Reauth Period
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Test Reauth Period In 802.1X Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX19yEYIa74aUCYggrQDRXKi8Q+GO51uBLSn3vQ4rpaqC9uEfEYgKnK6gGTXkME2Y/AMjTgf8paC+VA== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.244 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.244/0.244/0.244/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX19l5PKv2yUmqdtZ/g5q1WPI+PSR5x9KmRs= set interfaces ethernet eth2 supplicant username testing set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: authenticatedShow output
May 04 18:30:11.464709 osdx hostapd[81107]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. May 04 18:30:11.464730 osdx hostapd[81107]: eth2: RADIUS Authentication server 10.215.168.1:1812 May 04 18:30:11.464978 osdx hostapd[81107]: connect[radius]: Network is unreachable May 04 18:30:11.464809 osdx hostapd[81107]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2 May 04 18:30:11.464813 osdx hostapd[81107]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 04 18:30:11.488567 osdx hostapd[81107]: Discovery mode enabled on eth2 May 04 18:30:11.488685 osdx hostapd[81107]: eth2: interface state UNINITIALIZED->ENABLED May 04 18:30:11.488685 osdx hostapd[81107]: eth2: AP-ENABLED May 04 18:30:11.488567 osdx hostapd[81107]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames May 04 18:30:13.016399 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:14.860844 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added May 04 18:30:14.860859 osdx hostapd[81108]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 04 18:30:14.880534 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication May 04 18:30:14.880565 osdx hostapd[81108]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames May 04 18:30:14.880584 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA May 04 18:30:14.880596 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port May 04 18:30:14.880608 osdx hostapd[81108]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 04 18:30:14.880632 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 9) May 04 18:30:14.881074 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=9 len=12) from STA: EAP Response-Identity (1) May 04 18:30:14.881089 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' May 04 18:30:14.881133 osdx hostapd[81108]: eth2: RADIUS Authentication server 10.215.168.1:1812 May 04 18:30:14.883504 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.883541 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.883820 osdx hostapd[81108]: eth2: RADIUS Received 80 bytes from RADIUS server May 04 18:30:14.883827 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.883831 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.883857 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=10 len=22) from RADIUS server: EAP-Request-MD5 (4) May 04 18:30:14.883863 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 10) May 04 18:30:14.884166 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=10 len=6) from STA: EAP Response-unknown (3) May 04 18:30:14.884221 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.884238 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.884443 osdx hostapd[81108]: eth2: RADIUS Received 64 bytes from RADIUS server May 04 18:30:14.884448 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.884452 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.884469 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=11 len=6) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:14.884476 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 11) May 04 18:30:14.884840 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=11 len=194) from STA: EAP Response-PEAP (25) May 04 18:30:14.884889 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.884902 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.885913 osdx hostapd[81108]: eth2: RADIUS Received 1068 bytes from RADIUS server May 04 18:30:14.885923 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.885928 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.885950 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=12 len=1004) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:14.885956 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 12) May 04 18:30:14.886126 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=12 len=6) from STA: EAP Response-PEAP (25) May 04 18:30:14.886169 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.886181 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.886301 osdx hostapd[81108]: eth2: RADIUS Received 229 bytes from RADIUS server May 04 18:30:14.886306 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.886310 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.886325 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=13 len=171) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:14.886331 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 13) May 04 18:30:14.887642 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=13 len=103) from STA: EAP Response-PEAP (25) May 04 18:30:14.887686 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.887696 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.887982 osdx hostapd[81108]: eth2: RADIUS Received 115 bytes from RADIUS server May 04 18:30:14.887988 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.887992 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.888009 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=14 len=57) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:14.888015 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 14) May 04 18:30:14.888232 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=14 len=6) from STA: EAP Response-PEAP (25) May 04 18:30:14.888267 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.888279 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.888394 osdx hostapd[81108]: eth2: RADIUS Received 98 bytes from RADIUS server May 04 18:30:14.888400 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.888415 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.888437 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=15 len=40) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:14.888443 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 15) May 04 18:30:14.888624 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=15 len=43) from STA: EAP Response-PEAP (25) May 04 18:30:14.888672 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.888687 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.888830 osdx hostapd[81108]: eth2: RADIUS Received 131 bytes from RADIUS server May 04 18:30:14.888834 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.888837 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.888853 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=16 