Only 802.1X
This scenario shows how to configure the only-802.1x
authentication mode.
Test Successful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses the correct username and password.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX180wctbK1L87UTm+b0fgP8zslnu61r2S6YWndmA2GUP9rpcuu3ONt61Jq75C6Esua2BKll63IJPBA== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.179 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.179/0.179/0.179/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX199nwFORAXqQvkoRV9oK3suSGWaJ5Mss7k= set interfaces ethernet eth2 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command interfaces ethernet eth2 supplicant show status at DUT1 and check if output contains the following tokens:
AuthorizedShow output
--------------------------------------------------- Field Value --------------------------------------------------- EAP State SUCCESS EAP TLS Cipher ECDHE-RSA-AES256-GCM-SHA384 EAP TLS Version TLSv1.2 PAE State AUTHENTICATED Supplicant Port Status Authorized WPA State COMPLETED
Step 5: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+AuthorizedShow output
------------------------------- Field Value ------------------------------- EAPoL Frames (Rx) 11 EAPoL Frames (Tx) 11 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Authorized Req Frames (Rx) 9 Req ID Frames (Rx) 1 Resp Frames (Tx) 10 Start Frames (Tx) 1
Step 6: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
Authentication Successes\s+1 Authentication Mode\s+802\.1XShow output
--------------------------------------------- Field Value --------------------------------------------- Access Challenges 9 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode 802.1X Authentication Status Authorized (802.1X) Authentication Successes 1 EAPoL frames (Rx) 11 EAPoL frames (Tx) 11 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name testing
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.482 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.482/0.482/0.482/0.000 ms
Step 8: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authenticated - EAP type: 25 (PEAP)Show output
Dec 11 14:16:20.505515 osdx hostapd[84539]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Dec 11 14:16:20.505528 osdx hostapd[84539]: eth2: RADIUS Authentication server 10.215.168.1:1812 Dec 11 14:16:20.505881 osdx hostapd[84539]: connect[radius]: Network is unreachable Dec 11 14:16:20.505569 osdx hostapd[84539]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Dec 11 14:16:20.505572 osdx hostapd[84539]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Dec 11 14:16:20.529357 osdx hostapd[84539]: Discovery mode enabled on eth2 Dec 11 14:16:20.529457 osdx hostapd[84539]: eth2: interface state UNINITIALIZED->ENABLED Dec 11 14:16:20.529457 osdx hostapd[84539]: eth2: AP-ENABLED Dec 11 14:16:23.779667 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Dec 11 14:16:23.779680 osdx hostapd[84540]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Dec 11 14:16:23.793392 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Dec 11 14:16:23.793418 osdx hostapd[84540]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Dec 11 14:16:23.793441 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA Dec 11 14:16:23.793453 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Dec 11 14:16:23.793459 osdx hostapd[84540]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Dec 11 14:16:23.793477 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 134) Dec 11 14:16:23.793859 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=134 len=12) from STA: EAP Response-Identity (1) Dec 11 14:16:23.793872 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' Dec 11 14:16:23.793900 osdx hostapd[84540]: eth2: RADIUS Authentication server 10.215.168.1:1812 Dec 11 14:16:23.795772 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.795802 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.796101 osdx hostapd[84540]: eth2: RADIUS Received 80 bytes from RADIUS server Dec 11 14:16:23.796108 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.796112 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.796133 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=135 len=22) from RADIUS server: EAP-Request-MD5 (4) Dec 11 14:16:23.796140 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 135) Dec 11 14:16:23.796420 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=135 len=6) from STA: EAP Response-unknown (3) Dec 11 14:16:23.796476 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.796491 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.796668 osdx hostapd[84540]: eth2: RADIUS Received 64 bytes from RADIUS server Dec 11 14:16:23.796673 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.796677 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.796695 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=136 len=6) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:23.796701 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 136) Dec 11 14:16:23.797052 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=136 len=194) from STA: EAP Response-PEAP (25) Dec 11 14:16:23.797118 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.797134 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.798199 osdx hostapd[84540]: eth2: RADIUS Received 1068 bytes from RADIUS server Dec 11 14:16:23.798208 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.798214 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.798241 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=137 len=1004) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:23.798252 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 137) Dec 11 14:16:23.798487 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=137 len=6) from STA: EAP Response-PEAP (25) Dec 11 14:16:23.798537 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.798552 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.798686 osdx hostapd[84540]: