Reauth Period
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Test Reauth Period In 802.1X Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX197fwo5M/UEIlZSxqD4Oar5DHfs5Me/jVoNGvuUnmgJhYdYoDZZUB7J/W//2QOebVtMhsTuf/K9yQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.245 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.245/0.245/0.245/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX1/qqwAp34q/D0GxCdw/Cp21gtatywJ/tHk= set interfaces ethernet eth2 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authenticatedShow output
Mar 23 14:56:06.253575 osdx hostapd[821458]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Mar 23 14:56:06.253589 osdx hostapd[821458]: eth2: RADIUS Authentication server 10.215.168.1:1812 Mar 23 14:56:06.253806 osdx hostapd[821458]: connect[radius]: Network is unreachable Mar 23 14:56:06.253626 osdx hostapd[821458]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Mar 23 14:56:06.253629 osdx hostapd[821458]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Mar 23 14:56:06.269482 osdx hostapd[821458]: Discovery mode enabled on eth2 Mar 23 14:56:06.269536 osdx hostapd[821458]: eth2: interface state UNINITIALIZED->ENABLED Mar 23 14:56:06.269481 osdx hostapd[821458]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Mar 23 14:56:06.269576 osdx hostapd[821458]: eth2: AP-ENABLED Mar 23 14:56:07.552588 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:09.378858 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Mar 23 14:56:09.378889 osdx hostapd[821459]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Mar 23 14:56:09.393605 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Mar 23 14:56:09.393673 osdx hostapd[821459]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Mar 23 14:56:09.393707 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA Mar 23 14:56:09.393726 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Mar 23 14:56:09.393746 osdx hostapd[821459]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Mar 23 14:56:09.393825 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 41) Mar 23 14:56:09.394632 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=41 len=12) from STA: EAP Response-Identity (1) Mar 23 14:56:09.394663 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' Mar 23 14:56:09.394756 osdx hostapd[821459]: eth2: RADIUS Authentication server 10.215.168.1:1812 Mar 23 14:56:09.399378 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.399439 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.400256 osdx hostapd[821459]: eth2: RADIUS Received 80 bytes from RADIUS server Mar 23 14:56:09.400276 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.400285 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.400374 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=42 len=22) from RADIUS server: EAP-Request-MD5 (4) Mar 23 14:56:09.400393 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 42) Mar 23 14:56:09.401133 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=42 len=6) from STA: EAP Response-unknown (3) Mar 23 14:56:09.401323 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.401388 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.401905 osdx hostapd[821459]: eth2: RADIUS Received 64 bytes from RADIUS server Mar 23 14:56:09.401923 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.401935 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.401982 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=43 len=6) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:09.402002 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 43) Mar 23 14:56:09.403010 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=43 len=194) from STA: EAP Response-PEAP (25) Mar 23 14:56:09.403143 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.403206 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.406549 osdx hostapd[821459]: eth2: RADIUS Received 1068 bytes from RADIUS server Mar 23 14:56:09.406564 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.406573 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.406641 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=44 len=1004) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:09.406661 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 44) Mar 23 14:56:09.407300 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=44 len=6) from STA: EAP Response-PEAP (25) Mar 23 14:56:09.407428 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.407468 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.407926 osdx hostapd[821459]: eth2: RADIUS Received 229 bytes from RADIUS server Mar 23 14:56:09.407949 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.407962 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.408030 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=45 len=171) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:09.408066 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 45) Mar 23 14:56:09.411670 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=45 len=103) from STA: EAP Response-PEAP (25) Mar 23 14:56:09.411855 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.411903 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.412798 osdx hostapd[821459]: eth2: RADIUS Received 115 bytes from RADIUS server Mar 23 14:56:09.412823 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.412840 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.412886 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=46 len=57) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:09.412905 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 46) Mar 23 14:56:09.413577 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=46 len=6) from STA: EAP Response-PEAP (25) Mar 23 14:56:09.413679 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.413714 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.414154 osdx hostapd[821459]: eth2: RADIUS Received 98 bytes from RADIUS server Mar 23 14:56:09.414181 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.414193 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.414251 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=47 len=40) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:09.414269 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 47) Mar 23 14:56:09.414850 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=47 len=43) from STA: EAP Response-PEAP (25) Mar 23 14:56:09.414982 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.415031 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.415489 