Only 802.1X
This scenario shows how to configure the only-802.1x
authentication mode.
Test Successful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses the correct username and password.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1+kctTAmZGXu97nyOoc6ezTIdhi4fWyhalgEk0fuaa8alVNexLvm9WrG7A4S5XqKXcw43CuN27XpQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.330 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.330/0.330/0.330/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX1//ZhHDLCoOnSZ32ejyy5dR4yo4IdP26mk= set interfaces ethernet eth2 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command interfaces ethernet eth2 supplicant show status at DUT1 and check if output contains the following tokens:
AuthorizedShow output
--------------------------------------------------- Field Value --------------------------------------------------- EAP State SUCCESS EAP TLS Cipher ECDHE-RSA-AES256-GCM-SHA384 EAP TLS Version TLSv1.2 PAE State AUTHENTICATED Supplicant Port Status Authorized WPA State COMPLETED
Step 5: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+AuthorizedShow output
------------------------------- Field Value ------------------------------- EAPoL Frames (Rx) 11 EAPoL Frames (Tx) 11 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Authorized Req Frames (Rx) 9 Req ID Frames (Rx) 1 Resp Frames (Tx) 10 Start Frames (Tx) 1
Step 6: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
Authentication Successes\s+1 Authentication Mode\s+802\.1XShow output
--------------------------------------------- Field Value --------------------------------------------- Access Challenges 9 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode 802.1X Authentication Status Authorized (802.1X) Authentication Successes 1 EAPoL frames (Rx) 11 EAPoL frames (Tx) 11 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name testing
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.363 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.363/0.363/0.363/0.000 ms
Step 8: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authenticated - EAP type: 25 (PEAP)Show output
Apr 16 23:26:58.496558 osdx hostapd[1061677]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Apr 16 23:26:58.496577 osdx hostapd[1061677]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:26:58.496917 osdx hostapd[1061677]: connect[radius]: Network is unreachable Apr 16 23:26:58.496624 osdx hostapd[1061677]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Apr 16 23:26:58.496627 osdx hostapd[1061677]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Apr 16 23:26:58.512458 osdx hostapd[1061677]: Discovery mode enabled on eth2 Apr 16 23:26:58.512530 osdx hostapd[1061677]: eth2: interface state UNINITIALIZED->ENABLED Apr 16 23:26:58.512530 osdx hostapd[1061677]: eth2: AP-ENABLED Apr 16 23:27:01.812297 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Apr 16 23:27:01.812309 osdx hostapd[1061678]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Apr 16 23:27:01.824467 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Apr 16 23:27:01.824491 osdx hostapd[1061678]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Apr 16 23:27:01.824506 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA Apr 16 23:27:01.824523 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Apr 16 23:27:01.824531 osdx hostapd[1061678]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Apr 16 23:27:01.824549 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 206) Apr 16 23:27:01.824869 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=206 len=12) from STA: EAP Response-Identity (1) Apr 16 23:27:01.824880 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' Apr 16 23:27:01.824908 osdx hostapd[1061678]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:27:01.826731 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.826759 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.827017 osdx hostapd[1061678]: eth2: RADIUS Received 80 bytes from RADIUS server Apr 16 23:27:01.827022 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.827026 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:01.827046 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=207 len=22) from RADIUS server: EAP-Request-MD5 (4) Apr 16 23:27:01.827052 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 207) Apr 16 23:27:01.827287 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=207 len=6) from STA: EAP Response-unknown (3) Apr 16 23:27:01.827332 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.827347 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.853762 osdx hostapd[1061678]: eth2: RADIUS Received 64 bytes from RADIUS server Apr 16 23:27:01.853770 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.853774 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.02 sec Apr 16 23:27:01.853804 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=208 len=6) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:01.853812 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 208) Apr 16 23:27:01.854266 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=208 len=194) from STA: EAP Response-PEAP (25) Apr 16 23:27:01.854328 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.854348 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.940676 osdx hostapd[1061678]: eth2: RADIUS Received 1068 bytes from RADIUS server Apr 16 23:27:01.940693 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.940697 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.08 sec Apr 16 23:27:01.940740 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=209 len=1004) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:01.940749 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 209) Apr 16 23:27:01.941040 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=209 len=6) from STA: EAP Response-PEAP (25) Apr 16 23:27:01.941100 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.941120 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.941295 osdx hostapd[1061678]: eth2: RADIUS Received 229 bytes from RADIUS server Apr 16 23:27:01.941300 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.941304 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:01.941319 