eth2: RADIUS Received 229 bytes from RADIUS server Dec 11 14:16:23.798692 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.798696 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.798714 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=138 len=171) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:23.798726 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 138) Dec 11 14:16:23.800182 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=138 len=103) from STA: EAP Response-PEAP (25) Dec 11 14:16:23.800231 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.800247 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.800602 osdx hostapd[84540]: eth2: RADIUS Received 115 bytes from RADIUS server Dec 11 14:16:23.800607 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.800610 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.800634 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=139 len=57) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:23.800641 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 139) Dec 11 14:16:23.800912 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=139 len=6) from STA: EAP Response-PEAP (25) Dec 11 14:16:23.800962 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.800977 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.801152 osdx hostapd[84540]: eth2: RADIUS Received 98 bytes from RADIUS server Dec 11 14:16:23.801158 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.801161 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.801180 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=140 len=40) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:23.801187 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 140) Dec 11 14:16:23.801374 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=140 len=43) from STA: EAP Response-PEAP (25) Dec 11 14:16:23.801416 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.801469 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.801590 osdx hostapd[84540]: eth2: RADIUS Received 131 bytes from RADIUS server Dec 11 14:16:23.801595 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.801599 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.801617 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=141 len=73) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:23.801624 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 141) Dec 11 14:16:23.801864 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=141 len=97) from STA: EAP Response-PEAP (25) Dec 11 14:16:23.801906 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.801940 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.802133 osdx hostapd[84540]: eth2: RADIUS Received 140 bytes from RADIUS server Dec 11 14:16:23.802138 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.802141 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.802157 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=142 len=82) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:23.802163 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 142) Dec 11 14:16:23.802359 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=142 len=37) from STA: EAP Response-PEAP (25) Dec 11 14:16:23.802405 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.802421 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.802579 osdx hostapd[84540]: eth2: RADIUS Received 104 bytes from RADIUS server Dec 11 14:16:23.802584 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.802588 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.802603 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=143 len=46) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:23.802613 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 143) Dec 11 14:16:23.802804 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=143 len=46) from STA: EAP Response-PEAP (25) Dec 11 14:16:23.802846 osdx hostapd[84540]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:23.802857 osdx hostapd[84540]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:23.803040 osdx hostapd[84540]: eth2: RADIUS Received 175 bytes from RADIUS server Dec 11 14:16:23.803046 osdx hostapd[84540]: eth2: RADIUS Received RADIUS message Dec 11 14:16:23.803050 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:23.803075 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Dec 11 14:16:23.803078 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=143 len=4) from RADIUS server: EAP Success Dec 11 14:16:23.803154 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 143) Dec 11 14:16:23.803167 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Dec 11 14:16:23.803170 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session ECE0122C3D679537 Dec 11 14:16:23.803174 osdx hostapd[84540]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Unsuccessful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses an incorrect username.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX19O5yKEANLIjsSVRyTAn+KcEvgpQx9amuQ5Wt4XSvcxVhvE82a8BlrhabIDS3EyLKSEoz7ToEV+6Q== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.320 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.320/0.320/0.320/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX180MocXWEt43TaZk/ExFhuXZ0c/NxRkQAQ= set interfaces ethernet eth2 supplicant username wrong set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 0 EAPoL Frames (Tx) 0 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 0 Req ID Frames (Rx) 0 Resp Frames (Tx) 0 Start Frames (Tx) 0
Step 5: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 9 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 6: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 10 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 7: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
Authentication Failures\s+[1-9]\d?Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 8 Authentication Backend RADIUS Authentication Failures 1 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 10 EAPoL frames (Tx) 10 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 8: Expect a failure in the following command:
Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
Step 9: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)Show output
Dec 11 14:16:33.166886 osdx hostapd[85043]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Dec 11 14:16:33.166903 osdx hostapd[85043]: eth2: RADIUS Authentication server 10.215.168.1:1812 Dec 11 14:16:33.167163 osdx hostapd[85043]: connect[radius]: Network is unreachable Dec 11 14:16:33.166941 osdx hostapd[85043]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Dec 11 14:16:33.166944 osdx hostapd[85043]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Dec 11 14:16:33.186717 osdx hostapd[85043]: Discovery mode enabled on eth2 Dec 11 14:16:33.186804 osdx hostapd[85043]: eth2: interface state UNINITIALIZED->ENABLED Dec 11 14:16:33.186804 osdx hostapd[85043]: eth2: AP-ENABLED Dec 11 14:16:36.843042 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Dec 11 14:16:36.843054 osdx hostapd[85044]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Dec 11 14:16:36.858765 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Dec 11 14:16:36.858790 osdx hostapd[85044]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Dec 11 14:16:36.858805 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA Dec 11 14:16:36.858814 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Dec 11 14:16:36.858822 osdx hostapd[85044]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Dec 11 14:16:36.858844 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 224) Dec 11 14:16:36.859162 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=224 len=10) from STA: EAP Response-Identity (1) Dec 11 14:16:36.859177 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'wrong' Dec 11 14:16:36.859210 osdx hostapd[85044]: eth2: RADIUS Authentication server 10.215.168.1:1812 Dec 11 14:16:36.861672 osdx hostapd[85044]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:36.861705 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:36.861945 osdx hostapd[85044]: eth2: RADIUS Received 80 bytes from RADIUS server Dec 11 14:16:36.861952 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:36.861957 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:36.861976 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=225 len=22) from RADIUS server: EAP-Request-MD5 (4) Dec 11 14:16:36.861983 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 225) Dec 11 14:16:36.862183 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=225 len=6) from STA: EAP Response-unknown (3) Dec 11 14:16:36.862225 osdx hostapd[85044]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:36.862235 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:36.862417 osdx hostapd[85044]: eth2: RADIUS Received 64 bytes from RADIUS server Dec 11 14:16:36.862423 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:36.862428 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:36.862443 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=226 len=6) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:36.862455 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 226) Dec 11 14:16:36.862836 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=226 len=194) from STA: EAP Response-PEAP (25) Dec 11 14:16:36.862893 osdx hostapd[85044]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:36.862909 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:36.864174 osdx hostapd[85044]: eth2: RADIUS Received 1068 bytes from RADIUS server Dec 11 14:16:36.864179 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:36.864182 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:36.864202 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=227 len=1004) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:36.864208 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 227) Dec 11 14:16:36.864391 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=227 len=6) from STA: EAP Response-PEAP (25) Dec 11 14:16:36.864432 osdx hostapd[85044]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:36.864449 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:36.864558 osdx hostapd[85044]: eth2: RADIUS Received 229 bytes from RADIUS server Dec 11 14:16:36.864564 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:36.864568 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:36.864583 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=228 len=171) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:36.864589 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 228) Dec 11 14:16:36.866385 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=228 len=103) from STA: EAP Response-PEAP (25) Dec 11 14:16:36.866426 osdx hostapd[85044]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:36.866437 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:36.866781 osdx hostapd[85044]: eth2: RADIUS Received 115 bytes from RADIUS server Dec 11 14:16:36.866788 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:36.866792 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:36.866811 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=229 len=57) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:36.866817 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 229) Dec 11 14:16:36.867025 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=229 len=6) from STA: EAP Response-PEAP (25) Dec 11 14:16:36.867060 osdx hostapd[85044]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:36.867072 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:36.867190 osdx hostapd[85044]: eth2: RADIUS Received 98 bytes from RADIUS server Dec 11 14:16:36.867196 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:36.867200 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:36.867214 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=230 len=40) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:36.867220 