osdx hostapd[821459]: eth2: RADIUS Received 131 bytes from RADIUS server Mar 23 14:56:09.415508 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.415541 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.415600 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=48 len=73) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:09.415631 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 48) Mar 23 14:56:09.416595 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=48 len=97) from STA: EAP Response-PEAP (25) Mar 23 14:56:09.416736 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.416790 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.417406 osdx hostapd[821459]: eth2: RADIUS Received 140 bytes from RADIUS server Mar 23 14:56:09.417424 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.417435 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.417550 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=49 len=82) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:09.417571 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 49) Mar 23 14:56:09.418150 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=49 len=37) from STA: EAP Response-PEAP (25) Mar 23 14:56:09.418291 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.418323 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.418845 osdx hostapd[821459]: eth2: RADIUS Received 104 bytes from RADIUS server Mar 23 14:56:09.418860 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.418869 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.418923 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=50 len=46) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:09.418938 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 50) Mar 23 14:56:09.419585 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=50 len=46) from STA: EAP Response-PEAP (25) Mar 23 14:56:09.419698 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:09.419747 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:09.420262 osdx hostapd[821459]: eth2: RADIUS Received 175 bytes from RADIUS server Mar 23 14:56:09.420277 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:09.420286 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:09.420356 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Mar 23 14:56:09.420367 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=50 len=4) from RADIUS server: EAP Success Mar 23 14:56:09.420416 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 50) Mar 23 14:56:09.420458 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Mar 23 14:56:09.420466 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 854795CE7BEE07F1 Mar 23 14:56:09.420476 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Mar 23 14:56:09.870532 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:11.971524 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:14.037555 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:16.122998 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:18.222881 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:20.314010 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:22.386099 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:24.458613 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:26.538631 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:28.628462 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:29.411569 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Mar 23 14:56:29.411580 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Starting re-authentication (port will be unauthorized until authentication succeeds) Mar 23 14:56:29.411584 osdx hostapd[821459]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Mar 23 14:56:29.411621 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 0) Mar 23 14:56:29.411988 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=0 len=12) from STA: EAP Response-Identity (1) Mar 23 14:56:29.412000 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' Mar 23 14:56:29.412071 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.412106 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.412357 osdx hostapd[821459]: eth2: RADIUS Received 80 bytes from RADIUS server Mar 23 14:56:29.412362 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.412365 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.412384 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4) Mar 23 14:56:29.412390 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 1) Mar 23 14:56:29.412565 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=1 len=6) from STA: EAP Response-unknown (3) Mar 23 14:56:29.412599 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.412610 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.412786 osdx hostapd[821459]: eth2: RADIUS Received 64 bytes from RADIUS server Mar 23 14:56:29.412791 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.412794 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.412820 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:29.412826 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 2) Mar 23 14:56:29.413050 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=2 len=194) from STA: EAP Response-PEAP (25) Mar 23 14:56:29.413091 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.413103 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.414012 osdx hostapd[821459]: eth2: RADIUS Received 1068 bytes from RADIUS server Mar 23 14:56:29.414017 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.414021 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.414039 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=3 len=1004) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:29.414046 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 3) Mar 23 14:56:29.414168 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=3 len=6) from STA: EAP Response-PEAP (25) Mar 23 14:56:29.414203 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.414214 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.414298 osdx hostapd[821459]: eth2: RADIUS Received 229 bytes from RADIUS server Mar 23 14:56:29.414302 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.414305 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.414322 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=4 len=171) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:29.414328 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 4) Mar 23 14:56:29.415316 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=4 len=103) from