Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to interpret the output of debug dot1x all logs

0

0

Article ID: KB20903 KB Last Updated: 23 Aug 2011Version: 1.0
Summary:
This article provides information on how to interpret the output of 'debug dot1x all' logs.
Symptoms:
The messages we should look for while debugging 802.1x authentication issues.

Environment:

A customer has configured 802.1x, for passing EAP-TLS messages in Ethernet frames, for authentication. The customer is using RADIUS server to authenticate users.

set auth-server "RADIUS" radius port 1812
set auth-server "RADIUS" radius secret <secret>
set auth radius accounting port 1646
set auth-server "RADIUS" account-type xauth 802.1X
set interface ethernet0/2 dot1x
set interface ethernet0/2 dot1x control-mode interface
set interface ethernet0/2 dot1x max-user 1
set interface ethernet0/2 dot1x reauth-period 10
set interface ethernet0/2 dot1x auth-server RADIUS

Solution:
Below is the output of debug dot1x all and debug auth radius.
## 2011-04-07 21:53:41 : [1X] eap signal enqueue success. type 1
## 2011-04-07 21:53:41 : [1X] eap low layer event trigger
## 2011-04-07 21:53:41 : [1X] eap signal dequeue success. type 1
## 2011-04-07 21:53:41 : [1X|PAK] rx eap packet, code 2 id 7
   len 1492 type 13--> EAP packet being received
## 2011-04-07 21:53:41 : [1X|SESS] search if ethernet0/2 host 0016d4ee17e1 nsrp_id 0 in db-> searching for the dot1x session
## 2011-04-07 21:53:41 : [1X|FSM] state IDLE2->RECEIVED2, eap_sess 1 host 0016d4ee17e1 if ethernet0/2
## 2011-04-07 21:53:41 : [1X|FSM] state RECEIVED2->AAA_REQUEST, eap_sess 1 host
   0016d4ee17e1 if ethernet0/2--> request for authentication being received from the client
## 2011-04-07 21:53:41 : [1x|AS] aaa client tx q enqueue, eap_sess 1
## 2011-04-07 21:53:41 : [1X|AS] aaac tx event trigger
## 2011-04-07 21:53:41 : [1X|AS] start to build radius packet,
   eap_sess 1--> authentication module is triggered

[1X|PAK] Radius packet built
code 1 id 7 length 1663
## 2011-04-07 21:53:41 : [1X|AS] radius packet sent to
   10.10.10.122:1812--> request sent to radius
## 2011-04-07 21:53:41 : [1X|AS] radius client send to 10.10.10.122:1812. sock 91 ret 0
## 2011-04-07 21:53:41 : [1X|AS] recv radius packet from 10.10.10.122, len 69
## 2011-04-07 21:53:41 : [1X|PAK] radius recv a packet,
   len 69 type ACCESS_CHALLENGE--> receiving Response from the server
04306c10: 0b 07 00 45 1a 38 20 a4 6f db 7f db 18 55 d2 8b ...E.8.. o....U..
04306c20: 1b 54 4e 1d 18 11 53 42 52 2d 43 48 20 31 33 31 .TN...SB R-CH.131
04306c30: 34 37 7c 37 00 4f 08 01 08 00 06 0d 00 1b 06 00 47|7.O.. ........
04306c40: 00 00 1e 50 12 e1 d5 93 ad 9e 31 b2 11 d7 4e 69 ...P.... ..1...Ni
04306c50: 00 b6 11 1a 52 ....R
## 2011-04-07 21:53:41 : [1X|AV] rc_avpair_gen: received attribute 24
## 2011-04-07 21:53:41 : [1X|AV] rc_avpair_gen: received attribute 79
+++++++++++++++++++++++++++
RADIUS packet recv attributes:
State:(SBR-CH 13147|7\00)
EAP-Message:(\01\08\00\06\0D\00)
Session-Timeout:(30)
Message-Authenticator:(\E1\D5\93\AD\9E\31\B2\11\D7\4E\69\00\B6\11\1A\52)
+++++++++++++++++++++++++++
## 2011-04-07 21:53:41 : [1X|FSM] state AAA_IDLE->AAA_RESPONSE, eap_sess 1 host
   0016d4ee17e1 if ethernet0/2--> sending respond to the client
## 2011-04-07 21:53:41 : [1X|FSM] state AAA_RESPONSE->SEND_REQUEST2, eap_sess 1 host 0016d4ee17e1 if ethernet0/2
## 2011-04-07 21:53:41 : [1X|FSM] state SEND_REQUEST2->IDLE2, eap_sess 1 host 0016d4ee17e1 if ethernet0/2
## 2011-04-07 21:53:41 : [1X|PAK] Rx EAPOL packet, ver 1 type 0 len 253
.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search