Reauth Period
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Test Reauth Period In 802.1X Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18r+lhrVgpjfgpSI9q02xzLJ23cRPVJP80SEbGuzoQVAz7v9NuGKGeKcCLUA0/AIVKXWcMrho0X1w== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.211 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.211/0.211/0.211/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX1+KdwQtnW+3tZuaxAdnfUhWHHOpQPjGnYY= set interfaces ethernet eth2 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authenticatedShow output
Feb 19 07:49:37.306760 osdx hostapd[49972]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Feb 19 07:49:37.306776 osdx hostapd[49972]: eth2: RADIUS Authentication server 10.215.168.1:1812 Feb 19 07:49:37.307084 osdx hostapd[49972]: connect[radius]: Network is unreachable Feb 19 07:49:37.306817 osdx hostapd[49972]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Feb 19 07:49:37.306820 osdx hostapd[49972]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Feb 19 07:49:37.322617 osdx hostapd[49972]: Discovery mode enabled on eth2 Feb 19 07:49:37.322678 osdx hostapd[49972]: eth2: interface state UNINITIALIZED->ENABLED Feb 19 07:49:37.322678 osdx hostapd[49972]: eth2: AP-ENABLED Feb 19 07:49:37.322618 osdx hostapd[49972]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Feb 19 07:49:38.557047 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:40.393016 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Feb 19 07:49:40.393032 osdx hostapd[49973]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Feb 19 07:49:40.414665 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Feb 19 07:49:40.414691 osdx hostapd[49973]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Feb 19 07:49:40.414703 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA Feb 19 07:49:40.414710 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Feb 19 07:49:40.414716 osdx hostapd[49973]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Feb 19 07:49:40.414732 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 204) Feb 19 07:49:40.415018 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=204 len=12) from STA: EAP Response-Identity (1) Feb 19 07:49:40.415027 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' Feb 19 07:49:40.415046 osdx hostapd[49973]: eth2: RADIUS Authentication server 10.215.168.1:1812 Feb 19 07:49:40.417111 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.417149 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.417498 osdx hostapd[49973]: eth2: RADIUS Received 80 bytes from RADIUS server Feb 19 07:49:40.417507 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.417513 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.417543 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=205 len=22) from RADIUS server: EAP-Request-MD5 (4) Feb 19 07:49:40.417554 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 205) Feb 19 07:49:40.417912 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=205 len=6) from STA: EAP Response-unknown (3) Feb 19 07:49:40.417983 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.418001 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.418244 osdx hostapd[49973]: eth2: RADIUS Received 64 bytes from RADIUS server Feb 19 07:49:40.418262 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.418268 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.418293 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=206 len=6) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:49:40.418303 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 206) Feb 19 07:49:40.418842 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=206 len=194) from STA: EAP Response-PEAP (25) Feb 19 07:49:40.418912 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.418934 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.420397 osdx hostapd[49973]: eth2: RADIUS Received 1068 bytes from RADIUS server Feb 19 07:49:40.420407 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.420413 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.420451 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=207 len=1004) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:49:40.420462 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 207) Feb 19 07:49:40.420733 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=207 len=6) from STA: EAP Response-PEAP (25) Feb 19 07:49:40.420796 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.420815 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.421003 osdx hostapd[49973]: eth2: RADIUS Received 229 bytes from RADIUS server Feb 19 07:49:40.421011 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.421017 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.421041 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=208 len=171) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:49:40.421051 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 208) Feb 19 07:49:40.422963 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=208 len=103) from STA: EAP Response-PEAP (25) Feb 19 07:49:40.423032 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.423053 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.423476 osdx hostapd[49973]: eth2: RADIUS Received 115 bytes from RADIUS server Feb 19 07:49:40.423483 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.423487 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.423509 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=209 len=57) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:49:40.423516 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 209) Feb 19 07:49:40.423838 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=209 len=6) from STA: EAP Response-PEAP (25) Feb 19 07:49:40.423909 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.423935 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.424112 osdx hostapd[49973]: eth2: RADIUS Received 98 bytes from RADIUS server Feb 19 07:49:40.424120 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.424126 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.424147 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=210 len=40) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:49:40.424156 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 210) Feb 19 07:49:40.424389 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=210 len=43) from STA: EAP Response-PEAP (25) Feb 19 07:49:40.424441 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.424456 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.424647 osdx hostapd[49973]: eth2: RADIUS Received 131 bytes from RADIUS server Feb 19 07:49:40.424654 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.424659 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.424687 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=211 len=73) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:49:40.424696 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 211) Feb 19 07:49:40.425051 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=211 len=97) from STA: EAP Response-PEAP (25) Feb 19 07:49:40.425121 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.425144 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.425385 osdx hostapd[49973]: eth2: RADIUS Received 140 bytes from RADIUS server Feb 19 07:49:40.425392 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.425398 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.425421 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=212 len=82) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:49:40.425430 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 212) Feb 19 07:49:40.425684 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=212 len=37) from STA: EAP Response-PEAP (25) Feb 19 07:49:40.425745 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.425762 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.425948 osdx hostapd[49973]: eth2: RADIUS Received 104 bytes from RADIUS server Feb 19 07:49:40.425955 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.425960 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.425981 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=213 len=46) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:49:40.425989 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 213) Feb 19 07:49:40.426225 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=213 len=46) from STA: EAP Response-PEAP (25) Feb 19 07:49:40.426286 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:49:40.426303 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:49:40.426541 osdx hostapd[49973]: eth2: RADIUS Received 175 bytes from RADIUS server Feb 19 07:49:40.426548 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:49:40.426552 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:49:40.426578 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Feb 19 07:49:40.426582 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=213 len=4) from RADIUS server: EAP Success Feb 19 07:49:40.426613 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 213) Feb 19 07:49:40.426635 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Feb 19 07:49:40.426640 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 498C254056EF170C Feb 19 07:49:40.426645 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Feb 19 07:49:40.959510 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:43.061314 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:45.124810 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:47.198925 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:49.284703 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:51.375573 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:53.459376 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:55.536306 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:57.620716 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:49:59.695982 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:00.432653 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Feb 19 07:50:00.432666 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Starting re-authentication (port will be unauthorized until authentication succeeds) Feb 19 07:50:00.432672 osdx hostapd[49973]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Feb 19 07:50:00.432715 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 105) Feb 19 07:50:00.433113 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=105 len=12) from STA: EAP Response-Identity (1) Feb 19 07:50:00.433128 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' Feb 19 07:50:00.433209 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.433247 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.433495 osdx hostapd[49973]: eth2: RADIUS Received 80 bytes from RADIUS server Feb 19 07:50:00.433501 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.433506 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.433527 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=106 len=22) from RADIUS server: EAP-Request-MD5 (4) Feb 19 07:50:00.433534 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 106) Feb 19 07:50:00.433771 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=106 len=6) from STA: EAP Response-unknown (3) Feb 19 07:50:00.433828 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.433845 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.434003 osdx hostapd[49973]: eth2: RADIUS Received 64 bytes from RADIUS server Feb 19 07:50:00.434009 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.434013 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.434030 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=107 len=6) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:50:00.434037 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 107) Feb 19 07:50:00.434297 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=107 len=194) from STA: EAP Response-PEAP (25) Feb 19 07:50:00.434335 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.434352 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.435649 osdx hostapd[49973]: eth2: RADIUS Received 1068 bytes from RADIUS server Feb 19 07:50:00.435660 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.435667 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.435709 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=108 len=1004) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:50:00.435721 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 108) Feb 19 07:50:00.435987 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=108 len=6) from STA: EAP Response-PEAP (25) Feb 19 07:50:00.436047 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.436062 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.436226 osdx hostapd[49973]: eth2: RADIUS Received 229 bytes from RADIUS server Feb 19 07:50:00.436234 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.436240 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.436263 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=109 len=171) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:50:00.436272 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 109) Feb 19 07:50:00.438277 