Only 802.1X
This scenario shows how to configure the only-802.1x
authentication mode.
Test Successful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses the correct username and password.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18rqzEv4dqQDKVc+it94FwRhswOn84SMW08q5MvUCwQ4psztZyHJcA7Vj6nsnWiNdk/zbuVctxtWQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.288 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.288/0.288/0.288/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX1+uJjylFuj6rUE9W+dZk+2A1jBL7IZ9K/o= set interfaces ethernet eth2 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command interfaces ethernet eth2 supplicant show status at DUT1 and check if output contains the following tokens:
AuthorizedShow output
--------------------------------------------------- Field Value --------------------------------------------------- EAP State SUCCESS EAP TLS Cipher ECDHE-RSA-AES256-GCM-SHA384 EAP TLS Version TLSv1.2 PAE State AUTHENTICATED Supplicant Port Status Authorized WPA State COMPLETED
Step 5: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+AuthorizedShow output
------------------------------- Field Value ------------------------------- EAPoL Frames (Rx) 11 EAPoL Frames (Tx) 11 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Authorized Req Frames (Rx) 9 Req ID Frames (Rx) 1 Resp Frames (Tx) 10 Start Frames (Tx) 1
Step 6: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
Authentication Successes\s+1 Authentication Mode\s+802\.1XShow output
--------------------------------------------- Field Value --------------------------------------------- Access Challenges 9 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode 802.1X Authentication Status Authorized (802.1X) Authentication Successes 1 EAPoL frames (Rx) 11 EAPoL frames (Tx) 11 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name testing
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.397 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.397/0.397/0.397/0.000 ms
Step 8: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authenticated - EAP type: 25 (PEAP)Show output
Jan 27 14:58:58.230751 osdx hostapd[587779]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Jan 27 14:58:58.231089 osdx hostapd[587779]: connect[radius]: Network is unreachable Jan 27 14:58:58.230765 osdx hostapd[587779]: eth2: RADIUS Authentication server 10.215.168.1:1812 Jan 27 14:58:58.230803 osdx hostapd[587779]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Jan 27 14:58:58.230806 osdx hostapd[587779]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jan 27 14:58:58.258598 osdx hostapd[587779]: Discovery mode enabled on eth2 Jan 27 14:58:58.258706 osdx hostapd[587779]: eth2: interface state UNINITIALIZED->ENABLED Jan 27 14:58:58.258706 osdx hostapd[587779]: eth2: AP-ENABLED Jan 27 14:59:01.431722 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Jan 27 14:59:01.431733 osdx hostapd[587780]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jan 27 14:59:01.450654 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Jan 27 14:59:01.450696 osdx hostapd[587780]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Jan 27 14:59:01.450715 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA Jan 27 14:59:01.450730 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Jan 27 14:59:01.450739 osdx hostapd[587780]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jan 27 14:59:01.450762 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 78) Jan 27 14:59:01.451229 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=78 len=12) from STA: EAP Response-Identity (1) Jan 27 14:59:01.451242 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' Jan 27 14:59:01.451270 osdx hostapd[587780]: eth2: RADIUS Authentication server 10.215.168.1:1812 Jan 27 14:59:01.454116 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.454160 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.454533 osdx hostapd[587780]: eth2: RADIUS Received 80 bytes from RADIUS server Jan 27 14:59:01.454540 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.454546 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.454576 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=79 len=22) from RADIUS server: EAP-Request-MD5 (4) Jan 27 14:59:01.454599 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 79) Jan 27 14:59:01.454909 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=79 len=6) from STA: EAP Response-unknown (3) Jan 27 14:59:01.454996 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.455014 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.455229 osdx hostapd[587780]: eth2: RADIUS Received 64 bytes from RADIUS server Jan 27 14:59:01.455236 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.455240 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.455273 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=80 len=6) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:01.455282 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 80) Jan 27 14:59:01.455702 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=80 len=194) from STA: EAP Response-PEAP (25) Jan 27 14:59:01.455757 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.455772 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.456803 osdx hostapd[587780]: eth2: RADIUS Received 1068 bytes from RADIUS server Jan 27 14:59:01.456809 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.456813 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.456836 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=81 len=1004) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:01.456844 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 81) Jan 27 14:59:01.457032 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=81 len=6) from STA: EAP Response-PEAP (25) Jan 27 14:59:01.457081 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.457093 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.457220 osdx hostapd[587780]: eth2: RADIUS Received 229 bytes from RADIUS server Jan 27 14:59:01.457225 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.457229 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.457250 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=82 len=171) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:01.457257 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 82) Jan 27 14:59:01.458647 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=82 len=103) from STA: EAP Response-PEAP (25) Jan 27 14:59:01.458695 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.458718 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.459043 osdx hostapd[587780]: eth2: RADIUS Received 115 bytes from RADIUS server Jan 27 14:59:01.459049 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.459053 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.459070 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=83 len=57) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:01.459086 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 83) Jan 27 14:59:01.459330 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=83 len=6) from STA: EAP Response-PEAP (25) Jan 27 14:59:01.459390 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.459405 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.459566 osdx hostapd[587780]: eth2: RADIUS Received 98 bytes from RADIUS server Jan 27 14:59:01.459571 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.459575 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.459596 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=84 len=40) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:01.459608 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 84) Jan 27 14:59:01.459770 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=84 len=43) from STA: EAP Response-PEAP (25) Jan 27 14:59:01.459807 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.459818 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.459973 osdx hostapd[587780]: eth2: RADIUS Received 131 bytes from RADIUS server Jan 27 14:59:01.459979 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.459982 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.459997 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=85 len=73) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:01.460009 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 85) Jan 27 14:59:01.460239 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=85 len=97) from STA: EAP Response-PEAP (25) Jan 27 14:59:01.460297 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.460312 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.460508 osdx hostapd[587780]: eth2: RADIUS Received 140 bytes from RADIUS server Jan 27 14:59:01.460513 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.460517 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.460546 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=86 len=82) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:01.460554 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 86) Jan 27 14:59:01.460743 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=86 len=37) from STA: EAP Response-PEAP (25) Jan 27 14:59:01.460789 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.460800 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.460944 osdx hostapd[587780]: eth2: RADIUS Received 104 bytes from RADIUS server Jan 27 14:59:01.460948 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.460951 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.460975 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=87 len=46) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:01.460986 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 87) Jan 27 14:59:01.461161 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=87 len=46) from STA: EAP Response-PEAP (25) Jan 27 14:59:01.461201 osdx hostapd[587780]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:01.461234 osdx hostapd[587780]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:01.461421 osdx hostapd[587780]: eth2: RADIUS Received 175 bytes from RADIUS server Jan 27 14:59:01.461426 osdx hostapd[587780]: eth2: RADIUS Received RADIUS message Jan 27 14:59:01.461430 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:01.461457 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Jan 27 14:59:01.461461 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=87 len=4) from RADIUS server: EAP Success Jan 27 14:59:01.461669 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 87) Jan 27 14:59:01.461690 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Jan 27 14:59:01.461693 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session D850E7EDCB023267 Jan 27 14:59:01.461696 osdx hostapd[587780]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Unsuccessful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses an incorrect username.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1978smAGW644MIkkQbwDQybQVZanwL8k8I0q7po6/PhDgR4UM7FtpTtlHMG0putfUXhvbdtYYuXoQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.226 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.226/0.226/0.226/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX1/jDo3ZAlH4Hv+xK+bExm3jL50eXc4oPm8= set interfaces ethernet eth2 supplicant username wrong set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 0 EAPoL Frames (Tx) 0 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 0 Req ID Frames (Rx) 0 Resp Frames (Tx) 0 Start Frames (Tx) 0
Step 5: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 9 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 6: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 10 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 7: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
Authentication Failures\s+[1-9]\d?Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 8 Authentication Backend RADIUS Authentication Failures 1 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 10 EAPoL frames (Tx) 10 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 8: Expect a failure in the following command:
Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
Step 9: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)Show output
Jan 27 14:59:09.359695 osdx hostapd[588286]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Jan 27 14:59:09.359714 osdx hostapd[588286]: eth2: RADIUS Authentication server 10.215.168.1:1812 Jan 27 14:59:09.359939 osdx hostapd[588286]: connect[radius]: Network is unreachable Jan 27 14:59:09.359759 osdx hostapd[588286]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Jan 27 14:59:09.359763 osdx hostapd[588286]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jan 27 14:59:09.395554 osdx hostapd[588286]: Discovery mode enabled on eth2 Jan 27 14:59:09.395622 osdx hostapd[588286]: eth2: interface state UNINITIALIZED->ENABLED Jan 27 14:59:09.395622 osdx hostapd[588286]: eth2: AP-ENABLED Jan 27 14:59:12.667781 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Jan 27 14:59:12.667795 osdx hostapd[588287]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jan 27 14:59:12.691619 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Jan 27 14:59:12.691646 osdx hostapd[588287]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Jan 27 14:59:12.691660 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA Jan 27 14:59:12.691672 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Jan 27 14:59:12.691680 osdx hostapd[588287]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jan 27 14:59:12.691700 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 130) Jan 27 14:59:12.692044 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=130 len=10) from STA: EAP Response-Identity (1) Jan 27 14:59:12.692057 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'wrong' Jan 27 14:59:12.692077 osdx hostapd[588287]: eth2: RADIUS Authentication server 10.215.168.1:1812 Jan 27 14:59:12.693810 osdx hostapd[588287]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:12.693836 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:12.694087 osdx hostapd[588287]: eth2: RADIUS Received 80 bytes from RADIUS server Jan 27 14:59:12.694093 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:12.694097 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:12.694116 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=131 len=22) from RADIUS server: EAP-Request-MD5 (4) Jan 27 14:59:12.694122 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 131) Jan 27 14:59:12.694342 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=131 len=6) from STA: EAP Response-unknown (3) Jan 27 14:59:12.694389 osdx hostapd[588287]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:12.694402 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:12.694577 osdx hostapd[588287]: eth2: RADIUS Received 64 bytes from RADIUS server Jan 27 14:59:12.694582 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:12.694585 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:12.694600 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=132 len=6) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:12.694605 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 132) Jan 27 14:59:12.694932 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=132 len=194) from STA: EAP Response-PEAP (25) Jan 27 14:59:12.694976 osdx hostapd[588287]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:12.694989 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:12.695956 osdx hostapd[588287]: eth2: RADIUS Received 1068 bytes from RADIUS server Jan 27 14:59:12.695963 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:12.695966 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:12.695989 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=133 len=1004) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:12.695996 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 133) Jan 27 14:59:12.696178 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=133 len=6) from STA: EAP Response-PEAP (25) Jan 27 14:59:12.696218 osdx hostapd[588287]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:12.696232 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:12.696527 osdx hostapd[588287]: eth2: RADIUS Received 229 bytes from RADIUS server Jan 27 14:59:12.696539 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:12.696544 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:12.696571 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=134 len=171) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:12.696580 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 134) Jan 27 14:59:12.697971 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=134 len=103) from STA: EAP Response-PEAP (25) Jan 27 14:59:12.698016 osdx hostapd[588287]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:12.698028 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:12.698337 osdx hostapd[588287]: eth2: RADIUS Received 115 bytes from RADIUS server Jan 27 14:59:12.698343 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:12.698346 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:12.698363 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=135 len=57) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:12.698368 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 135) Jan 27 14:59:12.698628 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=135 len=6) from STA: EAP Response-PEAP (25) Jan 27 14:59:12.698662 osdx hostapd[588287]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:12.698679 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:12.698805 osdx hostapd[588287]: eth2: RADIUS Received 98 bytes from RADIUS server Jan 27 14:59:12.698810 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:12.698813 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:12.698825 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=136 len=40) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:12.698830 