Re: IEEE 802.1X support with Host AP driver


From: Mody Sachin \(Princeton\) (ModyS_at_tce.com)
Date: 2002-09-24 22:16:58 UTC



Hi,
I've been trying to use the hostapd 802.1x to do EAP/TTLS and EAP/TLS authentication and I seem to be having a problem. Following if the description of my system setup and the problem that i have been having:

Client Machine:
Windows 2000. 802.1x client from Funnk Software, capable of TLS and TTLS. Orinoco Silver Card with support for dynamic keys and 802.1x

Access Point:
Hostapd software with Linksys WPC11 card, Linux PC, kernel 2.4.7-10

Authenticatio Server:
MeetingHouse.com Aegis server on same machine as the AP. The Aegis server works as a TTLS proxy, with FreeRadius as the final authentication serevr.(EAP-MD5 as the authentication protocol within the tunnel).

Everytime I try the TLS or TTLS authentication I get an error message saying Message too long on a ieee802.1x send.
Below are the debug messages for the problem, this is for the EAP-TLS case, the problem with EAP-TTLS is also exactly the same: (Its very long)

"opening raw packet socket for ifindex 6 Using interface wlan0ap with hwaddr 00:06:25:a8:74:3a and ssid '802.1X' Flushing old station entries

Received 30 bytes management frame
  dump: b0 00 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a b0 00 00 00 01 00 00 00
MGMT
mgmt::auth
authentication: STA=00:02:2d:2b:0e:cb auth_alg=0 auth_transaction=1 status_code=0 New STA
Station 00:02:2d:2b:0e:cb authenticated (open system) Received 42 bytes management frame
  dump: 00 00 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a c0 00 11 00 01 00 00 06 38 30 32 2e 31 58 01 04 02 04 0b 16 MGMT
mgmt::assoc_req
association request: STA=00:02:2d:2b:0e:cb capab_info=0x11 listen_interval=1   new AID 1
Station 00:02:2d:2b:0e:cb associated (aid 1)

IEEE 802.1X: Start authentication for new station 00:02:2d:2b:0e:cb
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_KEY_TX entering state NO_KEY_TRANSMIT
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: Unauthorizing station 00:02:2d:2b:0e:cb
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:02:2d:2b:0e:cb
(identifier 0)IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state IDLE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:2b:0e:cb (identifier
1)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE Received 51 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a d0 00 aa aa 03 00 00 00 88 8e 01 00 00 0f 02 01 00 0f 01 38 30 32 31 78 2d 75 73 65 72
DATA
IEEE 802.1X: 19 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=15    EAP: code=2 identifier=1 length=15 (response)    EAP Response-Identity
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state AUTHENTICATING IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=160

   Attribute 1 (User-Name) length=12

      Value: '8021x-user'
   Attribute 4 (NAS-IP-Address) length=6

      Value: 192.168.0.100
   Attribute 5 (NAS-Port) length=6

      Value: 1
   Attribute 30 (Called-Station-Id) length=26

      Value: '00-06-25-A8-74-3A:802.1X'
   Attribute 31 (Calling-Station-Id) length=19

      Value: '00-02-2D-2B-0E-CB'
   Attribute 12 (Framed-MTU) length=6

      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6

      Value: 19
   Attribute 77 (Connect-Info) length=24

      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=17
   Attribute 80 (Message-Authenticator) length=18 IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE Received 98 bytes from authentication server Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=98

   Attribute 79 (EAP-Message) length=39
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
RADIUS packet matching with station 00:02:2d:2b:0e:cb
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:02:2d:2b:0e:cb (identifier 2)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a f0 00 aa aa 03 00 00 00 88 8e 01 00 00 06 02 02 00 06 03 0d DATA
IEEE 802.1X: 10 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=6    EAP: code=2 identifier=2 length=6 (response)    EAP Response-Nak
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=172

   Attribute 1 (User-Name) length=12

      Value: '8021x-user'
   Attribute 4 (NAS-IP-Address) length=6

      Value: 192.168.0.100
   Attribute 5 (NAS-Port) length=6

      Value: 1
   Attribute 30 (Called-Station-Id) length=26

      Value: '00-06-25-A8-74-3A:802.1X'
   Attribute 31 (Calling-Station-Id) length=19

      Value: '00-02-2D-2B-0E-CB'
   Attribute 12 (Framed-MTU) length=6

      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6

      Value: 19
   Attribute 77 (Connect-Info) length=24

      Value: 'CONNECT 11Mbps 802.11b'