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=109 len=103) from STA: EAP Response-PEAP (25) Feb 19 07:50:00.438333 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.438346 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.438871 osdx hostapd[49973]: eth2: RADIUS Received 115 bytes from RADIUS server Feb 19 07:50:00.438882 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.438888 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.438918 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=110 len=57) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:50:00.438930 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 110) Feb 19 07:50:00.439291 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=110 len=6) from STA: EAP Response-PEAP (25) Feb 19 07:50:00.439342 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.439363 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.439598 osdx hostapd[49973]: eth2: RADIUS Received 98 bytes from RADIUS server Feb 19 07:50:00.439605 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.439610 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.439644 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=111 len=40) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:50:00.439653 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 111) Feb 19 07:50:00.439918 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=111 len=43) from STA: EAP Response-PEAP (25) Feb 19 07:50:00.439987 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.440008 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.440249 osdx hostapd[49973]: eth2: RADIUS Received 131 bytes from RADIUS server Feb 19 07:50:00.440257 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.440262 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.440292 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=112 len=73) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:50:00.440302 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 112) Feb 19 07:50:00.440651 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=112 len=97) from STA: EAP Response-PEAP (25) Feb 19 07:50:00.440713 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.440726 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.440976 osdx hostapd[49973]: eth2: RADIUS Received 140 bytes from RADIUS server Feb 19 07:50:00.440984 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.440989 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.441006 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=113 len=82) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:50:00.441013 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 113) Feb 19 07:50:00.441238 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=113 len=37) from STA: EAP Response-PEAP (25) Feb 19 07:50:00.441288 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.441302 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.441513 osdx hostapd[49973]: eth2: RADIUS Received 104 bytes from RADIUS server Feb 19 07:50:00.441521 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.441527 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.441551 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=114 len=46) from RADIUS server: EAP-Request-PEAP (25) Feb 19 07:50:00.441567 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 114) Feb 19 07:50:00.441839 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=114 len=46) from STA: EAP Response-PEAP (25) Feb 19 07:50:00.441889 osdx hostapd[49973]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:00.441905 osdx hostapd[49973]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:00.442148 osdx hostapd[49973]: eth2: RADIUS Received 175 bytes from RADIUS server Feb 19 07:50:00.442161 osdx hostapd[49973]: eth2: RADIUS Received RADIUS message Feb 19 07:50:00.442167 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:00.442194 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Feb 19 07:50:00.442198 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=114 len=4) from RADIUS server: EAP Success Feb 19 07:50:00.442214 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 114) Feb 19 07:50:00.442227 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Feb 19 07:50:00.442232 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 498C254056EF170C Feb 19 07:50:00.442237 osdx hostapd[49973]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Reauth Period In MAB Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-MAB set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1+fJsa1IvBC5ZsffiiyrKWIvINi/JTC8rEqsYw7pNW1AjVOv5dVnmHfRCMj2BtqfyPXUjDrRHek0Q== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.317 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.317/0.317/0.317/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
Feb 19 07:50:08.383734 osdx hostapd[50568]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Feb 19 07:50:08.383748 osdx hostapd[50568]: eth2: RADIUS Authentication server 10.215.168.1:1812 Feb 19 07:50:08.383957 osdx hostapd[50568]: connect[radius]: Network is unreachable Feb 19 07:50:08.383787 osdx hostapd[50568]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-only, eap_server=0, eap_quiet_period=60, eap_max_retrans=5 Feb 19 07:50:08.383791 osdx hostapd[50568]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Feb 19 07:50:08.399607 osdx hostapd[50568]: Discovery mode enabled on eth2 Feb 19 07:50:08.399675 osdx hostapd[50568]: eth2: interface state UNINITIALIZED->ENABLED Feb 19 07:50:08.399675 osdx hostapd[50568]: eth2: AP-ENABLED Feb 19 07:50:11.636312 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:13.401667 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Feb 19 07:50:13.401716 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Feb 19 07:50:13.401726 osdx hostapd[50569]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Feb 19 07:50:13.419671 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB-only mode: Starting MAB authentication Feb 19 07:50:13.419707 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Feb 19 07:50:13.419725 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Feb 19 07:50:13.422076 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Feb 19 07:50:13.422092 osdx hostapd[50569]: eth2: RADIUS Authentication server 10.215.168.1:1812 Feb 19 07:50:13.422176 osdx hostapd[50569]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:13.422211 osdx hostapd[50569]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:13.422487 osdx hostapd[50569]: eth2: RADIUS Received 20 bytes from RADIUS server Feb 19 07:50:13.422493 osdx hostapd[50569]: eth2: RADIUS Received RADIUS message Feb 19 07:50:13.422498 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:13.422503 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Feb 19 07:50:13.422520 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' Feb 19 07:50:13.422523 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Feb 19 07:50:13.422527 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Feb 19 07:50:13.422530 osdx hostapd[50569]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Feb 19 07:50:13.422551 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Feb 19 07:50:13.422555 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session C97F25EF08CA05EE