STA: EAP Response-PEAP (25) Mar 23 14:56:29.415352 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.415363 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.415688 osdx hostapd[821459]: eth2: RADIUS Received 115 bytes from RADIUS server Mar 23 14:56:29.415693 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.415696 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.415710 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=5 len=57) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:29.415715 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 5) Mar 23 14:56:29.415962 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=5 len=6) from STA: EAP Response-PEAP (25) Mar 23 14:56:29.415995 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.416005 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.416217 osdx hostapd[821459]: eth2: RADIUS Received 98 bytes from RADIUS server Mar 23 14:56:29.416223 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.416226 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.416237 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=6 len=40) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:29.416241 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 6) Mar 23 14:56:29.416430 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=6 len=43) from STA: EAP Response-PEAP (25) Mar 23 14:56:29.416477 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.416492 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.416637 osdx hostapd[821459]: eth2: RADIUS Received 131 bytes from RADIUS server Mar 23 14:56:29.416641 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.416645 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.416659 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=7 len=73) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:29.416664 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 7) Mar 23 14:56:29.416893 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=7 len=97) from STA: EAP Response-PEAP (25) Mar 23 14:56:29.416933 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.416946 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.417126 osdx hostapd[821459]: eth2: RADIUS Received 140 bytes from RADIUS server Mar 23 14:56:29.417130 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.417133 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.417145 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=8 len=82) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:29.417150 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 8) Mar 23 14:56:29.417306 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=8 len=37) from STA: EAP Response-PEAP (25) Mar 23 14:56:29.417331 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.417339 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.417478 osdx hostapd[821459]: eth2: RADIUS Received 104 bytes from RADIUS server Mar 23 14:56:29.417482 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.417484 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.417495 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=9 len=46) from RADIUS server: EAP-Request-PEAP (25) Mar 23 14:56:29.417499 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 9) Mar 23 14:56:29.417651 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=9 len=46) from STA: EAP Response-PEAP (25) Mar 23 14:56:29.417675 osdx hostapd[821459]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:29.417683 osdx hostapd[821459]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:29.417857 osdx hostapd[821459]: eth2: RADIUS Received 175 bytes from RADIUS server Mar 23 14:56:29.417861 osdx hostapd[821459]: eth2: RADIUS Received RADIUS message Mar 23 14:56:29.417864 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:29.417880 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Mar 23 14:56:29.417883 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=9 len=4) from RADIUS server: EAP Success Mar 23 14:56:29.417895 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 9) Mar 23 14:56:29.417902 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Mar 23 14:56:29.417905 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 854795CE7BEE07F1 Mar 23 14:56:29.417907 osdx hostapd[821459]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Reauth Period In MAB Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-MAB set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18Lxs0RFF3qadPxKsYEnRWApBUIV9TCsMgMbf8Q1/tdCdgMhmF5EPkyx7eeaJmZJ8QBGPaI/gOCRw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.405 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.405/0.405/0.405/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
Mar 23 14:56:38.191472 osdx hostapd[822053]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Mar 23 14:56:38.191490 osdx hostapd[822053]: eth2: RADIUS Authentication server 10.215.168.1:1812 Mar 23 14:56:38.191749 osdx hostapd[822053]: connect[radius]: Network is unreachable Mar 23 14:56:38.191533 osdx hostapd[822053]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-only, eap_server=0, eap_quiet_period=60, eap_max_retrans=5 Mar 23 14:56:38.191535 osdx hostapd[822053]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Mar 23 14:56:38.207366 osdx hostapd[822053]: Discovery mode enabled on eth2 Mar 23 14:56:38.207438 osdx hostapd[822053]: eth2: interface state UNINITIALIZED->ENABLED Mar 23 14:56:38.207438 osdx hostapd[822053]: eth2: AP-ENABLED Mar 23 14:56:41.503284 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:43.210460 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Mar 23 14:56:43.210504 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Mar 23 14:56:43.210512 osdx hostapd[822054]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Mar 23 14:56:43.227386 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB-only mode: Starting MAB authentication Mar 23 14:56:43.227419 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Mar 23 14:56:43.227434 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Mar 23 14:56:43.229099 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Mar 23 14:56:43.229109 osdx hostapd[822054]: eth2: RADIUS Authentication server 10.215.168.1:1812 Mar 23 14:56:43.229179 osdx hostapd[822054]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:56:43.229209 osdx hostapd[822054]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:56:43.229474 osdx hostapd[822054]: eth2: RADIUS Received 20 bytes from RADIUS server Mar 23 14:56:43.229479 osdx hostapd[822054]: eth2: RADIUS Received RADIUS message Mar 23 14:56:43.229482 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:56:43.229485 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Mar 23 14:56:43.229494 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' Mar 23 14:56:43.229504 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Mar 23 14:56:43.229507 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Mar 23 14:56:43.229510 osdx hostapd[822054]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Mar 23 14:56:43.229522 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Mar 23 14:56:43.229525 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 9670F6F3662FC7CA
