Hello,
i have a problem with 802.1x on EX3300 with 15.1R7.9. i tried to configure dot1x + mac-based on interface, then i connected PC (with supplicant) to the switch. But the problem is that the switch constantly sends Radius-Requests message. Radius server always response with Radius-Accept.
Here is my configuration:
# show access
radius-server {
10.100.100.19 {
secret "$9$OnRb1RSLxNVY47N2aZU.mIEcSKWxNVg4J7-m5Qz9CvW87VY"; ## SECRET-DATA
source-address 10.100.100.10;
}
}
profile PacketFence {
authentication-order radius;
radius {
authentication-server 10.100.100.19;
accounting-server 10.100.100.19;
}
accounting {
order radius;
coa-immediate-update;
}
}
# show protocols dot1x
traceoptions {
file dot1x;
flag all;
}
authenticator {
authentication-profile-name PacketFence;
interface {
ge-0/0/31.0 {
supplicant multiple;
mac-radius;
}
}
}
TCPDUMP on radius server
[root@pfnc1 etc]# tcpdump -i ens192 host 10.100.100.10 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
09:11:12.837027 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd6 length: 196
09:11:12.838661 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd6 length: 64
09:11:12.853827 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd7 length: 356
09:11:12.855533 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd7 length: 1068
09:11:12.931588 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd8 length: 190
09:11:12.932207 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd8 length: 1064
09:11:13.002220 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd9 length: 190
09:11:13.002854 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd9 length: 753
09:11:13.026088 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xda length: 320
09:11:13.026954 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xda length: 115
09:11:13.062567 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdb length: 190
09:11:13.063243 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xdb length: 98
09:11:13.112453 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdc length: 245
09:11:13.113831 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xdc length: 132
09:11:13.148299 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdd length: 299
09:11:13.208807 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xdd length: 140
09:11:13.225406 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xde length: 221
09:11:13.268957 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xde length: 104
09:11:13.285463 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdf length: 230
09:11:13.286253 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Accept (2), id: 0xdf length: 203
09:11:13.377483 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xe0 length: 158
09:11:13.383322 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xe0 length: 35
09:11:13.540813 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xe1 length: 206
09:11:13.547357 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xe1 length: 35
09:11:14.797867 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe2 length: 196
09:11:14.798557 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe2 length: 64
09:11:14.815474 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe3 length: 356
09:11:14.817123 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe3 length: 1068
09:11:14.831695 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe4 length: 190
09:11:14.832272 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe4 length: 1064
09:11:14.850453 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe5 length: 190
09:11:14.851060 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe5 length: 753
09:11:14.873133 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe6 length: 320
09:11:14.873946 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe6 length: 115
09:11:14.891763 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe7 length: 190
09:11:14.892314 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe7 length: 98
09:11:14.913560 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe8 length: 245
09:11:14.914791 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe8 length: 132
09:11:14.936453 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe9 length: 299
09:11:14.995643 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe9 length: 140
09:11:15.012376 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xea length: 221
09:11:15.080365 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xea length: 104
09:11:15.095505 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xeb length: 230
09:11:15.096362 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Accept (2), id: 0xeb length: 203
09:11:15.182479 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xec length: 158
09:11:15.188197 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xec length: 35
09:11:15.338501 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xed length: 206
09:11:15.345245 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xed length: 35
i deployed 802.1x on EX3400 21.1R1.11 and everything works fine.
Could you help me?
Thanks Marek Hrbáč
------------------------------
MAREK HRBAC
------------------------------