len=73) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:14.888859 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 16) May 04 18:30:14.889111 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=16 len=97) from STA: EAP Response-PEAP (25) May 04 18:30:14.889154 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.889170 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.889369 osdx hostapd[81108]: eth2: RADIUS Received 140 bytes from RADIUS server May 04 18:30:14.889373 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.889376 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.889388 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=17 len=82) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:14.889393 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 17) May 04 18:30:14.889581 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=17 len=37) from STA: EAP Response-PEAP (25) May 04 18:30:14.889622 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.889638 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.889786 osdx hostapd[81108]: eth2: RADIUS Received 104 bytes from RADIUS server May 04 18:30:14.889791 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.889794 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.889815 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=18 len=46) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:14.889821 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 18) May 04 18:30:14.890008 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=18 len=46) from STA: EAP Response-PEAP (25) May 04 18:30:14.890040 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:14.890050 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:14.890252 osdx hostapd[81108]: eth2: RADIUS Received 175 bytes from RADIUS server May 04 18:30:14.890258 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:14.890261 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:14.890282 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' May 04 18:30:14.890286 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=18 len=4) from RADIUS server: EAP Success May 04 18:30:14.890301 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 18) May 04 18:30:14.890315 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port May 04 18:30:14.890318 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 0EAA0F832B9E226B May 04 18:30:14.890322 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
May 04 18:30:15.353140 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:17.465835 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:19.543413 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:21.610610 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:23.705025 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:25.782502 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:27.859346 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:29.939263 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:32.021865 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:34.123268 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:34.897769 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication May 04 18:30:34.897779 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Starting re-authentication (port will be unauthorized until authentication succeeds) May 04 18:30:34.897783 osdx hostapd[81108]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 04 18:30:34.897824 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 77) May 04 18:30:34.898204 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=77 len=12) from STA: EAP Response-Identity (1) May 04 18:30:34.898217 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing' May 04 18:30:34.898289 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.898328 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.898599 osdx hostapd[81108]: eth2: RADIUS Received 80 bytes from RADIUS server May 04 18:30:34.898606 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.898611 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.898635 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=78 len=22) from RADIUS server: EAP-Request-MD5 (4) May 04 18:30:34.898641 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 78) May 04 18:30:34.898834 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=78 len=6) from STA: EAP Response-unknown (3) May 04 18:30:34.898876 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.898888 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.899058 osdx hostapd[81108]: eth2: RADIUS Received 64 bytes from RADIUS server May 04 18:30:34.899064 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.899067 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.899080 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=79 len=6) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:34.899085 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 79) May 04 18:30:34.899369 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=79 len=194) from STA: EAP Response-PEAP (25) May 04 18:30:34.899406 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.899417 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.900435 osdx hostapd[81108]: eth2: RADIUS Received 1068 bytes from RADIUS server May 04 18:30:34.900443 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.900447 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.900475 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=80 len=1004) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:34.900484 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 80) May 04 18:30:34.900677 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=80 len=6) from STA: EAP Response-PEAP (25) May 04 18:30:34.900743 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.900757 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.900871 osdx hostapd[81108]: eth2: RADIUS Received 229 bytes from RADIUS server May 04 18:30:34.900876 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.900880 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.900896 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=81 len=171) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:34.900902 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 81) May 04 18:30:34.902348 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=81 len=103) from STA: EAP Response-PEAP (25) May 04 18:30:34.902391 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.902402 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.902687 osdx hostapd[81108]: eth2: RADIUS Received 115 bytes from RADIUS server May 04 18:30:34.902692 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.902696 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.902711 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=82 len=57) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:34.902721 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 