Using wpa_supplicant for 802.1x wired network.

phil lemelin phil.lemelin
Mon Mar 23 08:55:33 PDT 2009 

Good morning mailing list users,

I am configuring my network to test different security approach and I'm
currently testing a dell switch with port based authentication ( 802.1x )
against a radius server. I have one question and one issue I would like
suggestions on.

First, the issue :

At the moment, I start wpa_supplicant and it correctly authenticate the my
box to the network. I restart the networking and I can access my network.
However, if I reboot the machine and start wpa_supplicant once I'm logged, I
cant authenticate unless I manually unplug and replug the network cable.
Now, I would like to know if it's a switch issue or an OS issue or a
wpa_supplicant issue.  (See the wpa_supplicant -dd log after.) Mainly  I see

EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE


Finnaly, the question :

Now, i've setup wpa_supplicant, it mostly works, but i'm doing everything
manually, ie : start wpa_supplicant, get authenticated, restart the network,
get my ip. Do you have a suggestion on how to automate the process ? Can
wpa_supplicant restart the network and ask an IP ?

I hope someone can help me figure it out !

Thank you in advance.

############## Start of wpa_supplicant log ##################
[root at localhost phil]# wpa_supplicant -dd -w -Dwired -i eth0 -c
/etc/wpa_supplicant.conf
Initializing interface 'eth0' conf '/etc/wpa_supplicant.conf' driver 'wired'
ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
eapol_version=1
ap_scan=0
fast_reauth=1
Line: 763 - start of a new network block
key_mgmt: 0x8
eap methods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00
00
identity - hexdump_ascii(len=3):
     62 6f 62                                          bob
password - hexdump_ascii(len=5): [REMOVED]
eapol_flags=0 (0x0)
Priority group 0
   id=0 ssid=''
Initializing interface (2) 'eth0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wired_init: Added multicast membership with packet socket
Own MAC address: 00:04:5f:87:c5:ba
RSN: flushing PMKID list in the driver
Setting scan request: 0 sec 100000 usec
Added interface eth0
EAPOL: External notification - portControl=Auto
Already associated with a configured network - generating associated event
Association info event
State: DISCONNECTED -> ASSOCIATED
Associated to a new BSS: BSSID=01:80:c2:00:00:03
No keys have been configured - skip key clearing
Network configuration found for the current AP
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: clearing own WPA/RSN IE
EAPOL: External notification - portControl=Auto
Associated with 01:80:c2:00:00:03
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Cancelling scan request
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=4): 01 01 00 00
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=4): 01 01 00 00
EAPOL: idleWhile --> 0
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0



--
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20090323/94297482/attachment.htm

More information about the Hostap mailing list