Reauth Period
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Test Reauth Period In 802.1X Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18tydZn83KUQZaT3wXJDNZQY1StEdYxuu59gGHhmkcnSW3cMehfQtNO32JDHmYA6J+R4xVhKVxq5w== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.218 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.218/0.218/0.218/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX1+3AMe4ZlzDEOwDUGqP7DJq7hLLzzFsyAQ= set interfaces ethernet eth2 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authenticatedShow output
Apr 16 23:49:44.420649 osdx hostapd[1095193]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Apr 16 23:49:44.420930 osdx hostapd[1095193]: connect[radius]: Network is unreachable Apr 16 23:49:44.420665 osdx hostapd[1095193]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:49:44.420726 osdx hostapd[1095193]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 Apr 16 23:49:44.420736 osdx hostapd[1095193]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Apr 16 23:49:44.444524 osdx hostapd[1095193]: Discovery mode enabled on eth2 Apr 16 23:49:44.444642 osdx hostapd[1095193]: eth2: interface state UNINITIALIZED->ENABLED Apr 16 23:49:44.444642 osdx hostapd[1095193]: eth2: AP-ENABLED Apr 16 23:49:44.444521 osdx hostapd[1095193]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Apr 16 23:49:45.882125 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:49:47.711370 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Apr 16 23:49:47.711385 osdx hostapd[1095194]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Apr 16 23:49:47.732531 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Apr 16 23:49:47.732562 osdx hostapd[1095194]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Apr 16 23:49:47.732578 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA Apr 16 23:49:47.732591 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Apr 16 23:49:47.732599 osdx hostapd[1095194]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Apr 16 23:49:47.732629 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 212) Apr 16 23:49:47.732960 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=212 len=12) from STA: EAP Response-Identity (1) Apr 16 23:49:47.732972 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' Apr 16 23:49:47.732998 osdx hostapd[1095194]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:49:47.734785 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.734811 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.735045 osdx hostapd[1095194]: eth2: RADIUS Received 80 bytes from RADIUS server Apr 16 23:49:47.735050 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.735054 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.735074 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=213 len=22) from RADIUS server: EAP-Request-MD5 (4) Apr 16 23:49:47.735082 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 213) Apr 16 23:49:47.735257 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=213 len=6) from STA: EAP Response-unknown (3) Apr 16 23:49:47.735300 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.735313 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.735502 osdx hostapd[1095194]: eth2: RADIUS Received 64 bytes from RADIUS server Apr 16 23:49:47.735507 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.735510 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.735524 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=214 len=6) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:49:47.735530 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 214) Apr 16 23:49:47.735897 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=214 len=194) from STA: EAP Response-PEAP (25) Apr 16 23:49:47.735950 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.735964 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.737267 osdx hostapd[1095194]: eth2: RADIUS Received 1068 bytes from RADIUS server Apr 16 23:49:47.737272 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.737276 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.737295 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=215 len=1004) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:49:47.737301 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 215) Apr 16 23:49:47.737490 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=215 len=6) from STA: EAP Response-PEAP (25) Apr 16 23:49:47.737534 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.737548 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.737712 osdx hostapd[1095194]: eth2: RADIUS Received 229 bytes from RADIUS server Apr 16 23:49:47.737718 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.737726 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.737742 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=216 len=171) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:49:47.737748 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 216) Apr 16 23:49:47.739541 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=216 len=103) from STA: EAP Response-PEAP (25) Apr 16 23:49:47.739586 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.739597 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.739911 osdx hostapd[1095194]: eth2: RADIUS Received 115 bytes from RADIUS server Apr 16 23:49:47.739917 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.739921 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.739939 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=217 len=57) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:49:47.739945 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 217) Apr 16 23:49:47.740196 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=217 len=6) from STA: EAP Response-PEAP (25) Apr 16 23:49:47.740232 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.740246 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.740388 osdx hostapd[1095194]: eth2: RADIUS Received 98 bytes from RADIUS server Apr 16 23:49:47.740394 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.740397 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.740414 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=218 len=40) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:49:47.740420 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 218) Apr 16 23:49:47.740626 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=218 len=43) from STA: EAP Response-PEAP (25) Apr 16 23:49:47.740673 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.740684 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.740895 osdx hostapd[1095194]: eth2: RADIUS Received 131 