82) May 04 18:30:34.902929 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=82 len=6) from STA: EAP Response-PEAP (25) May 04 18:30:34.902961 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.902970 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.903101 osdx hostapd[81108]: eth2: RADIUS Received 98 bytes from RADIUS server May 04 18:30:34.903108 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.903112 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.903136 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=83 len=40) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:34.903147 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 83) May 04 18:30:34.903332 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=83 len=43) from STA: EAP Response-PEAP (25) May 04 18:30:34.903381 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.903394 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.903549 osdx hostapd[81108]: eth2: RADIUS Received 131 bytes from RADIUS server May 04 18:30:34.903554 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.903557 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.903571 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=84 len=73) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:34.903576 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 84) May 04 18:30:34.903839 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=84 len=97) from STA: EAP Response-PEAP (25) May 04 18:30:34.903871 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.903880 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.904082 osdx hostapd[81108]: eth2: RADIUS Received 140 bytes from RADIUS server May 04 18:30:34.904086 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.904090 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.904103 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=85 len=82) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:34.904108 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 85) May 04 18:30:34.904319 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=85 len=37) from STA: EAP Response-PEAP (25) May 04 18:30:34.904364 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.904376 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.904537 osdx hostapd[81108]: eth2: RADIUS Received 104 bytes from RADIUS server May 04 18:30:34.904542 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.904544 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.904557 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=86 len=46) from RADIUS server: EAP-Request-PEAP (25) May 04 18:30:34.904562 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 86) May 04 18:30:34.904748 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=86 len=46) from STA: EAP Response-PEAP (25) May 04 18:30:34.904779 osdx hostapd[81108]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:34.904789 osdx hostapd[81108]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:34.904975 osdx hostapd[81108]: eth2: RADIUS Received 175 bytes from RADIUS server May 04 18:30:34.904979 osdx hostapd[81108]: eth2: RADIUS Received RADIUS message May 04 18:30:34.904982 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:34.905000 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing' May 04 18:30:34.905004 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=86 len=4) from RADIUS server: EAP Success May 04 18:30:34.905018 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 86) May 04 18:30:34.905026 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port May 04 18:30:34.905029 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 0EAA0F832B9E226B May 04 18:30:34.905032 osdx hostapd[81108]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Test Reauth Period In MAB Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode only-MAB set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX1/C1Ro05Zu0v5Vn+HnZ0fkCflbaB1+oQp/8xBD7tecA2a7Uj/X1qKpyALNLA9ZoQeqOm9afKWRuAA== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.338 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.338/0.338/0.338/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
May 04 18:30:43.359005 osdx hostapd[81700]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. May 04 18:30:43.359018 osdx hostapd[81700]: eth2: RADIUS Authentication server 10.215.168.1:1812 May 04 18:30:43.359238 osdx hostapd[81700]: connect[radius]: Network is unreachable May 04 18:30:43.359060 osdx hostapd[81700]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-only, eap_server=0, eap_quiet_period=60, eap_max_retrans=5 May 04 18:30:43.359064 osdx hostapd[81700]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 04 18:30:43.378884 osdx hostapd[81700]: Discovery mode enabled on eth2 May 04 18:30:43.378955 osdx hostapd[81700]: eth2: interface state UNINITIALIZED->ENABLED May 04 18:30:43.378955 osdx hostapd[81700]: eth2: AP-ENABLED May 04 18:30:46.551278 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:48.382240 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication May 04 18:30:48.382283 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added May 04 18:30:48.382293 osdx hostapd[81701]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 04 18:30:48.402924 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB-only mode: Starting MAB authentication May 04 18:30:48.402957 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query May 04 18:30:48.402971 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 May 04 18:30:48.404592 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 May 04 18:30:48.404601 osdx hostapd[81701]: eth2: RADIUS Authentication server 10.215.168.1:1812 May 04 18:30:48.404670 osdx hostapd[81701]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:30:48.404697 osdx hostapd[81701]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:30:48.404982 osdx hostapd[81701]: eth2: RADIUS Received 20 bytes from RADIUS server May 04 18:30:48.404986 osdx hostapd[81701]: eth2: RADIUS Received RADIUS message May 04 18:30:48.404990 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:30:48.404993 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response May 04 18:30:48.405003 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' May 04 18:30:48.405018 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated May 04 18:30:48.405021 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 04 18:30:48.405023 osdx hostapd[81701]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 04 18:30:48.405036 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port May 04 18:30:48.405038 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 6D5E4B2A1B91ADF6
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