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 230) Dec 11 14:16:36.867381 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=230 len=41) from STA: EAP Response-PEAP (25) Dec 11 14:16:36.867416 osdx hostapd[85044]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:36.867428 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:36.867564 osdx hostapd[85044]: eth2: RADIUS Received 131 bytes from RADIUS server Dec 11 14:16:36.867570 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:36.867574 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:36.867588 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=231 len=73) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:36.867595 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 231) Dec 11 14:16:36.867822 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=231 len=95) from STA: EAP Response-PEAP (25) Dec 11 14:16:36.867857 osdx hostapd[85044]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:36.867868 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:36.868017 osdx hostapd[85044]: eth2: RADIUS Received 104 bytes from RADIUS server Dec 11 14:16:36.868022 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:36.868026 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:36.868040 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=232 len=46) from RADIUS server: EAP-Request-PEAP (25) Dec 11 14:16:36.868046 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 232) Dec 11 14:16:36.868220 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=232 len=46) from STA: EAP Response-PEAP (25) Dec 11 14:16:36.868254 osdx hostapd[85044]: eth2: RADIUS Sending RADIUS message to authentication server Dec 11 14:16:36.868265 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Dec 11 14:16:37.868361 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Resending RADIUS message (id=8) Dec 11 14:16:37.868400 osdx hostapd[85044]: eth2: RADIUS Next RADIUS client retransmit in 2 seconds Dec 11 14:16:37.868598 osdx hostapd[85044]: eth2: RADIUS Received 44 bytes from RADIUS server Dec 11 14:16:37.868607 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:37.868613 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Dec 11 14:16:37.868669 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=4 id=232 len=4) from RADIUS server: EAP Failure Dec 11 14:16:37.868699 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 232) Dec 11 14:16:37.868715 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Dec 11 14:16:37.868719 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authentication failed - EAP type: 25 (PEAP) Dec 11 14:16:37.868722 osdx hostapd[85044]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Authentication failed, enforcing quiet period (60 seconds) Dec 11 14:16:37.868727 osdx hostapd[85044]: eth2: RADIUS Received 44 bytes from RADIUS server Dec 11 14:16:37.868730 osdx hostapd[85044]: eth2: RADIUS Received RADIUS message Dec 11 14:16:37.868732 osdx hostapd[85044]: eth2: RADIUS No matching RADIUS request found (type=0 id=8) - dropping packet
Test Unsupported 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 does not support 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1+9FYvgDrFlEGJCXIvEjTvO9oPNmcJgIq8KnwLCBQ+egbHW9vnV0vnDhJUE5BnLiSZteiiN21Di+g== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.324 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.324/0.324/0.324/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 2 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 5: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 6: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 7: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: EAP authentication timeoutShow output
Dec 11 14:16:48.951254 osdx hostapd[85551]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Dec 11 14:16:48.951272 osdx hostapd[85551]: eth2: RADIUS Authentication server 10.215.168.1:1812 Dec 11 14:16:48.951486 osdx hostapd[85551]: connect[radius]: Network is unreachable Dec 11 14:16:48.951315 osdx hostapd[85551]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Dec 11 14:16:48.951320 osdx hostapd[85551]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Dec 11 14:16:48.967130 osdx hostapd[85551]: Discovery mode enabled on eth2 Dec 11 14:16:48.967219 osdx hostapd[85551]: eth2: interface state UNINITIALIZED->ENABLED Dec 11 14:16:48.967219 osdx hostapd[85551]: eth2: AP-ENABLED Dec 11 14:16:53.967547 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Dec 11 14:16:53.967584 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Dec 11 14:16:53.967592 osdx hostapd[85552]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Dec 11 14:16:53.983208 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Dec 11 14:16:53.983244 osdx hostapd[85552]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Dec 11 14:16:53.983264 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Dec 11 14:16:53.983273 osdx hostapd[85552]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Dec 11 14:16:53.983309 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 147) Dec 11 14:16:56.985925 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 147) Dec 11 14:17:02.033245 osdx OSDxCLI[48660]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Dec 11 14:17:02.990927 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 147) Dec 11 14:17:10.355250 osdx OSDxCLI[48660]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Dec 11 14:17:15.000957 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: aborting authentication Dec 11 14:17:15.000973 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: EAP authentication timeout - enforcing 60 second quiet period before retrying Dec 11 14:17:15.000987 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 MLME: MLME-DEAUTHENTICATE.indication(de:ad:be:ef:6c:12, 2) Dec 11 14:17:15.000990 osdx hostapd[85552]: eth2: STA de:ad:be:ef:6c:12 MLME: MLME-DELETEKEYS.request(de:ad:be:ef:6c:12)