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Feb 19 07:50:16.073394 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:19.985273 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:23.214333 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:26.495525 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:29.674527 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:32.844269 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:33.437599 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Feb 19 07:50:33.437614 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Feb 19 07:50:33.437663 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Feb 19 07:50:33.437690 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Feb 19 07:50:33.437710 osdx hostapd[50569]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:50:33.437743 osdx hostapd[50569]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:50:33.438013 osdx hostapd[50569]: eth2: RADIUS Received 20 bytes from RADIUS server Feb 19 07:50:33.438018 osdx hostapd[50569]: eth2: RADIUS Received RADIUS message Feb 19 07:50:33.438021 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:50:33.438024 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Feb 19 07:50:33.438042 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Feb 19 07:50:33.438045 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Feb 19 07:50:33.438047 osdx hostapd[50569]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Feb 19 07:50:33.438051 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Feb 19 07:50:33.438054 osdx hostapd[50569]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session C97F25EF08CA05EE
Test Reauth Period In MAB-Fallback Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x-MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode 802.1x-MAB set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18y0IC2+I6MXtH2e/9xz3TUB4lg3jWEyJq/r819TgNEFkS/Co2P6A+LSD3Sarol9PiBWuUGqnqFPQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.190 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.190/0.190/0.190/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
Feb 19 07:50:46.504533 osdx hostapd[51143]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Feb 19 07:50:46.504543 osdx hostapd[51143]: eth2: RADIUS Authentication server 10.215.168.1:1812 Feb 19 07:50:46.504744 osdx hostapd[51143]: connect[radius]: Network is unreachable Feb 19 07:50:46.504578 osdx hostapd[51143]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X+MAB-fallback, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 Feb 19 07:50:46.504581 osdx hostapd[51143]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Feb 19 07:50:46.524432 osdx hostapd[51143]: Discovery mode enabled on eth2 Feb 19 07:50:46.524434 osdx hostapd[51143]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Feb 19 07:50:46.524535 osdx hostapd[51143]: eth2: interface state UNINITIALIZED->ENABLED Feb 19 07:50:46.524535 osdx hostapd[51143]: eth2: AP-ENABLED Feb 19 07:50:50.484076 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:51.527453 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Feb 19 07:50:51.527487 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Feb 19 07:50:51.527495 osdx hostapd[51144]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Feb 19 07:50:51.548486 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Feb 19 07:50:51.548526 osdx hostapd[51144]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Feb 19 07:50:51.548531 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB fallback mode: Scheduling MAB trigger in 30 seconds if no 802.1X response Feb 19 07:50:51.548534 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response Feb 19 07:50:51.548555 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Feb 19 07:50:51.548562 osdx hostapd[51144]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Feb 19 07:50:51.548590 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 114) Feb 19 07:50:54.551451 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 114) Feb 19 07:50:54.710347 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:50:58.898190 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:00.556474 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 114) Feb 19 07:51:03.082462 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:07.319243 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:11.518320 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:12.567497 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: aborting authentication Feb 19 07:51:12.567508 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: EAP max retrans reached, triggering MAB fallback immediately Feb 19 07:51:12.567513 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Feb 19 07:51:12.567548 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Feb 19 07:51:12.569714 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Feb 19 07:51:12.569730 osdx hostapd[51144]: eth2: RADIUS Authentication server 10.215.168.1:1812 Feb 19 07:51:12.569812 osdx hostapd[51144]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:51:12.569844 osdx hostapd[51144]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:51:12.569865 osdx hostapd[51144]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Feb 19 07:51:12.569881 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 164) Feb 19 07:51:12.570115 osdx hostapd[51144]: eth2: RADIUS Received 20 bytes from RADIUS server Feb 19 07:51:12.570121 osdx hostapd[51144]: eth2: RADIUS Received RADIUS message Feb 19 07:51:12.570125 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:51:12.570129 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Feb 19 07:51:12.570147 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' Feb 19 07:51:12.570150 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Feb 19 07:51:12.570153 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Feb 19 07:51:12.570157 osdx hostapd[51144]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Feb 19 07:51:12.570166 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Feb 19 07:51:12.570170 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session DD12BC90C65826F1