May 04 18:30:50.988274 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:54.158186 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:30:57.328004 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:00.474618 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:03.635297 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:06.795844 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:08.420214 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication May 04 18:31:08.420235 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query May 04 18:31:08.420292 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 May 04 18:31:08.420324 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 May 04 18:31:08.420347 osdx hostapd[81701]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:31:08.420396 osdx hostapd[81701]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:31:08.420700 osdx hostapd[81701]: eth2: RADIUS Received 20 bytes from RADIUS server May 04 18:31:08.420705 osdx hostapd[81701]: eth2: RADIUS Received RADIUS message May 04 18:31:08.420709 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:31:08.420713 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response May 04 18:31:08.420733 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated May 04 18:31:08.420736 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 04 18:31:08.420739 osdx hostapd[81701]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 04 18:31:08.420744 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port May 04 18:31:08.420747 osdx hostapd[81701]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 6D5E4B2A1B91ADF6
Test Reauth Period In MAB-Fallback Mode
Description
This scenario shows how to configure the reauthentication period in a device with 802.1x/MAB authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode 802.1x-MAB set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18eILWxAbcMoQXGmVtvz2q5pCqjsesH59vmER4cSqll4vtlfFXQkO4xfwDvzB0Iv/CvfdEB4U68ug== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.402 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.402/0.402/0.402/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
May 04 18:31:17.386446 osdx hostapd[82279]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. May 04 18:31:17.386458 osdx hostapd[82279]: eth2: RADIUS Authentication server 10.215.168.1:1812 May 04 18:31:17.386806 osdx hostapd[82279]: connect[radius]: Network is unreachable May 04 18:31:17.386496 osdx hostapd[82279]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X+MAB-fallback, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 May 04 18:31:17.386499 osdx hostapd[82279]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 04 18:31:17.406291 osdx hostapd[82279]: Discovery mode enabled on eth2 May 04 18:31:17.406375 osdx hostapd[82279]: eth2: interface state UNINITIALIZED->ENABLED May 04 18:31:17.406375 osdx hostapd[82279]: eth2: AP-ENABLED May 04 18:31:17.406291 osdx hostapd[82279]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames May 04 18:31:20.513354 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:22.408619 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication May 04 18:31:22.408661 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added May 04 18:31:22.408669 osdx hostapd[82280]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 04 18:31:22.422324 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication May 04 18:31:22.422351 osdx hostapd[82280]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames May 04 18:31:22.422355 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB fallback mode: Scheduling MAB trigger in 30 seconds if no 802.1X response May 04 18:31:22.422358 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response May 04 18:31:22.422375 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port May 04 18:31:22.422382 osdx hostapd[82280]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 04 18:31:22.422408 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 182) May 04 18:31:24.716161 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:25.424661 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 182) May 04 18:31:28.917724 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:31.429629 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 182) May 04 18:31:33.111800 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:37.314918 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:41.512370 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:43.440629 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: aborting authentication May 04 18:31:43.440639 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: EAP max retrans reached, triggering MAB fallback immediately May 04 18:31:43.440644 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query May 04 18:31:43.440684 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 May 04 18:31:43.442844 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 May 04 18:31:43.442858 osdx hostapd[82280]: eth2: RADIUS Authentication server 10.215.168.1:1812 May 04 18:31:43.442938 osdx hostapd[82280]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:31:43.442976 osdx hostapd[82280]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:31:43.442999 osdx hostapd[82280]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 04 18:31:43.443011 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 4) May 04 18:31:43.443250 osdx hostapd[82280]: eth2: RADIUS Received 20 bytes from RADIUS server May 04 18:31:43.443255 osdx hostapd[82280]: eth2: RADIUS Received RADIUS message May 04 18:31:43.443258 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:31:43.443262 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response May 04 18:31:43.443275 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' May 04 18:31:43.443285 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated May 04 18:31:43.443288 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 04 18:31:43.443290 osdx hostapd[82280]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 04 18:31:43.443298 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port May 04 18:31:43.443301 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session E9A63462246E92D8
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
May 04 18:31:45.963588 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:49.106049 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:52.268781 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:55.449213 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:31:58.625883 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:32:01.799283 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:32:03.460596 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication May 04 18:32:03.460612 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB fallback: Scheduling MAB trigger in 30 seconds if no 802.1X response May 04 18:32:03.460615 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Timeout registered, will trigger if no 802.1X response May 04 18:32:03.460646 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port May 04 18:32:03.460651 osdx hostapd[82280]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication May 04 18:32:03.460665 osdx hostapd[82280]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 165)