bytes from RADIUS server Apr 16 23:49:47.740902 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.740907 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.740931 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=219 len=73) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:49:47.740939 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 219) Apr 16 23:49:47.741191 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=219 len=97) from STA: EAP Response-PEAP (25) Apr 16 23:49:47.741232 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.741264 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.741432 osdx hostapd[1095194]: eth2: RADIUS Received 140 bytes from RADIUS server Apr 16 23:49:47.741437 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.741441 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.741455 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=220 len=82) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:49:47.741461 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 220) Apr 16 23:49:47.741678 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=220 len=37) from STA: EAP Response-PEAP (25) Apr 16 23:49:47.741726 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.741740 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.741933 osdx hostapd[1095194]: eth2: RADIUS Received 104 bytes from RADIUS server Apr 16 23:49:47.741938 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.741942 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.741960 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=221 len=46) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:49:47.741966 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 221) Apr 16 23:49:47.742198 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=221 len=46) from STA: EAP Response-PEAP (25) Apr 16 23:49:47.742243 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:49:47.742256 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:49:47.742433 osdx hostapd[1095194]: eth2: RADIUS Received 175 bytes from RADIUS server Apr 16 23:49:47.742438 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:49:47.742442 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:49:47.742465 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Apr 16 23:49:47.742469 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=221 len=4) from RADIUS server: EAP Success Apr 16 23:49:47.742485 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 221) Apr 16 23:49:47.742500 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Apr 16 23:49:47.742504 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 327140505A80DA88 Apr 16 23:49:47.742507 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Apr 16 23:49:48.285604 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:49:50.398575 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:49:52.476485 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:49:54.570415 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:49:56.690316 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:49:58.771961 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:00.868704 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:02.960557 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:05.038711 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:07.129315 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:07.749798 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Apr 16 23:50:07.749812 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Starting re-authentication (port will be unauthorized until authentication succeeds) Apr 16 23:50:07.749818 osdx hostapd[1095194]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Apr 16 23:50:07.749864 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 174) Apr 16 23:50:07.750311 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=174 len=12) from STA: EAP Response-Identity (1) Apr 16 23:50:07.750325 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' Apr 16 23:50:07.750410 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.750449 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.750732 osdx hostapd[1095194]: eth2: RADIUS Received 80 bytes from RADIUS server Apr 16 23:50:07.750738 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.750743 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.750764 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=175 len=22) from RADIUS server: EAP-Request-MD5 (4) Apr 16 23:50:07.750772 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 175) Apr 16 23:50:07.750986 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=175 len=6) from STA: EAP Response-unknown (3) Apr 16 23:50:07.751025 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.751039 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.751254 osdx hostapd[1095194]: eth2: RADIUS Received 64 bytes from RADIUS server Apr 16 23:50:07.751261 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.751266 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.751284 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=176 len=6) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:50:07.751291 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 176) Apr 16 23:50:07.751638 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=176 len=194) from STA: EAP Response-PEAP (25) Apr 16 23:50:07.751689 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.751702 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.753024 osdx hostapd[1095194]: eth2: RADIUS Received 1068 bytes from RADIUS server Apr 16 23:50:07.753032 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.753035 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.753063 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=177 len=1004) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:50:07.753070 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 177) Apr 16 23:50:07.753303 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=177 len=6) from STA: EAP Response-PEAP (25) Apr 16 23:50:07.753361 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.753377 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.753511 osdx hostapd[1095194]: eth2: RADIUS Received 229 bytes from RADIUS server Apr 16 23:50:07.753516 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.753520 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.753537 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=178 len=171) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:50:07.753545 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 178) Apr 16 23:50:07.754611 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=178 