len=82) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:37.997079 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 144) Jun 03 09:19:37.997226 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=144 len=37) from STA: EAP Response-PEAP (25) Jun 03 09:19:37.997267 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.997277 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.997394 osdx hostapd[88346]: eth1: RADIUS Received 104 bytes from RADIUS server Jun 03 09:19:37.997398 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.997401 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.997416 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=1 id=145 len=46) from RADIUS server: EAP-Request-PEAP (25) Jun 03 09:19:37.997420 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 145) Jun 03 09:19:37.997563 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: received EAP packet (code=2 id=145 len=46) from STA: EAP Response-PEAP (25) Jun 03 09:19:37.997609 osdx hostapd[88346]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:37.997621 osdx hostapd[88346]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:37.997793 osdx hostapd[88346]: eth1: RADIUS Received 175 bytes from RADIUS server Jun 03 09:19:37.997800 osdx hostapd[88346]: eth1: RADIUS Received RADIUS message Jun 03 09:19:37.997804 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:37.997825 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Jun 03 09:19:37.997828 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: decapsulated EAP packet (code=3 id=145 len=4) from RADIUS server: EAP Success Jun 03 09:19:37.997843 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 145) Jun 03 09:19:37.997852 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port Jun 03 09:19:37.997854 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session 8D8747259571116B Jun 03 09:19:37.997857 osdx hostapd[88346]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Reauth Period In MAB Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode only-MAB set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1+B9KHAJCfkvTY6hhvUtETQhja6VLG6L1T5denihSGEt18Gu1iVjqo/XgAqIk4vjGBnhDdsUCkqaw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.238 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
MAB: station successfully authenticatedShow output
Jun 03 09:19:47.629732 osdx hostapd[88981]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. Jun 03 09:19:47.629747 osdx hostapd[88981]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 09:19:47.629979 osdx hostapd[88981]: connect[radius]: Network is unreachable Jun 03 09:19:47.629785 osdx hostapd[88981]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-only, eap_server=0, eap_quiet_period=60, eap_max_retrans=5 Jun 03 09:19:47.629789 osdx hostapd[88981]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jun 03 09:19:47.661510 osdx hostapd[88981]: Discovery mode enabled on eth1 Jun 03 09:19:47.661614 osdx hostapd[88981]: eth1: interface state UNINITIALIZED->ENABLED Jun 03 09:19:47.661614 osdx hostapd[88981]: eth1: AP-ENABLED Jun 03 09:19:51.137587 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:52.663758 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 DRIVER: Device discovered, triggering MAB authentication Jun 03 09:19:52.663802 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added Jun 03 09:19:52.663811 osdx hostapd[88982]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jun 03 09:19:52.681517 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB-only mode: Starting MAB authentication Jun 03 09:19:52.681546 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query Jun 03 09:19:52.681562 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 Jun 03 09:19:52.683236 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 Jun 03 09:19:52.683246 osdx hostapd[88982]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 09:19:52.683318 osdx hostapd[88982]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:19:52.683344 osdx hostapd[88982]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:19:52.683618 osdx hostapd[88982]: eth1: RADIUS Received 20 bytes from RADIUS server Jun 03 09:19:52.683622 osdx hostapd[88982]: eth1: RADIUS Received RADIUS message Jun 03 09:19:52.683626 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:19:52.683630 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response Jun 03 09:19:52.683639 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:11' Jun 03 09:19:52.683654 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated Jun 03 09:19:52.683657 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Jun 03 09:19:52.683659 osdx hostapd[88982]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled Jun 03 09:19:52.683674 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port Jun 03 09:19:52.683678 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session FD7A55D407AF3C1B
Step 5: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Jun 03 09:19:55.562186 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:19:58.723078 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:01.907186 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:05.098470 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:08.310518 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:11.586002 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:12.698754 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Jun 03 09:20:12.698773 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query Jun 03 09:20:12.698830 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 Jun 03 09:20:12.698863 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 Jun 03 09:20:12.698898 osdx hostapd[88982]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:20:12.698948 osdx hostapd[88982]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:20:12.699312 osdx hostapd[88982]: eth1: RADIUS Received 20 bytes from RADIUS server Jun 03 09:20:12.699316 osdx hostapd[88982]: eth1: RADIUS Received RADIUS message Jun 03 09:20:12.699319 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:20:12.699323 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response Jun 03 09:20:12.699355 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated Jun 03 09:20:12.699358 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Jun 03 09:20:12.699360 osdx hostapd[88982]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled Jun 03 09:20:12.699363 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port Jun 03 09:20:12.699370 osdx hostapd[88982]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session FD7A55D407AF3C1B
