Junos OS

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  802.1x on EX3300

    Posted 09-06-2021 05:21
      |   view attached

    Hello,
    i have a problem with 802.1x on EX3300 with 15.1R7.9.  i tried to configure dot1x + mac-based on interface,  then i connected PC (with supplicant) to the switch. But the problem is that the switch  constantly sends Radius-Requests message. Radius server always response with Radius-Accept.

     
    Here is my configuration:
    # show access
    radius-server {

    10.100.100.19 {
    secret "$9$OnRb1RSLxNVY47N2aZU.mIEcSKWxNVg4J7-m5Qz9CvW87VY"; ## SECRET-DATA
    source-address 10.100.100.10;
    }
    }
    profile PacketFence {
    authentication-order radius;
    radius {
    authentication-server 10.100.100.19;
    accounting-server 10.100.100.19;
    }
    accounting {
    order radius;
    coa-immediate-update;
    }
    }

    # show protocols dot1x
    traceoptions {
    file dot1x;
    flag all;
    }
    authenticator {
    authentication-profile-name PacketFence;
    interface {
    ge-0/0/31.0 {
    supplicant multiple;
    mac-radius;
    }
    }
    }


    TCPDUMP on radius server
    [root@pfnc1 etc]# tcpdump -i ens192 host 10.100.100.10 -nn
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
    09:11:12.837027 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd6 length: 196
    09:11:12.838661 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd6 length: 64
    09:11:12.853827 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd7 length: 356
    09:11:12.855533 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd7 length: 1068
    09:11:12.931588 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd8 length: 190
    09:11:12.932207 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd8 length: 1064
    09:11:13.002220 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd9 length: 190
    09:11:13.002854 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd9 length: 753
    09:11:13.026088 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xda length: 320
    09:11:13.026954 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xda length: 115
    09:11:13.062567 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdb length: 190
    09:11:13.063243 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xdb length: 98
    09:11:13.112453 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdc length: 245
    09:11:13.113831 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xdc length: 132
    09:11:13.148299 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdd length: 299
    09:11:13.208807 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xdd length: 140
    09:11:13.225406 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xde length: 221
    09:11:13.268957 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xde length: 104
    09:11:13.285463 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdf length: 230
    09:11:13.286253 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Accept (2), id: 0xdf length: 203
    09:11:13.377483 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xe0 length: 158
    09:11:13.383322 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xe0 length: 35
    09:11:13.540813 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xe1 length: 206
    09:11:13.547357 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xe1 length: 35
    09:11:14.797867 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe2 length: 196
    09:11:14.798557 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe2 length: 64
    09:11:14.815474 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe3 length: 356
    09:11:14.817123 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe3 length: 1068
    09:11:14.831695 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe4 length: 190
    09:11:14.832272 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe4 length: 1064
    09:11:14.850453 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe5 length: 190
    09:11:14.851060 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe5 length: 753
    09:11:14.873133 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe6 length: 320
    09:11:14.873946 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe6 length: 115
    09:11:14.891763 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe7 length: 190
    09:11:14.892314 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe7 length: 98
    09:11:14.913560 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe8 length: 245
    09:11:14.914791 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe8 length: 132
    09:11:14.936453 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe9 length: 299
    09:11:14.995643 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe9 length: 140
    09:11:15.012376 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xea length: 221
    09:11:15.080365 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xea length: 104
    09:11:15.095505 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xeb length: 230
    09:11:15.096362 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Accept (2), id: 0xeb length: 203
    09:11:15.182479 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xec length: 158
    09:11:15.188197 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xec length: 35
    09:11:15.338501 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xed length: 206
    09:11:15.345245 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xed length: 35

    i deployed 802.1x on EX3400 21.1R1.11 and everything works fine.

    Could you help me?
    Thanks Marek Hrbáč



    ------------------------------
    MAREK HRBAC
    ------------------------------

    Attachment(s)

    zip
    logs.zip   7 KB 1 version