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 136) Jan 27 14:59:12.698989 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=136 len=41) from STA: EAP Response-PEAP (25) Jan 27 14:59:12.699022 osdx hostapd[588287]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:12.699033 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:12.699230 osdx hostapd[588287]: eth2: RADIUS Received 131 bytes from RADIUS server Jan 27 14:59:12.699236 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:12.699239 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:12.699255 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=137 len=73) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:12.699262 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 137) Jan 27 14:59:12.699505 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=137 len=95) from STA: EAP Response-PEAP (25) Jan 27 14:59:12.699548 osdx hostapd[588287]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:12.699560 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:12.699767 osdx hostapd[588287]: eth2: RADIUS Received 104 bytes from RADIUS server Jan 27 14:59:12.699773 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:12.699776 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:12.699794 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=138 len=46) from RADIUS server: EAP-Request-PEAP (25) Jan 27 14:59:12.699801 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 138) Jan 27 14:59:12.699929 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=138 len=46) from STA: EAP Response-PEAP (25) Jan 27 14:59:12.699965 osdx hostapd[588287]: eth2: RADIUS Sending RADIUS message to authentication server Jan 27 14:59:12.699977 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Jan 27 14:59:13.700082 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Resending RADIUS message (id=8) Jan 27 14:59:13.700123 osdx hostapd[588287]: eth2: RADIUS Next RADIUS client retransmit in 2 seconds Jan 27 14:59:13.700299 osdx hostapd[588287]: eth2: RADIUS Received 44 bytes from RADIUS server Jan 27 14:59:13.700304 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:13.700309 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Jan 27 14:59:13.700360 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=4 id=138 len=4) from RADIUS server: EAP Failure Jan 27 14:59:13.700390 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 138) Jan 27 14:59:13.700405 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Jan 27 14:59:13.700410 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authentication failed - EAP type: 25 (PEAP) Jan 27 14:59:13.700414 osdx hostapd[588287]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Authentication failed, enforcing quiet period (60 seconds) Jan 27 14:59:13.700419 osdx hostapd[588287]: eth2: RADIUS Received 44 bytes from RADIUS server Jan 27 14:59:13.700422 osdx hostapd[588287]: eth2: RADIUS Received RADIUS message Jan 27 14:59:13.700426 osdx hostapd[588287]: eth2: RADIUS No matching RADIUS request found (type=0 id=8) - dropping packet
Test Unsupported 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 does not support 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1+anfI+cooq58WWVPYmOVvVqxs2ooK1qk9ST37w4FUNnc1ZgtqlkcnbI+c8LvX6iyXD/t2aC3twnw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.261 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.261/0.261/0.261/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 2 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 5: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 6: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 7: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: EAP authentication timeoutShow output
Jan 27 14:59:23.253110 osdx hostapd[588792]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Jan 27 14:59:23.253129 osdx hostapd[588792]: eth2: RADIUS Authentication server 10.215.168.1:1812 Jan 27 14:59:23.253331 osdx hostapd[588792]: connect[radius]: Network is unreachable Jan 27 14:59:23.253175 osdx hostapd[588792]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Jan 27 14:59:23.253179 osdx hostapd[588792]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Jan 27 14:59:23.272982 osdx hostapd[588792]: Discovery mode enabled on eth2 Jan 27 14:59:23.273075 osdx hostapd[588792]: eth2: interface state UNINITIALIZED->ENABLED Jan 27 14:59:23.273097 osdx hostapd[588792]: eth2: AP-ENABLED Jan 27 14:59:28.273661 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Jan 27 14:59:28.273730 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Jan 27 14:59:28.273745 osdx hostapd[588793]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Jan 27 14:59:28.297111 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Jan 27 14:59:28.297169 osdx hostapd[588793]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Jan 27 14:59:28.297198 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Jan 27 14:59:28.297215 osdx hostapd[588793]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Jan 27 14:59:28.297273 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 206) Jan 27 14:59:31.299966 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 206) Jan 27 14:59:36.019409 osdx OSDxCLI[421648]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jan 27 14:59:37.303970 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 206) Jan 27 14:59:44.349713 osdx OSDxCLI[421648]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Jan 27 14:59:49.313988 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: aborting authentication Jan 27 14:59:49.314004 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: EAP authentication timeout - enforcing 60 second quiet period before retrying Jan 27 14:59:49.314018 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 MLME: MLME-DEAUTHENTICATE.indication(de:ad:be:ef:6c:12, 2) Jan 27 14:59:49.314022 osdx hostapd[588793]: eth2: STA de:ad:be:ef:6c:12 MLME: MLME-DELETEKEYS.request(de:ad:be:ef:6c:12)