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=210 len=171) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:01.941326 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 210) Apr 16 23:27:01.942628 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=210 len=103) from STA: EAP Response-PEAP (25) Apr 16 23:27:01.942663 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.942676 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.968542 osdx hostapd[1061678]: eth2: RADIUS Received 115 bytes from RADIUS server Apr 16 23:27:01.968552 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.968556 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.02 sec Apr 16 23:27:01.968603 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=211 len=57) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:01.968613 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 211) Apr 16 23:27:01.969011 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=211 len=6) from STA: EAP Response-PEAP (25) Apr 16 23:27:01.969089 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.969108 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.969343 osdx hostapd[1061678]: eth2: RADIUS Received 98 bytes from RADIUS server Apr 16 23:27:01.969350 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.969354 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:01.969374 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=212 len=40) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:01.969380 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 212) Apr 16 23:27:01.969592 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=212 len=43) from STA: EAP Response-PEAP (25) Apr 16 23:27:01.969646 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.969661 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.972475 osdx hostapd[1061678]: eth2: RADIUS Received 131 bytes from RADIUS server Apr 16 23:27:01.972486 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.972493 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:01.972529 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=213 len=73) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:01.972538 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 213) Apr 16 23:27:01.972937 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=213 len=97) from STA: EAP Response-PEAP (25) Apr 16 23:27:01.972988 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.973003 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.977339 osdx hostapd[1061678]: eth2: RADIUS Received 140 bytes from RADIUS server Apr 16 23:27:01.977348 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.977352 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:01.977380 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=214 len=82) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:01.977388 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 214) Apr 16 23:27:01.977665 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=214 len=37) from STA: EAP Response-PEAP (25) Apr 16 23:27:01.977728 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.977779 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.977969 osdx hostapd[1061678]: eth2: RADIUS Received 104 bytes from RADIUS server Apr 16 23:27:01.977974 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.977977 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:01.977995 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=215 len=46) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:01.978001 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 215) Apr 16 23:27:01.978240 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=215 len=46) from STA: EAP Response-PEAP (25) Apr 16 23:27:01.978275 osdx hostapd[1061678]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:01.978286 osdx hostapd[1061678]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:01.994088 osdx hostapd[1061678]: eth2: RADIUS Received 175 bytes from RADIUS server Apr 16 23:27:01.994099 osdx hostapd[1061678]: eth2: RADIUS Received RADIUS message Apr 16 23:27:01.994104 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.01 sec Apr 16 23:27:01.994153 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Apr 16 23:27:01.994157 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=215 len=4) from RADIUS server: EAP Success Apr 16 23:27:01.994205 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 215) Apr 16 23:27:01.994232 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Apr 16 23:27:01.994236 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 4DAF31CD98A4C136 Apr 16 23:27:01.994240 osdx hostapd[1061678]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Unsuccessful 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 uses an incorrect username.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1/ULGRhsU1X1cohB7yuTguOJ9yqE5UPbaGhg0kycZx8W3oXUf0gmfycT+7ujom6eRhH9UuCpLn2cQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.283 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.283/0.283/0.283/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX19OQ/YjD452wetJUAIAvjkGYFttbFmkveg= set interfaces ethernet eth2 supplicant username wrong set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 0 EAPoL Frames (Tx) 0 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 0 Req ID Frames (Rx) 0 Resp Frames (Tx) 0 Start Frames (Tx) 0
Step 5: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 9 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 6: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:
Port Status\s+UnauthorizedShow output
--------------------------------- Field Value --------------------------------- EAPoL Frames (Rx) 10 EAPoL Frames (Tx) 10 Invalid Frames (Rx) 0 Logoff Frames (Tx) 0 Port Status Unauthorized Req Frames (Rx) 8 Req ID Frames (Rx) 1 Resp Frames (Tx) 9 Start Frames (Tx) 1
Step 7: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
Authentication Failures\s+[1-9]\d?Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 8 Authentication Backend RADIUS Authentication Failures 1 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 10 EAPoL frames (Tx) 10 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 8: Expect a failure in the following command:
Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. --- 192.168.100.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
Step 9: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)Show output
Apr 16 23:27:08.477182 osdx hostapd[1062199]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Apr 16 23:27:08.477205 osdx hostapd[1062199]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:27:08.477549 osdx hostapd[1062199]: connect[radius]: Network is unreachable Apr 16 23:27:08.477263 osdx hostapd[1062199]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Apr 16 23:27:08.477267 osdx hostapd[1062199]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Apr 16 23:27:08.492995 osdx hostapd[1062199]: Discovery mode enabled on eth2 Apr 16 23:27:08.493102 osdx hostapd[1062199]: eth2: interface state UNINITIALIZED->ENABLED Apr 16 23:27:08.493102 osdx hostapd[1062199]: eth2: AP-ENABLED Apr 16 23:27:11.834824 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Apr 16 23:27:11.834836 osdx hostapd[1062200]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Apr 16 23:27:11.848989 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Apr 16 23:27:11.849017 osdx hostapd[1062200]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Apr 16 23:27:11.849033 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA Apr 16 23:27:11.849046 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Apr 16 23:27:11.849055 osdx hostapd[1062200]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Apr 16 23:27:11.849082 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 89) Apr 16 23:27:11.849401 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=89 len=10) from STA: EAP Response-Identity (1) Apr 16 23:27:11.849412 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'wrong' Apr 16 23:27:11.849438 osdx hostapd[1062200]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:27:11.851962 osdx hostapd[1062200]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:11.851997 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:11.852323 osdx hostapd[1062200]: eth2: RADIUS Received 80 bytes from RADIUS server Apr 16 23:27:11.852333 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:11.852339 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:11.852368 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=90 len=22) from RADIUS server: EAP-Request-MD5 (4) Apr 16 23:27:11.852379 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 90) Apr 16 23:27:11.852732 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=90 len=6) from STA: EAP Response-unknown (3) Apr 16 23:27:11.852798 osdx hostapd[1062200]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:11.852817 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:11.853128 osdx hostapd[1062200]: eth2: RADIUS Received 64 bytes from RADIUS server Apr 16 23:27:11.853136 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:11.853140 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:11.853165 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=91 len=6) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:11.853175 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 91) Apr 16 23:27:11.853697 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=91 len=194) from STA: EAP Response-PEAP (25) Apr 16 23:27:11.853765 osdx hostapd[1062200]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:11.853786 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:11.855152 osdx hostapd[1062200]: eth2: RADIUS Received 1068 bytes from RADIUS server Apr 16 23:27:11.855162 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:11.855177 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:11.855225 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=92 len=1004) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:11.855236 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 92) Apr 16 23:27:11.855485 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=92 len=6) from STA: EAP Response-PEAP (25) Apr 16 23:27:11.855545 osdx hostapd[1062200]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:11.855567 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:11.855762 osdx hostapd[1062200]: eth2: RADIUS Received 229 bytes from RADIUS server Apr 16 23:27:11.855772 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:11.855778 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:11.855802 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=93 len=171) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:11.855813 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 93) Apr 16 23:27:11.857720 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=93 len=103) from STA: EAP Response-PEAP (25) Apr 16 23:27:11.857777 osdx hostapd[1062200]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:11.857794 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:11.858150 osdx hostapd[1062200]: eth2: RADIUS Received 115 bytes from RADIUS server Apr 16 23:27:11.858156 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:11.858164 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:11.858183 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=94 len=57) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:11.858189 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 94) Apr 16 23:27:11.858451 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=94 len=6) from STA: EAP Response-PEAP (25) Apr 16 23:27:11.858492 osdx hostapd[1062200]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:11.858507 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:11.858640 osdx hostapd[1062200]: eth2: RADIUS Received 98 bytes from RADIUS server Apr 16 23:27:11.858646 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:11.858650 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:11.858666 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=95 len=40) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:11.858672 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 95) Apr 16 23:27:11.858824 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=95 len=41) from STA: EAP Response-PEAP (25) Apr 16 23:27:11.858869 osdx hostapd[1062200]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:11.858881 