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Mar 23 14:56:45.903236 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:49.058306 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:52.230531 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:55.385801 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:56:58.551922 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:01.714953 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:03.245446 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Mar 23 14:57:03.245466 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Mar 23 14:57:03.245533 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Mar 23 14:57:03.245572 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Mar 23 14:57:03.245601 osdx hostapd[822054]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:57:03.245649 osdx hostapd[822054]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:57:03.245999 osdx hostapd[822054]: eth2: RADIUS Received 20 bytes from RADIUS server Mar 23 14:57:03.246008 osdx hostapd[822054]: eth2: RADIUS Received RADIUS message Mar 23 14:57:03.246012 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:57:03.246016 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Mar 23 14:57:03.246048 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Mar 23 14:57:03.246052 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Mar 23 14:57:03.246054 osdx hostapd[822054]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Mar 23 14:57:03.246058 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Mar 23 14:57:03.246061 osdx hostapd[822054]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 9670F6F3662FC7CA
Test Reauth Period In MAB-Fallback Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode 802.1x-MAB set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1+h3zdcd+9h2xbO/znz56GC7H+gWnj468LJGqTKaAnGW5YurwMpZBUO0lYZpSGBkj8g+4LKt7JwDw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.283 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.283/0.283/0.283/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
Mar 23 14:57:11.205279 osdx hostapd[822630]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Mar 23 14:57:11.205293 osdx hostapd[822630]: eth2: RADIUS Authentication server 10.215.168.1:1812 Mar 23 14:57:11.205509 osdx hostapd[822630]: connect[radius]: Network is unreachable Mar 23 14:57:11.205340 osdx hostapd[822630]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X+MAB-fallback, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 Mar 23 14:57:11.205344 osdx hostapd[822630]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Mar 23 14:57:11.225166 osdx hostapd[822630]: Discovery mode enabled on eth2 Mar 23 14:57:11.225146 osdx hostapd[822630]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Mar 23 14:57:11.225229 osdx hostapd[822630]: eth2: interface state UNINITIALIZED->ENABLED Mar 23 14:57:11.225229 osdx hostapd[822630]: eth2: AP-ENABLED Mar 23 14:57:14.353774 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:16.228271 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Mar 23 14:57:16.228313 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Mar 23 14:57:16.228323 osdx hostapd[822631]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Mar 23 14:57:16.241181 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Mar 23 14:57:16.241207 osdx hostapd[822631]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Mar 23 14:57:16.241210 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB fallback mode: Scheduling MAB trigger in 30 seconds if no 802.1X response Mar 23 14:57:16.241212 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response Mar 23 14:57:16.241226 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Mar 23 14:57:16.241233 osdx hostapd[822631]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Mar 23 14:57:16.241257 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 30) Mar 23 14:57:18.546157 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:19.244258 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 30) Mar 23 14:57:22.766663 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:25.249257 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 30) Mar 23 14:57:26.947647 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:31.140772 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:35.343000 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:37.260282 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: aborting authentication Mar 23 14:57:37.260292 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: EAP max retrans reached, triggering MAB fallback immediately Mar 23 14:57:37.260298 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Mar 23 14:57:37.260338 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Mar 23 14:57:37.262692 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Mar 23 14:57:37.262707 osdx hostapd[822631]: eth2: RADIUS Authentication server 10.215.168.1:1812 Mar 23 14:57:37.262795 osdx hostapd[822631]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:57:37.262832 osdx hostapd[822631]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:57:37.262857 osdx hostapd[822631]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Mar 23 14:57:37.262873 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 47) Mar 23 14:57:37.263143 osdx hostapd[822631]: eth2: RADIUS Received 20 bytes from RADIUS server Mar 23 14:57:37.263153 osdx hostapd[822631]: eth2: RADIUS Received RADIUS message Mar 23 14:57:37.263158 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:57:37.263163 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Mar 23 14:57:37.263189 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' Mar 23 14:57:37.263204 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Mar 23 14:57:37.263208 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Mar 23 14:57:37.263211 osdx hostapd[822631]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Mar 23 14:57:37.263221 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Mar 23 14:57:37.263225 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session C0A8710E7E012AEA
