802.1X Radius, OpenSSL, LDAP

SherR -  
 SherR -
Bonjour, Je réalise un projet de fin d'année dans lequel je dois mettre en place le protocole 802.1X avec un switch cisco 3650, un PC windows 7 ainsi qu'un serveur radius et LDAP basé sur CentOS 6.

J'ai réussi à faire communiquer Radius et ldap, j'ai également généré des certificats et réaliser des test grâce au login et mot de passe stocker sur ldap.

Mon problème est que je n'arrive pas à comprendre la communication entre radius et le switch cisco. En mode debug j'obtiens des erreurs que je ne trouve pas sur internet. help :(
A voir également:

1 réponse

Réponse 1 / 1
brupala Messages postés 112026 Date d'inscription   Statut Membre Dernière intervention   14 174
 
Salut,
Dans les logs, tu as quoi ?
0
SherR
 
Salut, j'ai ça attend :
  • Feb 19 18:31:55.218: dot1x-ev:[Gi1/0/19] Interface state changed to UP
  • Feb 19 18:31:55.219: dot1x-ev:DOT1X Supplicant not enabled on GigabitEthernet1/0/19
  • Feb 19 18:31:55.235: dot1x-packet:[f0de.f12a.ba5a, Gi1/0/19] queuing an EAPOL pkt on Auth Q
  • Feb 19 18:31:55.236: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
  • Feb 19 18:31:55.236: dot1x-packet: length: 0x0000
  • Feb 19 18:31:55.236: dot1x-ev:[Gi1/0/19] Dequeued pkt: Int Gi1/0/19 CODE= 0,TYPE= 0,LEN= 0
  • Feb 19 18:31:55.236: dot1x-ev:[Gi1/0/19] Received pkt saddr =f0de.f12a.ba5a , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
  • Feb 19 18:31:55.236: dot1x-ev:[Gi1/0/19] Couldn't find the supplicant in the list
  • Feb 19 18:31:55.236: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] New client detected, sending session start event for f0de.f12a.ba5a
  • Feb 19 18:31:55.243: dot1x-err:AAA auth ready returns Unknown error 0, result = TRUE
  • Feb 19 18:31:55.243: dot1x_auth Gi1/0/19: initial state auth_initialize has enter
  • Feb 19 18:31:55.244: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002: initialising
  • Feb 19 18:31:55.244: dot1x_auth Gi1/0/19: during state auth_initialize, got event 0(cfg_auto)
  • Feb 19 18:31:55.244: @@@ dot1x_auth Gi1/0/19: auth_initialize -> auth_disconnected
  • Feb 19 18:31:55.244: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002: disconnected
  • Feb 19 18:31:55.244: dot1x_auth Gi1/0/19: idle during state auth_disconnected
  • Feb 19 18:31:55.244: @@@ dot1x_auth Gi1/0/19: auth_disconnected -> auth_restart
  • Feb 19 18:31:55.244: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002: entering restart
  • Feb 19 18:31:55.244: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] Sending create new context event to EAP for 0xCF000002 (f0de.f12a.ba5a)
  • Feb 19 18:31:55.244: dot1x_auth_bend Gi1/0/19: initial state auth_bend_initialize has enter
  • Feb 19 18:31:55.244: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002: entering init state
  • Feb 19 18:31:55.244: dot1x_auth_bend Gi1/0/19: initial state auth_bend_initialize has idle
  • Feb 19 18:31:55.244: dot1x_auth_bend Gi1/0/19: during state auth_bend_initialize, got event 16383(idle)
  • Feb 19 18:31:55.244: @@@ dot1x_auth_bend Gi1/0/19: auth_bend_initialize -> auth_bend_idle
  • Feb 19 18:31:55.244: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002:entering idle state
  • Feb 19 18:31:55.244: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] Created a client entry (0xCF000002)
  • Feb 19 18:31:55.244: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] Dot1x authentication started for 0xCF000002 (f0de.f12a.ba5a)
  • Feb 19 18:31:55.245: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] Posting !EAP_RESTART on Client 0xCF000002
  • Feb 19 18:31:55.245: dot1x_auth Gi1/0/19: during state auth_restart, got event 6(no_eapRestart)
  • Feb 19 18:31:55.245: @@@ dot1x_auth Gi1/0/19: auth_restart -> auth_connecting
  • Feb 19 18:31:55.245: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002:enter connecting state
  • Feb 19 18:31:55.245: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002: restart connecting
  • Feb 19 18:31:55.246: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] Posting RX_REQ on Client 0xCF000002
  • Feb 19 18:31:55.246: dot1x_auth Gi1/0/19: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
  • Feb 19 18:31:55.246: @@@ dot1x_auth Gi1/0/19: auth_connecting -> auth_authenticating
  • Feb 19 18:31:55.246: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002: authenticating state entered
  • Feb 19 18:31:55.246: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002:connecting authenticating action