len=103) from STA: EAP Response-PEAP (25) Apr 16 23:50:07.754662 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.754676 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.755003 osdx hostapd[1095194]: eth2: RADIUS Received 115 bytes from RADIUS server Apr 16 23:50:07.755008 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.755013 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.755034 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=179 len=57) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:50:07.755041 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 179) Apr 16 23:50:07.755313 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=179 len=6) from STA: EAP Response-PEAP (25) Apr 16 23:50:07.755362 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.755377 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.755535 osdx hostapd[1095194]: eth2: RADIUS Received 98 bytes from RADIUS server Apr 16 23:50:07.755541 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.755546 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.755565 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=180 len=40) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:50:07.755572 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 180) Apr 16 23:50:07.755791 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=180 len=43) from STA: EAP Response-PEAP (25) Apr 16 23:50:07.755827 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.755840 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.756033 osdx hostapd[1095194]: eth2: RADIUS Received 131 bytes from RADIUS server Apr 16 23:50:07.756038 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.756041 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.756054 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=181 len=73) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:50:07.756059 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 181) Apr 16 23:50:07.756305 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=181 len=97) from STA: EAP Response-PEAP (25) Apr 16 23:50:07.756337 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.756350 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.756580 osdx hostapd[1095194]: eth2: RADIUS Received 140 bytes from RADIUS server Apr 16 23:50:07.756591 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.756595 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.756621 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=182 len=82) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:50:07.756629 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 182) Apr 16 23:50:07.756901 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=182 len=37) from STA: EAP Response-PEAP (25) Apr 16 23:50:07.756949 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.756965 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.757109 osdx hostapd[1095194]: eth2: RADIUS Received 104 bytes from RADIUS server Apr 16 23:50:07.757115 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.757119 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.757137 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=183 len=46) from RADIUS server: EAP-Request-PEAP (25) Apr 16 23:50:07.757144 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 183) Apr 16 23:50:07.757313 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=183 len=46) from STA: EAP Response-PEAP (25) Apr 16 23:50:07.757360 osdx hostapd[1095194]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:07.757374 osdx hostapd[1095194]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:07.757546 osdx hostapd[1095194]: eth2: RADIUS Received 175 bytes from RADIUS server Apr 16 23:50:07.757552 osdx hostapd[1095194]: eth2: RADIUS Received RADIUS message Apr 16 23:50:07.757556 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:07.757580 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' Apr 16 23:50:07.757584 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=183 len=4) from RADIUS server: EAP Success Apr 16 23:50:07.757602 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 183) Apr 16 23:50:07.757613 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Apr 16 23:50:07.757616 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 327140505A80DA88 Apr 16 23:50:07.757621 osdx hostapd[1095194]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Reauth Period In MAB Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-MAB set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1+w/o0RZ75V65sJh6R5ZX+YZlzur8kWEBSueHcaddfrFw6SXuLHHQJcnbfI11OlXcuR0aWHooq4aw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.881 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.881/0.881/0.881/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
Apr 16 23:50:16.772964 osdx hostapd[1095790]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Apr 16 23:50:16.772981 osdx hostapd[1095790]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:50:16.773410 osdx hostapd[1095790]: connect[radius]: Network is unreachable Apr 16 23:50:16.773027 osdx hostapd[1095790]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-only, eap_server=0, eap_quiet_period=60, eap_max_retrans=5 Apr 16 23:50:16.773031 osdx hostapd[1095790]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Apr 16 23:50:16.783346 osdx hostapd[1095790]: Discovery mode enabled on eth2 Apr 16 23:50:16.783346 osdx hostapd[1095790]: eth2: interface state UNINITIALIZED->ENABLED Apr 16 23:50:16.783346 osdx hostapd[1095790]: eth2: AP-ENABLED Apr 16 23:50:20.219916 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:21.784331 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Apr 16 23:50:21.784376 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Apr 16 23:50:21.784386 osdx hostapd[1095791]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Apr 16 23:50:21.798025 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB-only mode: Starting MAB authentication Apr 16 23:50:21.798063 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Apr 16 23:50:21.798081 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Apr 16 23:50:21.800459 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Apr 16 23:50:21.800472 osdx hostapd[1095791]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:50:21.800565 osdx hostapd[1095791]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:21.800598 osdx hostapd[1095791]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:21.800886 osdx hostapd[1095791]: eth2: RADIUS Received 20 bytes from RADIUS server Apr 16 23:50:21.800891 osdx hostapd[1095791]: eth2: RADIUS Received RADIUS message Apr 16 23:50:21.800896 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:21.800900 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Apr 16 23:50:21.800911 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' Apr 16 23:50:21.800928 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Apr 16 23:50:21.800932 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Apr 16 23:50:21.800935 osdx hostapd[1095791]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Apr 16 23:50:21.800949 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Apr 16 23:50:21.800953 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 5415D651146CD026