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Feb 19 07:51:16.034182 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:19.187077 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:22.416615 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:25.612704 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:28.803774 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:31.981599 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:32.587427 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Feb 19 07:51:32.587443 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB fallback: Scheduling MAB trigger in 30 seconds if no 802.1X response Feb 19 07:51:32.587453 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response Feb 19 07:51:32.587478 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Feb 19 07:51:32.587482 osdx hostapd[51144]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Feb 19 07:51:32.587496 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 194) Feb 19 07:51:35.590448 osdx hostapd[51144]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 194)
Test Reauth Period In MAB-First Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB-802.1X authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode MAB-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX19zuooqkZc+f0HPHKFGaUQwQgKqjj/GPQGyu/iwr/O0HXToRXOCNYXrMrCGetMLkLUSHg0Hx5PGRQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.212 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.212/0.212/0.212/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
Feb 19 07:51:44.386313 osdx hostapd[51751]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Feb 19 07:51:44.386332 osdx hostapd[51751]: eth2: RADIUS Authentication server 10.215.168.1:1812 Feb 19 07:51:44.386650 osdx hostapd[51751]: connect[radius]: Network is unreachable Feb 19 07:51:44.386382 osdx hostapd[51751]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-first, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 Feb 19 07:51:44.386387 osdx hostapd[51751]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Feb 19 07:51:44.406103 osdx hostapd[51751]: Discovery mode enabled on eth2 Feb 19 07:51:44.406175 osdx hostapd[51751]: eth2: interface state UNINITIALIZED->ENABLED Feb 19 07:51:44.406175 osdx hostapd[51751]: eth2: AP-ENABLED Feb 19 07:51:44.406104 osdx hostapd[51751]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Feb 19 07:51:48.110327 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:49.409155 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Feb 19 07:51:49.409189 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Feb 19 07:51:49.409196 osdx hostapd[51752]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Feb 19 07:51:49.430164 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB-first mode: Starting MAB authentication Feb 19 07:51:49.430198 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Feb 19 07:51:49.430217 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Feb 19 07:51:49.432571 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Feb 19 07:51:49.432585 osdx hostapd[51752]: eth2: RADIUS Authentication server 10.215.168.1:1812 Feb 19 07:51:49.432671 osdx hostapd[51752]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:51:49.432705 osdx hostapd[51752]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:51:49.432758 osdx hostapd[51752]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame Feb 19 07:51:49.432823 osdx hostapd[51752]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds Feb 19 07:51:49.432974 osdx hostapd[51752]: eth2: RADIUS Received 20 bytes from RADIUS server Feb 19 07:51:49.432980 osdx hostapd[51752]: eth2: RADIUS Received RADIUS message Feb 19 07:51:49.432986 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:51:49.432991 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Feb 19 07:51:49.433010 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' Feb 19 07:51:49.433014 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Feb 19 07:51:49.433017 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Feb 19 07:51:49.433020 osdx hostapd[51752]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Feb 19 07:51:49.433035 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Feb 19 07:51:49.433039 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 916BB22FB331BD22
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Feb 19 07:51:52.616474 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:55.778847 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:51:58.961767 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:52:02.138641 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:52:05.326968 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:52:08.527417 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Feb 19 07:52:09.433181 osdx hostapd[51752]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame Feb 19 07:52:09.433212 osdx hostapd[51752]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds Feb 19 07:52:09.447160 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Feb 19 07:52:09.447170 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Feb 19 07:52:09.447194 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Feb 19 07:52:09.447229 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Feb 19 07:52:09.447253 osdx hostapd[51752]: eth2: RADIUS Sending RADIUS message to authentication server Feb 19 07:52:09.447283 osdx hostapd[51752]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Feb 19 07:52:09.447522 osdx hostapd[51752]: eth2: RADIUS Received 20 bytes from RADIUS server Feb 19 07:52:09.447527 osdx hostapd[51752]: eth2: RADIUS Received RADIUS message Feb 19 07:52:09.447530 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Feb 19 07:52:09.447534 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Feb 19 07:52:09.447554 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Feb 19 07:52:09.447557 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Feb 19 07:52:09.447559 osdx hostapd[51752]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Feb 19 07:52:09.447562 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Feb 19 07:52:09.447565 osdx hostapd[51752]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 916BB22FB331BD22