   Attribute 79 (EAP-Message) length=8
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE Received 67 bytes from authentication server Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=67
   Attribute 79 (EAP-Message) length=8
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
RADIUS packet matching with station 00:02:2d:2b:0e:cb
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:02:2d:2b:0e:cb (identifier 3)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 134 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a 00 01 aa aa 03 00 00 00 88 8e 01 00 00 62 02 03 00 62 0d 80 00 00 00 58 16 03 01 00 53 01 00 00 4f 03 01 3d 90 c4 5d 6a dc 71 22 9c f2 a0 38 da 50 39 64 68 02 9f 4d 3d fb 92 1c dc d0 e8 fc a1 e5 0e a1 00 00 28 00 16 00 13 00 66 00 15 00 12 00 0a 00 05 00 04 00 09 00 63 00 65 00 60 00 62 00 61 00 64 00 14 00 11 00 03 00 06 00 08 01 00 DATA
IEEE 802.1X: 102 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=98    EAP: code=2 identifier=3 length=98 (response)    EAP Response-TLS
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=2 length=264

   Attribute 1 (User-Name) length=12

      Value: '8021x-user'
   Attribute 4 (NAS-IP-Address) length=6

      Value: 192.168.0.100
   Attribute 5 (NAS-Port) length=6

      Value: 1
   Attribute 30 (Called-Station-Id) length=26

      Value: '00-06-25-A8-74-3A:802.1X'
   Attribute 31 (Calling-Station-Id) length=19

      Value: '00-02-2D-2B-0E-CB'
   Attribute 12 (Framed-MTU) length=6

      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6

      Value: 19
   Attribute 77 (Connect-Info) length=24

      Value: 'CONNECT 11Mbps 802.11b'

   Attribute 79 (EAP-Message) length=100
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE Received 2369 bytes from authentication server Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=2369
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=15
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
RADIUS packet matching with station 00:02:2d:2b:0e:cb IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:02:2d:2b:0e:cb (identifier 4)
ieee802_1x_send: send: Message too long
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 29 0 3599 29)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 28 0 3599 28)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 27 0 3599 27)

-do-
-do-
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 11 0 3599 11)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 10 0 3599 10)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 36 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a 30 01 aa aa 03 00 00 00 88 8e 01 01 00 00
DATA
IEEE 802.1X: 4 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=1 length=0    EAPOL-Start

IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state ABORTING
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:2b:0e:cb (identifier
5)
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state IDLE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 51 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a 40 01 aa aa 03 00 00 00 88 8e 01 00 00 0f 02 05 00 0f 01 38 30 32 31 78 2d 75 73 65 72
DATA
IEEE 802.1X: 19 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=15    EAP: code=2 identifier=5 length=15 (response)    EAP Response-Identity
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state AUTHENTICATING IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=3 length=181

   Attribute 1 (User-Name) length=12

      Value: '8021x-user'
   Attribute 4 (NAS-IP-Address) length=6

      Value: 192.168.0.100
   Attribute 5 (NAS-Port) length=6

      Value: 1
   Attribute 30 (Called-Station-Id) length=26

      Value: '00-06-25-A8-74-3A:802.1X'
   Attribute 31 (Calling-Station-Id) length=19

      Value: '00-02-2D-2B-0E-CB'
   Attribute 12 (Framed-MTU) length=6

      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6

      Value: 19
   Attribute 77 (Connect-Info) length=24

      Value: 'CONNECT 11Mbps 802.11b'

   Attribute 79 (EAP-Message) length=17
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 29 0 3599 29)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 28 0 3599 28)
-do-
-do-
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 11 0 3599 11)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 10 0 3599 10)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 36 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a 50 01 aa aa 03 00 00 00 88 8e 01 01 00 00
DATA
IEEE 802.1X: 4 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=1 length=0    EAPOL-Start

IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state ABORTING
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:2b:0e:cb (identifier
6)
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state IDLE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: Unauthorizing station 00:02:2d:2b:0e:cb
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:02:2d:2b:0e:cb
(identifier 6)IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state CONNECTING IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:2b:0e:cb (identifier 7)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 51 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a 60 01 aa aa 03 00 00 00 88 8e 01 00 00 0f 02 06 00 0f 01 38 30 32 31 78 2d 75 73 65 72
DATA
IEEE 802.1X: 19 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=15    EAP: code=2 identifier=6 length=15 (response) EAP Identifier of the Response-Identity from 00:02:2d:2b:0e:cb does not match (was 6, expected 7)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE Received 51 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a 70 01 aa aa 03 00 00 00 88 8e 01 00 00 0f 02 07 00 0f 01 38 30 32 31 78 2d 75 73 65 72
DATA
IEEE 802.1X: 19 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=15    EAP: code=2 identifier=7 length=15 (response)    EAP Response-Identity
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state AUTHENTICATING IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=4 length=181