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Apr 16 23:50:24.793822 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:27.962486 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:31.139534 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:34.309657 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:37.487431 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:40.643610 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:41.815284 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Apr 16 23:50:41.815303 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Apr 16 23:50:41.815361 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Apr 16 23:50:41.815398 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Apr 16 23:50:41.815423 osdx hostapd[1095791]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:50:41.815465 osdx hostapd[1095791]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:50:41.815726 osdx hostapd[1095791]: eth2: RADIUS Received 20 bytes from RADIUS server Apr 16 23:50:41.815737 osdx hostapd[1095791]: eth2: RADIUS Received RADIUS message Apr 16 23:50:41.815742 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:50:41.815747 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Apr 16 23:50:41.815764 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Apr 16 23:50:41.815768 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Apr 16 23:50:41.815771 osdx hostapd[1095791]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Apr 16 23:50:41.815775 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Apr 16 23:50:41.815779 osdx hostapd[1095791]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 5415D651146CD026
Test Reauth Period In MAB-Fallback Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode 802.1x-MAB set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1801Hfk0YhKuYp9HgMPJ71derdcs3sdDe5/N4MImCyjH+8mjk37bsYKaV/sQz03+fLY85QDlgnpMQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.291 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.291/0.291/0.291/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
Apr 16 23:50:50.337316 osdx hostapd[1096367]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Apr 16 23:50:50.337342 osdx hostapd[1096367]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:50:50.337628 osdx hostapd[1096367]: connect[radius]: Network is unreachable Apr 16 23:50:50.337456 osdx hostapd[1096367]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X+MAB-fallback, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 Apr 16 23:50:50.337461 osdx hostapd[1096367]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Apr 16 23:50:50.357061 osdx hostapd[1096367]: Discovery mode enabled on eth2 Apr 16 23:50:50.357061 osdx hostapd[1096367]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Apr 16 23:50:50.357280 osdx hostapd[1096367]: eth2: interface state UNINITIALIZED->ENABLED Apr 16 23:50:50.357280 osdx hostapd[1096367]: eth2: AP-ENABLED Apr 16 23:50:53.567458 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:55.359376 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Apr 16 23:50:55.359426 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Apr 16 23:50:55.359438 osdx hostapd[1096368]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Apr 16 23:50:55.373066 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication Apr 16 23:50:55.373098 osdx hostapd[1096368]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames Apr 16 23:50:55.373102 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB fallback mode: Scheduling MAB trigger in 30 seconds if no 802.1X response Apr 16 23:50:55.373105 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response Apr 16 23:50:55.373119 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Apr 16 23:50:55.373127 osdx hostapd[1096368]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Apr 16 23:50:55.373168 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 100) Apr 16 23:50:57.757021 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:50:58.375342 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 100) Apr 16 23:51:01.955085 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:04.380365 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 100) Apr 16 23:51:06.178348 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:10.409943 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:14.676222 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:16.391347 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: aborting authentication Apr 16 23:51:16.391355 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: EAP max retrans reached, triggering MAB fallback immediately Apr 16 23:51:16.391359 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Apr 16 23:51:16.391391 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Apr 16 23:51:16.393107 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Apr 16 23:51:16.393117 osdx hostapd[1096368]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:51:16.393189 osdx hostapd[1096368]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:51:16.393219 osdx hostapd[1096368]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:51:16.393240 osdx hostapd[1096368]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Apr 16 23:51:16.393259 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 137) Apr 16 23:51:16.393505 osdx hostapd[1096368]: eth2: RADIUS Received 20 bytes from RADIUS server Apr 16 23:51:16.393510 osdx hostapd[1096368]: eth2: RADIUS Received RADIUS message Apr 16 23:51:16.393514 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:51:16.393517 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Apr 16 23:51:16.393529 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' Apr 16 23:51:16.393543 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Apr 16 23:51:16.393546 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Apr 16 23:51:16.393549 osdx hostapd[1096368]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Apr 16 23:51:16.393558 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Apr 16 23:51:16.393561 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 8480835AAA6B8FDB