Test Reauth Period In MAB-Fallback Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode 802.1x-MAB set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1+bFuYfhVmPyIrpGfGzCc47ZKJfGxSUZXp/4PTN9mLl2iglLJOFRIVdyzY97BDmhoc2Uy6fqVvQBQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.697 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.697/0.697/0.697/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
MAB: station successfully authenticatedShow output
Jun 03 09:20:22.396600 osdx hostapd[89598]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. Jun 03 09:20:22.396870 osdx hostapd[89598]: connect[radius]: Network is unreachable Jun 03 09:20:22.396616 osdx hostapd[89598]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 09:20:22.396660 osdx hostapd[89598]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X+MAB-fallback, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 Jun 03 09:20:22.396663 osdx hostapd[89598]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jun 03 09:20:22.412420 osdx hostapd[89598]: Discovery mode enabled on eth1 Jun 03 09:20:22.412419 osdx hostapd[89598]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Jun 03 09:20:22.412505 osdx hostapd[89598]: eth1: interface state UNINITIALIZED->ENABLED Jun 03 09:20:22.412505 osdx hostapd[89598]: eth1: AP-ENABLED Jun 03 09:20:26.260809 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:27.414716 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 DRIVER: Device discovered, triggering MAB authentication Jun 03 09:20:27.414752 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added Jun 03 09:20:27.414760 osdx hostapd[89599]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jun 03 09:20:27.428573 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: start authentication Jun 03 09:20:27.428610 osdx hostapd[89599]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Jun 03 09:20:27.428615 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB fallback mode: Scheduling MAB trigger in 30 seconds if no 802.1X response Jun 03 09:20:27.428628 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response Jun 03 09:20:27.428653 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port Jun 03 09:20:27.428663 osdx hostapd[89599]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jun 03 09:20:27.428692 osdx hostapd[89599]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE Jun 03 09:20:27.428714 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 209) Jun 03 09:20:30.430712 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 209) Jun 03 09:20:30.523933 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:34.734097 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:36.435709 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 209) Jun 03 09:20:38.999601 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:43.188878 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:47.373090 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:48.446725 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: aborting authentication Jun 03 09:20:48.446734 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: EAP max retrans reached, triggering MAB fallback immediately Jun 03 09:20:48.446739 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query Jun 03 09:20:48.446783 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 Jun 03 09:20:48.448872 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 Jun 03 09:20:48.448887 osdx hostapd[89599]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 09:20:48.448989 osdx hostapd[89599]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:20:48.449036 osdx hostapd[89599]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:20:48.449067 osdx hostapd[89599]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jun 03 09:20:48.449081 osdx hostapd[89599]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE Jun 03 09:20:48.449094 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 14) Jun 03 09:20:48.449476 osdx hostapd[89599]: eth1: RADIUS Received 20 bytes from RADIUS server Jun 03 09:20:48.449483 osdx hostapd[89599]: eth1: RADIUS Received RADIUS message Jun 03 09:20:48.449488 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:20:48.449493 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response Jun 03 09:20:48.449515 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:11' Jun 03 09:20:48.449534 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated Jun 03 09:20:48.449538 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Jun 03 09:20:48.449541 osdx hostapd[89599]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled Jun 03 09:20:48.449551 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port Jun 03 09:20:48.449555 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session 94F9971595324709
Step 5: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Jun 03 09:20:51.856260 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:55.024648 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:20:58.216205 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:01.414873 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:04.587616 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:07.750628 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:08.466689 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Jun 03 09:21:08.466709 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB fallback: Scheduling MAB trigger in 30 seconds if no 802.1X response Jun 03 09:21:08.466713 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response Jun 03 09:21:08.466743 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: unauthorizing port Jun 03 09:21:08.466748 osdx hostapd[89599]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jun 03 09:21:08.466757 osdx hostapd[89599]: IEEE 802.1X: OSDX-EAP: getDecision: no identity known yet -> CONTINUE Jun 03 09:21:08.466767 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 155) Jun 03 09:21:11.469713 osdx hostapd[89599]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Sending EAP Packet (identifier 155)