  • Feb 19 18:31:55.246: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] Posting AUTH_START for 0xCF000002
  • Feb 19 18:31:55.246: dot1x_auth_bend Gi1/0/19: during state auth_bend_idle, got event 4(eapReq_authStart)
  • Feb 19 18:31:55.246: @@@ dot1x_auth_bend Gi1/0/19: auth_bend_idle -> auth_bend_request
  • Feb 19 18:31:55.246: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002:entering request state
  • Feb 19 18:31:55.246: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] Sending EAPOL packet
  • Feb 19 18:31:55.246: dot1x-registry:registry:dot1x_ether_macaddr called
  • Feb 19 18:31:55.246: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] Sending out EAPOL packet
  • Feb 19 18:31:55.246: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
  • Feb 19 18:31:55.246: dot1x-packet: length: 0x0005
  • Feb 19 18:31:55.246: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
  • Feb 19 18:31:55.246: dot1x-packet: type: 0x1
  • Feb 19 18:31:55.247: dot1x-packet:[f0de.f12a.ba5a, Gi1/0/19] EAPOL packet sent to client 0xCF000002
  • Feb 19 18:31:55.247: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002:idle request action
  • Feb 19 18:31:57.215: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/19, changed state to up
  • Feb 19 18:31:58.216: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/19, changed state to up
  • Feb 19 18:32:26.144: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] Posting EAP_REQ for 0xCF000002
  • Feb 19 18:32:26.144: dot1x_auth_bend Gi1/0/19: during state auth_bend_request, got event 7(eapReq)
  • Feb 19 18:32:26.144: @@@ dot1x_auth_bend Gi1/0/19: auth_bend_request -> auth_bend_request
  • Feb 19 18:32:26.144: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002:request request action
  • Feb 19 18:32:26.144: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002:entering request state
  • Feb 19 18:32:26.144: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] Sending EAPOL packet
  • Feb 19 18:32:26.144: dot1x-registry:registry:dot1x_ether_macaddr called
  • Feb 19 18:32:26.144: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] Sending out EAPOL packet
  • Feb 19 18:32:26.144: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
  • Feb 19 18:32:26.144: dot1x-packet: length: 0x0005
  • Feb 19 18:32:26.145: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
  • Feb 19 18:32:26.145: dot1x-packet: type: 0x1
  • Feb 19 18:32:26.145: dot1x-packet:[f0de.f12a.ba5a, Gi1/0/19] EAPOL packet sent to client 0xCF000002
  • Feb 19 18:32:57.046: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] Posting EAP_REQ for 0xCF000002
  • Feb 19 18:32:57.047: dot1x_auth_bend Gi1/0/19: during state auth_bend_request, got event 7(eapReq)
  • Feb 19 18:32:57.047: @@@ dot1x_auth_bend Gi1/0/19: auth_bend_request -> auth_bend_request
  • Feb 19 18:32:57.047: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002:request request action
  • Feb 19 18:32:57.047: dot1x-sm:[f0de.f12a.ba5a, Gi1/0/19] 0xCF000002:entering request state
  • Feb 19 18:32:57.047: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] Sending EAPOL packet
  • Feb 19 18:32:57.047: dot1x-registry:registry:dot1x_ether_macaddr called
  • Feb 19 18:32:57.047: dot1x-ev:[f0de.f12a.ba5a, Gi1/0/19] Sending out EAPOL packet
  • Feb 19 18:32:57.047: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
  • Feb 19 18:32:57.047: dot1x-packet: length: 0x0005
  • Feb 19 18:32:57.047: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
  • Feb 19 18:32:57.047: dot1x-packet: type: 0x1
  • Feb 19 18:32:57.047: dot1x-packet:[f0de.f12a.ba5a, Gi1/0/19] EAPOL packet sent to client 0xCF000002
0
SherR
 
La ligne que je ne trouve pas sur internet est :

dot1x-err:AAA auth ready returns Unknown error 0, result = TRUE
0
brupala Messages postés 112026 Date d'inscription   Statut Membre Dernière intervention   14 174 > SherR
 
il faut dire que ça ne signifie pas grand chose :-(
Pourtant la connexion semble bien se faire, côté RADIUS, tu as des logs ?
0
SheriR
 
Je n’arrive pas vraiment à trouver les logs de radius. Tu veux dire sur le serveur radius ou sur le switch ?
0
brupala Messages postés 112026 Date d'inscription   Statut Membre Dernière intervention   14 174 > SheriR
 
non, le serveur .
/var/log/syslog
0

Discussions similaires

Chemin Logo du site de la Cité de l'espace
Keiios -
blux -

11 réponses
Colis en cours de transport vers votre site de livraison ?
Ninan_5568 -
JulieVdr -

7 réponses
il est en cours de transport vers votre site de livraison
3rin -
Afrikarnak -

4 réponses