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:11.859011 osdx hostapd[1062200]: eth2: RADIUS Received 131 bytes from RADIUS server Apr 16 23:27:11.859017 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:11.859021 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:11.859038 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=96 len=73) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:11.859046 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 96) Apr 16 23:27:11.859399 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=96 len=95) from STA: EAP Response-PEAP (25) Apr 16 23:27:11.859488 osdx hostapd[1062200]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:11.859517 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:11.859847 osdx hostapd[1062200]: eth2: RADIUS Received 104 bytes from RADIUS server Apr 16 23:27:11.859858 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:11.859865 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:11.859893 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=97 len=46) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:27:11.859905 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 97) Apr 16 23:27:11.860253 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=97 len=46) from STA: EAP Response-PEAP (25) Apr 16 23:27:11.860342 osdx hostapd[1062200]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:27:11.860372 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:27:12.860472 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Resending RADIUS message (id=8) Apr 16 23:27:12.860503 osdx hostapd[1062200]: eth2: RADIUS Next RADIUS client retransmit in 2 seconds Apr 16 23:27:12.860676 osdx hostapd[1062200]: eth2: RADIUS Received 44 bytes from RADIUS server Apr 16 23:27:12.860680 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:12.860683 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:27:12.860724 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=4 id=97 len=4) from RADIUS server: EAP Failure Apr 16 23:27:12.860749 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 97) Apr 16 23:27:12.860760 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Apr 16 23:27:12.860764 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authentication failed - EAP type: 25 (PEAP) Apr 16 23:27:12.860766 osdx hostapd[1062200]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Authentication failed, enforcing quiet period (60 seconds) Apr 16 23:27:12.860770 osdx hostapd[1062200]: eth2: RADIUS Received 44 bytes from RADIUS server Apr 16 23:27:12.860773 osdx hostapd[1062200]: eth2: RADIUS Received RADIUS message Apr 16 23:27:12.860775 osdx hostapd[1062200]: eth2: RADIUS No matching RADIUS request found (type=0 id=8) - dropping packet
Test Unsupported 802.1x Authentication
Description
This scenario shows how to configure 802.1x-only authentication. DUT1 does not support 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 0 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1/Nkf5gwsu/vsYGbO1q6oId15ha39VM3JX7x+n43kFm+A8YKpQBT96yVpcOb+6ELKSmszuWDWi3CQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.573 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.573/0.573/0.573/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 2 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 5: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 6: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:
EAPoL frames \(Rx\)\s+0 EAPoL frames \(Tx\)\s+[1-9]+[0-9]*Show output
------------------------------------------- Field Value ------------------------------------------- Access Challenges 0 Authentication Backend RADIUS Authentication Failures 0 Authentication Mode N/A Authentication Status Unauthorized Authentication Successes 0 EAPoL frames (Rx) 0 EAPoL frames (Tx) 3 Quiet Period 60 Reauthenticate FALSE Reauthenticate Period 0 Session Time 0 Session User MAC de:ad:be:ef:6c:12 Session User Name N/A
Step 7: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: EAP authentication timeoutShow output
Apr 16 23:27:23.526101 osdx hostapd[1062717]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Apr 16 23:27:23.526116 osdx hostapd[1062717]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:27:23.526478 osdx hostapd[1062717]: connect[radius]: Network is unreachable Apr 16 23:27:23.526172 osdx hostapd[1062717]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Apr 16 23:27:23.526176 osdx hostapd[1062717]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Apr 16 23:27:23.541956 osdx hostapd[1062717]: Discovery mode enabled on eth2 Apr 16 23:27:23.542083 osdx hostapd[1062717]: eth2: interface state UNINITIALIZED->ENABLED Apr 16 23:27:23.542083 osdx hostapd[1062717]: eth2: AP-ENABLED Apr 16 23:27:28.542281 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Apr 16 23:27:28.542323 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Apr 16 23:27:28.542338 osdx hostapd[1062718]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Apr 16 23:27:28.562009 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Apr 16 23:27:28.562038 osdx hostapd[1062718]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Apr 16 23:27:28.562058 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Apr 16 23:27:28.562065 osdx hostapd[1062718]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Apr 16 23:27:28.562093 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 254) Apr 16 23:27:31.564251 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 254) Apr 16 23:27:36.326727 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:27:37.568253 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 254) Apr 16 23:27:44.615992 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:27:49.578258 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: aborting authentication Apr 16 23:27:49.578271 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: EAP authentication timeout - enforcing 60 second quiet period before retrying Apr 16 23:27:49.578283 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 MLME: MLME-DEAUTHENTICATE.indication(de:ad:be:ef:6c:12, 2) Apr 16 23:27:49.578286 osdx hostapd[1062718]: eth2: STA de:ad:be:ef:6c:12 MLME: MLME-DELETEKEYS.request(de:ad:be:ef:6c:12)