Test Reauth Period In MAB-First Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB/802.1X authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth1 address 192.168.100.1/24 set interfaces ethernet eth1 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth1 authenticator aaa authentication list1 set interfaces ethernet eth1 authenticator log-level debug set interfaces ethernet eth1 authenticator mode MAB-802.1x set interfaces ethernet eth1 authenticator quiet-period 60 set interfaces ethernet eth1 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1+1PEJTbbW6BP7JT4359JvS4ahFpUlhhL1TzudzEEavmzVZAAtOO510eBK23JmdYy+2lAaY/rczRg== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.326 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.326/0.326/0.326/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
MAB: station successfully authenticatedShow output
Jun 03 09:21:19.437222 osdx hostapd[90241]: eth1: IEEE 802.11 Fetching hardware channel/rate support not supported. Jun 03 09:21:19.437236 osdx hostapd[90241]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 09:21:19.437487 osdx hostapd[90241]: connect[radius]: Network is unreachable Jun 03 09:21:19.437282 osdx hostapd[90241]: eth1: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-first, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 Jun 03 09:21:19.437287 osdx hostapd[90241]: eth1: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jun 03 09:21:19.456924 osdx hostapd[90241]: Discovery mode enabled on eth1 Jun 03 09:21:19.456985 osdx hostapd[90241]: eth1: interface state UNINITIALIZED->ENABLED Jun 03 09:21:19.456985 osdx hostapd[90241]: eth1: AP-ENABLED Jun 03 09:21:19.456923 osdx hostapd[90241]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Jun 03 09:21:23.086919 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:24.459235 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 DRIVER: Device discovered, triggering MAB authentication Jun 03 09:21:24.459282 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: New STA de:ad:be:ef:6c:11 added Jun 03 09:21:24.459292 osdx hostapd[90242]: eth1: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jun 03 09:21:24.481000 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB-first mode: Starting MAB authentication Jun 03 09:21:24.481036 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query Jun 03 09:21:24.481057 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 Jun 03 09:21:24.483392 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 Jun 03 09:21:24.483417 osdx hostapd[90242]: eth1: RADIUS Authentication server 10.215.168.1:1812 Jun 03 09:21:24.483510 osdx hostapd[90242]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:21:24.483544 osdx hostapd[90242]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:21:24.483599 osdx hostapd[90242]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame Jun 03 09:21:24.483610 osdx hostapd[90242]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds Jun 03 09:21:24.483927 osdx hostapd[90242]: eth1: RADIUS Received 20 bytes from RADIUS server Jun 03 09:21:24.483937 osdx hostapd[90242]: eth1: RADIUS Received RADIUS message Jun 03 09:21:24.483943 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:21:24.483947 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response Jun 03 09:21:24.483965 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:11' Jun 03 09:21:24.483986 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated Jun 03 09:21:24.483990 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Jun 03 09:21:24.483993 osdx hostapd[90242]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled Jun 03 09:21:24.484007 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port Jun 03 09:21:24.484011 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session 91E72D658C26EE93
Step 5: Run the command system journal show | grep "osdx hostapd" on DUT0 and check whether the output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Jun 03 09:21:27.580458 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:30.775439 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:33.950133 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:37.137554 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:40.298464 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:43.479641 osdx OSDxCLI[5794]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jun 03 09:21:44.484210 osdx hostapd[90242]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame Jun 03 09:21:44.484233 osdx hostapd[90242]: eth1: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds Jun 03 09:21:44.497236 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Jun 03 09:21:44.497250 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Starting RADIUS query Jun 03 09:21:44.497282 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:11 Jun 03 09:21:44.497314 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:11 Jun 03 09:21:44.497340 osdx hostapd[90242]: eth1: RADIUS Sending RADIUS message to authentication server Jun 03 09:21:44.497376 osdx hostapd[90242]: eth1: RADIUS Next RADIUS client retransmit in 1 seconds Jun 03 09:21:44.497619 osdx hostapd[90242]: eth1: RADIUS Received 20 bytes from RADIUS server Jun 03 09:21:44.497625 osdx hostapd[90242]: eth1: RADIUS Received RADIUS message Jun 03 09:21:44.497629 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jun 03 09:21:44.497633 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Processing RADIUS response Jun 03 09:21:44.497651 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: station successfully authenticated Jun 03 09:21:44.497654 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Jun 03 09:21:44.497658 osdx hostapd[90242]: eth1: IEEE 802.1X IEEE 802.1X: Discovery already disabled Jun 03 09:21:44.497662 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 IEEE 802.1X: authorizing port Jun 03 09:21:44.497666 osdx hostapd[90242]: eth1: STA de:ad:be:ef:6c:11 RADIUS: starting accounting session 91E72D658C26EE93