Test Reauth Period In MAB-First Mode
Description
This scenario shows how to configure the reauthentication period in a device with MAB/802.1X authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth2 address 192.168.100.1/24 set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2 set interfaces ethernet eth2 authenticator aaa authentication list1 set interfaces ethernet eth2 authenticator log-level debug set interfaces ethernet eth2 authenticator mode MAB-802.1x set interfaces ethernet eth2 authenticator quiet-period 60 set interfaces ethernet eth2 authenticator reauth-period 20 set system aaa group radius radgroup1 server serv1 set system aaa list list1 method 1 group radius radgroup1 set system aaa server radius serv1 address 10.215.168.1 set system aaa server radius serv1 encrypted-key U2FsdGVkX18YDHUg++EZwCI/SGb2EwKjBalwAnWe8xo19Czj0iKQsM/z+JujFlxrV6csVqZ+jnx+q2zZxTsijQ== set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.264 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.264/0.264/0.264/0.000 ms
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth2 address 192.168.100.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
MAB: station successfully authenticatedShow output
May 04 18:32:12.298871 osdx hostapd[82884]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported. May 04 18:32:12.299101 osdx hostapd[82884]: connect[radius]: Network is unreachable May 04 18:32:12.298883 osdx hostapd[82884]: eth2: RADIUS Authentication server 10.215.168.1:1812 May 04 18:32:12.298916 osdx hostapd[82884]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=MAB-first, eap_server=0, eap_quiet_period=60, eap_max_retrans=2, mab_timeout=30 May 04 18:32:12.298919 osdx hostapd[82884]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode May 04 18:32:12.326775 osdx hostapd[82884]: Discovery mode enabled on eth2 May 04 18:32:12.326776 osdx hostapd[82884]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: enabling transmission of periodic EAP-Request frames May 04 18:32:12.326866 osdx hostapd[82884]: eth2: interface state UNINITIALIZED->ENABLED May 04 18:32:12.326866 osdx hostapd[82884]: eth2: AP-ENABLED May 04 18:32:15.420922 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:32:17.329129 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication May 04 18:32:17.329178 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added May 04 18:32:17.329188 osdx hostapd[82885]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode May 04 18:32:17.342822 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB-first mode: Starting MAB authentication May 04 18:32:17.342859 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query May 04 18:32:17.342878 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 May 04 18:32:17.345219 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 May 04 18:32:17.345232 osdx hostapd[82885]: eth2: RADIUS Authentication server 10.215.168.1:1812 May 04 18:32:17.345321 osdx hostapd[82885]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:32:17.345357 osdx hostapd[82885]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:32:17.345406 osdx hostapd[82885]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame May 04 18:32:17.345420 osdx hostapd[82885]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds May 04 18:32:17.345653 osdx hostapd[82885]: eth2: RADIUS Received 20 bytes from RADIUS server May 04 18:32:17.345660 osdx hostapd[82885]: eth2: RADIUS Received RADIUS message May 04 18:32:17.345664 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:32:17.345667 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response May 04 18:32:17.345686 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Identity set to 'de:ad:be:ef:6c:12' May 04 18:32:17.345700 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated May 04 18:32:17.345702 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 04 18:32:17.345705 osdx hostapd[82885]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 04 18:32:17.345718 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port May 04 18:32:17.345721 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 558592A2D65A1B62
Step 5: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:
IEEE 802.1X: Re-authentication period expiredShow output
May 04 18:32:19.866662 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:32:23.057996 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:32:26.224370 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:32:29.405694 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:32:32.574872 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:32:35.770231 osdx OSDxCLI[4873]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'. May 04 18:32:37.346128 osdx hostapd[82885]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Sending EAP-Request/Identity frame May 04 18:32:37.346154 osdx hostapd[82885]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Next EAP-Request/Identity retransmit in 20 seconds May 04 18:32:37.359164 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Re-authentication period expired (20 seconds), triggering re-authentication May 04 18:32:37.359177 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Starting RADIUS query May 04 18:32:37.359212 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Name = de:ad:be:ef:6c:12 May 04 18:32:37.359238 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: User-Password = de:ad:be:ef:6c:12 May 04 18:32:37.359264 osdx hostapd[82885]: eth2: RADIUS Sending RADIUS message to authentication server May 04 18:32:37.359300 osdx hostapd[82885]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds May 04 18:32:37.359566 osdx hostapd[82885]: eth2: RADIUS Received 20 bytes from RADIUS server May 04 18:32:37.359572 osdx hostapd[82885]: eth2: RADIUS Received RADIUS message May 04 18:32:37.359574 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec May 04 18:32:37.359578 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Processing RADIUS response May 04 18:32:37.359596 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: station successfully authenticated May 04 18:32:37.359598 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: MAB: Re-authentication enabled (next reauth in 20 seconds) May 04 18:32:37.359600 osdx hostapd[82885]: eth2: IEEE 802.1X IEEE 802.1X: Discovery already disabled May 04 18:32:37.359603 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port May 04 18:32:37.359606 osdx hostapd[82885]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 558592A2D65A1B62