Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  802.1x on EX3300

    Posted 09-06-2021 05:21
      |   view attached

    Hello,
    i have a problem with 802.1x on EX3300 with 15.1R7.9.  i tried to configure dot1x + mac-based on interface,  then i connected PC (with supplicant) to the switch. But the problem is that the switch  constantly sends Radius-Requests message. Radius server always response with Radius-Accept.

     
    Here is my configuration:
    # show access
    radius-server {

    10.100.100.19 {
    secret "$9$OnRb1RSLxNVY47N2aZU.mIEcSKWxNVg4J7-m5Qz9CvW87VY"; ## SECRET-DATA
    source-address 10.100.100.10;
    }
    }
    profile PacketFence {
    authentication-order radius;
    radius {
    authentication-server 10.100.100.19;
    accounting-server 10.100.100.19;
    }
    accounting {
    order radius;
    coa-immediate-update;
    }
    }

    # show protocols dot1x
    traceoptions {
    file dot1x;
    flag all;
    }
    authenticator {
    authentication-profile-name PacketFence;
    interface {
    ge-0/0/31.0 {
    supplicant multiple;
    mac-radius;
    }
    }
    }


    TCPDUMP on radius server
    [root@pfnc1 etc]# tcpdump -i ens192 host 10.100.100.10 -nn
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
    09:11:12.837027 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd6 length: 196
    09:11:12.838661 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd6 length: 64
    09:11:12.853827 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd7 length: 356
    09:11:12.855533 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd7 length: 1068
    09:11:12.931588 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd8 length: 190
    09:11:12.932207 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd8 length: 1064
    09:11:13.002220 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xd9 length: 190
    09:11:13.002854 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xd9 length: 753
    09:11:13.026088 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xda length: 320
    09:11:13.026954 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xda length: 115
    09:11:13.062567 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdb length: 190
    09:11:13.063243 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xdb length: 98
    09:11:13.112453 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdc length: 245
    09:11:13.113831 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xdc length: 132
    09:11:13.148299 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdd length: 299
    09:11:13.208807 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xdd length: 140
    09:11:13.225406 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xde length: 221
    09:11:13.268957 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xde length: 104
    09:11:13.285463 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xdf length: 230
    09:11:13.286253 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Accept (2), id: 0xdf length: 203
    09:11:13.377483 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xe0 length: 158
    09:11:13.383322 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xe0 length: 35
    09:11:13.540813 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xe1 length: 206
    09:11:13.547357 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xe1 length: 35
    09:11:14.797867 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe2 length: 196
    09:11:14.798557 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe2 length: 64
    09:11:14.815474 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe3 length: 356
    09:11:14.817123 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe3 length: 1068
    09:11:14.831695 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe4 length: 190
    09:11:14.832272 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe4 length: 1064
    09:11:14.850453 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe5 length: 190
    09:11:14.851060 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe5 length: 753
    09:11:14.873133 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe6 length: 320
    09:11:14.873946 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe6 length: 115
    09:11:14.891763 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe7 length: 190
    09:11:14.892314 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe7 length: 98
    09:11:14.913560 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe8 length: 245
    09:11:14.914791 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe8 length: 132
    09:11:14.936453 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xe9 length: 299
    09:11:14.995643 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xe9 length: 140
    09:11:15.012376 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xea length: 221
    09:11:15.080365 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Challenge (11), id: 0xea length: 104
    09:11:15.095505 IP 10.100.100.10.62321 > 10.100.100.19.1812: RADIUS, Access-Request (1), id: 0xeb length: 230
    09:11:15.096362 IP 10.100.100.19.1812 > 10.100.100.10.62321: RADIUS, Access-Accept (2), id: 0xeb length: 203
    09:11:15.182479 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xec length: 158
    09:11:15.188197 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xec length: 35
    09:11:15.338501 IP 10.100.100.10.62321 > 10.100.100.19.1813: RADIUS, Accounting-Request (4), id: 0xed length: 206
    09:11:15.345245 IP 10.100.100.19.1813 > 10.100.100.10.62321: RADIUS, Accounting-Response (5), id: 0xed length: 35

    i deployed 802.1x on EX3400 21.1R1.11 and everything works fine.

    Could you help me?
    Thanks Marek Hrbáč



    ------------------------------
    MAREK HRBAC
    ------------------------------

    Attachment(s)

    zip
    logs.zip   7 KB 1 version