   Attribute 1 (User-Name) length=12

      Value: '8021x-user'
   Attribute 4 (NAS-IP-Address) length=6

      Value: 192.168.0.100
   Attribute 5 (NAS-Port) length=6

      Value: 1
   Attribute 30 (Called-Station-Id) length=26

      Value: '00-06-25-A8-74-3A:802.1X'
   Attribute 31 (Calling-Station-Id) length=19

      Value: '00-02-2D-2B-0E-CB'
   Attribute 12 (Framed-MTU) length=6

      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6

      Value: 19
   Attribute 77 (Connect-Info) length=24

      Value: 'CONNECT 11Mbps 802.11b'

   Attribute 79 (EAP-Message) length=17
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 29 0 3599 29) IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
-do-
-do-
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 10 0 3599 10)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 36 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a 80 01 aa aa 03 00 00 00 88 8e 01 01 00 00
DATA
IEEE 802.1X: 4 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=1 length=0    EAPOL-Start

IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state ABORTING
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:2b:0e:cb (identifier
8)
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state IDLE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 51 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a 90 01 aa aa 03 00 00 00 88 8e 01 00 00 0f 02 08 00 0f 01 38 30 32 31 78 2d 75 73 65 72
DATA
IEEE 802.1X: 19 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=15    EAP: code=2 identifier=8 length=15 (response)    EAP Response-Identity
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state AUTHENTICATING IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=5 length=181

   Attribute 1 (User-Name) length=12

      Value: '8021x-user'
   Attribute 4 (NAS-IP-Address) length=6

      Value: 192.168.0.100
   Attribute 5 (NAS-Port) length=6

      Value: 1
   Attribute 30 (Called-Station-Id) length=26

      Value: '00-06-25-A8-74-3A:802.1X'
   Attribute 31 (Calling-Station-Id) length=19

      Value: '00-02-2D-2B-0E-CB'
   Attribute 12 (Framed-MTU) length=6

      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6

      Value: 19
   Attribute 77 (Connect-Info) length=24

      Value: 'CONNECT 11Mbps 802.11b'

   Attribute 79 (EAP-Message) length=17
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 29 0 3599 29)
-do-
-do-
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 10 0 3599 10)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 36 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a a0 01 aa aa 03 00 00 00 88 8e 01 01 00 00
DATA
IEEE 802.1X: 4 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=1 length=0    EAPOL-Start

IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state ABORTING
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:2b:0e:cb (identifier
9)
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state IDLE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: Unauthorizing station 00:02:2d:2b:0e:cb
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:02:2d:2b:0e:cb
(identifier 9)IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state CONNECTING IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:2b:0e:cb (identifier 10)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 51 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a b0 01 aa aa 03 00 00 00 88 8e 01 00 00 0f 02 09 00 0f 01 38 30 32 31 78 2d 75 73 65 72
DATA
IEEE 802.1X: 19 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=15    EAP: code=2 identifier=9 length=15 (response) EAP Identifier of the Response-Identity from 00:02:2d:2b:0e:cb does not match (was 9, expected 10)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE Received 51 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a c0 01 aa aa 03 00 00 00 88 8e 01 00 00 0f 02 0a 00 0f 01 38 30 32 31 78 2d 75 73 65 72
DATA
IEEE 802.1X: 19 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=15    EAP: code=2 identifier=10 length=15 (response)    EAP Response-Identity
IEEE 802.1X: 00:02:2d:2b:0e:cb AUTH_PAE entering state AUTHENTICATING IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=6 length=181

   Attribute 1 (User-Name) length=12

      Value: '8021x-user'
   Attribute 4 (NAS-IP-Address) length=6

      Value: 192.168.0.100
   Attribute 5 (NAS-Port) length=6

      Value: 1
   Attribute 30 (Called-Station-Id) length=26

      Value: '00-06-25-A8-74-3A:802.1X'
   Attribute 31 (Calling-Station-Id) length=19

      Value: '00-02-2D-2B-0E-CB'
   Attribute 12 (Framed-MTU) length=6

      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6

      Value: 19
   Attribute 77 (Connect-Info) length=24

      Value: 'CONNECT 11Mbps 802.11b'