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Apr 16 23:51:19.384558 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:22.548860 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:25.733968 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:28.905165 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:32.154423 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:35.350118 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:36.410324 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Apr 16 23:51:36.410344 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB fallback: Scheduling MAB trigger in 30 seconds if no 802.1X response Apr 16 23:51:36.410348 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response Apr 16 23:51:36.410378 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port Apr 16 23:51:36.410383 osdx hostapd[1096368]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication Apr 16 23:51:36.410400 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 136) Apr 16 23:51:39.413341 osdx hostapd[1096368]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 136)
Test Reauth Period In MAB-First Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB/802.1X authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode MAB-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1/BvAzqOA2dk4ev63zADbK5MQ05Onc8Rn/kRK9ywdShnZfljtYeX/uZ5q7ZSL9HJVGd5hZBBz1SFw== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.827 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.827/0.827/0.827/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
Apr 16 23:51:46.714994 osdx hostapd[1096968]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. Apr 16 23:51:46.715009 osdx hostapd[1096968]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:51:46.715329 osdx hostapd[1096968]: connect[radius]: Network is unreachable Apr 16 23:51:46.715053 osdx hostapd[1096968]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-first, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 Apr 16 23:51:46.715057 osdx hostapd[1096968]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode Apr 16 23:51:46.742804 osdx hostapd[1096968]: Discovery mode enabled on eth2 Apr 16 23:51:46.742900 osdx hostapd[1096968]: eth2: interface state UNINITIALIZED->ENABLED Apr 16 23:51:46.742900 osdx hostapd[1096968]: eth2: AP-ENABLED Apr 16 23:51:46.742805 osdx hostapd[1096968]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames Apr 16 23:51:50.242481 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:51.746133 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication Apr 16 23:51:51.746176 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added Apr 16 23:51:51.746186 osdx hostapd[1096969]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode Apr 16 23:51:51.758850 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB-first mode: Starting MAB authentication Apr 16 23:51:51.758893 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Apr 16 23:51:51.758906 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Apr 16 23:51:51.760698 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Apr 16 23:51:51.760710 osdx hostapd[1096969]: eth2: RADIUS Authentication server 10.215.168.1:1812 Apr 16 23:51:51.760791 osdx hostapd[1096969]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:51:51.760859 osdx hostapd[1096969]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:51:51.760927 osdx hostapd[1096969]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame Apr 16 23:51:51.760947 osdx hostapd[1096969]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds Apr 16 23:51:51.761174 osdx hostapd[1096969]: eth2: RADIUS Received 20 bytes from RADIUS server Apr 16 23:51:51.761180 osdx hostapd[1096969]: eth2: RADIUS Received RADIUS message Apr 16 23:51:51.761184 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:51:51.761188 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Apr 16 23:51:51.761202 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' Apr 16 23:51:51.761219 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Apr 16 23:51:51.761222 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Apr 16 23:51:51.761224 osdx hostapd[1096969]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Apr 16 23:51:51.761236 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Apr 16 23:51:51.761240 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session D158D326FFE01142
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
Apr 16 23:51:54.749158 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:51:57.930900 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:52:01.178951 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:52:04.436419 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:52:07.615994 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:52:10.865648 osdx OSDxCLI[1043131]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. Apr 16 23:52:11.761131 osdx hostapd[1096969]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame Apr 16 23:52:11.761154 osdx hostapd[1096969]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds Apr 16 23:52:11.775177 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication Apr 16 23:52:11.775192 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query Apr 16 23:52:11.775221 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 Apr 16 23:52:11.775246 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 Apr 16 23:52:11.775264 osdx hostapd[1096969]: eth2: RADIUS Sending RADIUS message to authentication server Apr 16 23:52:11.775295 osdx hostapd[1096969]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds Apr 16 23:52:11.775542 osdx hostapd[1096969]: eth2: RADIUS Received 20 bytes from RADIUS server Apr 16 23:52:11.775547 osdx hostapd[1096969]: eth2: RADIUS Received RADIUS message Apr 16 23:52:11.775551 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec Apr 16 23:52:11.775554 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response Apr 16 23:52:11.775571 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated Apr 16 23:52:11.775574 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) Apr 16 23:52:11.775576 osdx hostapd[1096969]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled Apr 16 23:52:11.775579 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port Apr 16 23:52:11.775582 osdx hostapd[1096969]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session D158D326FFE01142