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Mar 23 14:57:39.796953 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:42.948859 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:46.161880 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:49.322946 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:52.510809 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:55.677495 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:57:57.280229 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Mar 23 14:57:57.280244 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB fallback: Scheduling MAB trigger in 30 seconds if no 802.1X response Mar 23 14:57:57.280248 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response Mar 23 14:57:57.280272 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Mar 23 14:57:57.280276 osdx hostapd[822631]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Mar 23 14:57:57.280288 osdx hostapd[822631]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 181)
Test Reauth Period In MAB-First Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB/802.1X authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode MAB-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX184nHJAyww21lNVKm8U/14c34ArQBW3PJ0+J05pLlrcIlz29lCDPV8PzabMkxMoo5NQ5Y3kdtlaXQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.349 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.349/0.349/0.349/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
Mar 23 14:58:06.206749 osdx hostapd[823234]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Mar 23 14:58:06.206763 osdx hostapd[823234]: eth2: RADIUS Authentication server 10.215.168.1:1812 Mar 23 14:58:06.206956 osdx hostapd[823234]: connect[radius]: Network is unreachable Mar 23 14:58:06.206793 osdx hostapd[823234]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-first, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 Mar 23 14:58:06.206796 osdx hostapd[823234]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Mar 23 14:58:06.222623 osdx hostapd[823234]: Discovery mode enabled on eth2 Mar 23 14:58:06.222624 osdx hostapd[823234]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Mar 23 14:58:06.222700 osdx hostapd[823234]: eth2: interface state UNINITIALIZED->ENABLED Mar 23 14:58:06.222718 osdx hostapd[823234]: eth2: AP-ENABLED Mar 23 14:58:09.331208 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:58:11.225745 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Mar 23 14:58:11.225790 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Mar 23 14:58:11.225799 osdx hostapd[823235]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Mar 23 14:58:11.238659 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB-first mode: Starting MAB authentication Mar 23 14:58:11.238682 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Mar 23 14:58:11.238696 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Mar 23 14:58:11.240402 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Mar 23 14:58:11.240413 osdx hostapd[823235]: eth2: RADIUS Authentication server 10.215.168.1:1812 Mar 23 14:58:11.240489 osdx hostapd[823235]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:58:11.240521 osdx hostapd[823235]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:58:11.240569 osdx hostapd[823235]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame Mar 23 14:58:11.240581 osdx hostapd[823235]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds Mar 23 14:58:11.240796 osdx hostapd[823235]: eth2: RADIUS Received 20 bytes from RADIUS server Mar 23 14:58:11.240800 osdx hostapd[823235]: eth2: RADIUS Received RADIUS message Mar 23 14:58:11.240804 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:58:11.240807 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Mar 23 14:58:11.240820 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' Mar 23 14:58:11.240832 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Mar 23 14:58:11.240834 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Mar 23 14:58:11.240837 osdx hostapd[823235]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Mar 23 14:58:11.240845 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Mar 23 14:58:11.240848 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 68EDB9CAF2B254BB
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Mar 23 14:58:13.769643 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:58:16.933408 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:58:20.084288 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:58:23.231507 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:58:26.380282 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:58:29.529321 osdx OSDxCLI[768149]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Mar 23 14:58:31.240780 osdx hostapd[823235]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame Mar 23 14:58:31.240809 osdx hostapd[823235]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds Mar 23 14:58:31.255771 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Mar 23 14:58:31.255785 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Mar 23 14:58:31.255821 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Mar 23 14:58:31.255856 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Mar 23 14:58:31.255887 osdx hostapd[823235]: eth2: RADIUS Sending RADIUS message to authentication server Mar 23 14:58:31.255927 osdx hostapd[823235]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Mar 23 14:58:31.256255 osdx hostapd[823235]: eth2: RADIUS Received 20 bytes from RADIUS server Mar 23 14:58:31.256264 osdx hostapd[823235]: eth2: RADIUS Received RADIUS message Mar 23 14:58:31.256269 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Mar 23 14:58:31.256273 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Mar 23 14:58:31.256311 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Mar 23 14:58:31.256315 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Mar 23 14:58:31.256318 osdx hostapd[823235]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Mar 23 14:58:31.256322 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Mar 23 14:58:31.256330 osdx hostapd[823235]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 68EDB9CAF2B254BB