   Attribute 79 (EAP-Message) length=17
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE Received 98 bytes from authentication server Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=6 length=98
   Attribute 79 (EAP-Message) length=39
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
RADIUS packet matching with station 00:02:2d:2b:0e:cb
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:02:2d:2b:0e:cb (identifier 11)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a d0 01 aa aa 03 00 00 00 88 8e 01 00 00 06 02 0b 00 06 03 0d DATA
IEEE 802.1X: 10 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=6    EAP: code=2 identifier=11 length=6 (response)    EAP Response-Nak
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=7 length=172

   Attribute 1 (User-Name) length=12

      Value: '8021x-user'
   Attribute 4 (NAS-IP-Address) length=6

      Value: 192.168.0.100
   Attribute 5 (NAS-Port) length=6

      Value: 1
   Attribute 30 (Called-Station-Id) length=26

      Value: '00-06-25-A8-74-3A:802.1X'
   Attribute 31 (Calling-Station-Id) length=19

      Value: '00-02-2D-2B-0E-CB'
   Attribute 12 (Framed-MTU) length=6

      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6

      Value: 19
   Attribute 77 (Connect-Info) length=24

      Value: 'CONNECT 11Mbps 802.11b'

   Attribute 79 (EAP-Message) length=8
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE Received 67 bytes from authentication server Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=67
   Attribute 79 (EAP-Message) length=8
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
RADIUS packet matching with station 00:02:2d:2b:0e:cb
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:02:2d:2b:0e:cb (identifier 12)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Received 134 bytes management frame
  dump: 08 01 02 01 00 06 25 a8 74 3a 00 02 2d 2b 0e cb 00 06 25 a8 74 3a e0 01 aa aa 03 00 00 00 88 8e 01 00 00 62 02 0c 00 62 0d 80 00 00 00 58 16 03 01 00 53 01 00 00 4f 03 01 3d 90 c4 ad 3c 0a 2f 2e 2f a2 48 c3 2d 60 4f 1a d1 72 c0 39 3a e0 d3 f0 9b 60 d4 f9 90 90 99 6e 00 00 28 00 16 00 13 00 66 00 15 00 12 00 0a 00 05 00 04 00 09 00 63 00 65 00 60 00 62 00 61 00 64 00 14 00 11 00 03 00 06 00 08 01 00 DATA
IEEE 802.1X: 102 bytes from 00:02:2d:2b:0e:cb

   IEEE 802.1X: version=1 type=0 length=98    EAP: code=2 identifier=12 length=98 (response)    EAP Response-TLS
IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=8 length=264

   Attribute 1 (User-Name) length=12

      Value: '8021x-user'
   Attribute 4 (NAS-IP-Address) length=6

      Value: 192.168.0.100
   Attribute 5 (NAS-Port) length=6

      Value: 1
   Attribute 30 (Called-Station-Id) length=26

      Value: '00-06-25-A8-74-3A:802.1X'
   Attribute 31 (Calling-Station-Id) length=19

      Value: '00-02-2D-2B-0E-CB'
   Attribute 12 (Framed-MTU) length=6

      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6

      Value: 19
   Attribute 77 (Connect-Info) length=24

      Value: 'CONNECT 11Mbps 802.11b'

   Attribute 79 (EAP-Message) length=100
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE Received 2369 bytes from authentication server Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=8 length=2369
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=15
   Attribute 24 (State) length=21
   Attribute 80 (Message-Authenticator) length=18
RADIUS packet matching with station 00:02:2d:2b:0e:cb IEEE 802.1X: 00:02:2d:2b:0e:cb BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:02:2d:2b:0e:cb (identifier 13)
ieee802_1x_send: send: Message too long
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 29 0 3599 29)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:2b:0e:cb Port Timers TICK (timers: 28 0 3599 28)
IEEE 802.1X: 00:02:2d:2b:0e:cb REAUTH_TIMER entering state INITIALIZE
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations

Has anyone else had a similar problem trying to use TLS? I'm not trying to use encryption as yet.

Regards,   

Sachin S. Mody
Thomson Multimedia, Corporate Research
2 Independence Way,
Princeton, NJ 08543
Ph# 609-987-7321
Fax# 609-987-7299



This archive was generated by hypermail 2.1.4.