Successful 802.1x Connection with client station log

Following post is about a Successful 802.11x connection were the wireless client will  be doing Outer EAP-PEAP and inner tunnel with MSCHAPV2. These traces are from Fortinet Infrastructure controller and can come handy on how to troubleshoot or analyse the system level log with  FortiWLC when it comes to 802.11x connection.

Here you will get to see 8 Eapids and 8 Msgids in this sucessfull Exchange.

You will also see the EAP codes between the Suppliant <–> Authenticator and MSG code between Authenticator <–> Authentication server.

Also you get to see the 802.11i Fourway handshake to complete the PTK and GTK encryption keys generation for secured data transfer over the AIR.

Once after the layer2 authentication gets over the client sends IP request on L3.

Wi-Fi  controller discovers and add the MAC address and the respected IP address in its DB.

 

2016-Dec-23 11:16:15.382003 | 78:4f:43:29:a2:a8 | Station Assign | <AID=1>[bgn](v0) assigned to <AP=3> ESSID=smart_connect B-BSSID=00:0c:e6:02:40:83 Ch=6 reason=Station probed
2016-Dec-23 11:16:15.409153 | 78:4f:43:29:a2:a8 | 802.11 State | <AID=1>[bgn](v0) state change <old=Unauthenticated><new=Associated><AP[3]=00:0c:e6:35:70:10> ESSID=smart_connect Ch=6 B-<BSSID=00:0c:e6:02:40:83>
2016-Dec-23 11:16:15.409599 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=0> <EAP code=request> <EAP ID=1> <EAP type=Identity> sent
2016-Dec-23 11:16:15.409634 | 78:4f:43:29:a2:a8 | 802.11 State | <AID=1>[bgn](v0) state change <old=Unauthenticated> <new=Associated> <AP=3> ESSID=smart_connect Ch=6 B-<BSSID=00:0c:e6:02:40:83>
2016-Dec-23 11:16:15.412198 | 78:4f:43:29:a2:a8 | CP User Authentication | Received smm-clear from wncreg <User=test@foritnet.com> <Auth type= Radius User> <Captive Portal Profile= Smart_connect>
2016-Dec-23 11:16:15.556572 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=response><EAP ID=1>
2016-Dec-23 11:16:15.556806 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> Radius <msg code=access_request><msg ID=0> sent <ip=192.168.138.231>:<port=1812>
2016-Dec-23 11:16:15.572894 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=request><EAP ID=2> <info=relay eap-request from Radius> sent
2016-Dec-23 11:16:15.636758 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=response><EAP ID=2>
2016-Dec-23 11:16:15.636763 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> Radius <msg code=access_request><msg ID=1> sent <ip=192.168.138.231>:<port=1812>
2016-Dec-23 11:16:15.667097 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=request><EAP ID=3> <info=relay eap-request from Radius> sent
2016-Dec-23 11:16:15.726747 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=response><EAP ID=3>
2016-Dec-23 11:16:15.726751 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> Radius <msg code=access_request><msg ID=2> sent <ip=192.168.138.231>:<port=1812>
2016-Dec-23 11:16:15.755076 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=request><EAP ID=4> <info=relay eap-request from Radius> sent
2016-Dec-23 11:16:15.806708 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=response><EAP ID=4>
2016-Dec-23 11:16:15.806712 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> Radius <msg code=access_request><msg ID=3> sent <ip=192.168.138.231>:<port=1812>
2016-Dec-23 11:16:15.856416 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=request><EAP ID=5> <info=relay eap-request from Radius> sent
2016-Dec-23 11:16:15.916656 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=response><EAP ID=5>
2016-Dec-23 11:16:15.916661 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> Radius <msg code=access_request><msg ID=4> sent <ip=192.168.138.231>:<port=1812>
2016-Dec-23 11:16:15.945510 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=request><EAP ID=6> <info=relay eap-request from Radius> sent
2016-Dec-23 11:16:15.996644 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=response><EAP ID=6>
2016-Dec-23 11:16:15.996648 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> Radius <msg code=access_request><msg ID=5> sent <ip=192.168.138.231>:<port=1812>
2016-Dec-23 11:16:16.010998 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=request><EAP ID=7> <info=relay eap-request from Radius> sent
2016-Dec-23 11:16:16.076481 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=response><EAP ID=7>
2016-Dec-23 11:16:16.076625 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> Radius <msg code=access_request><msg ID=6> sent <ip=192.168.138.231>:<port=1812>
2016-Dec-23 11:16:16.242356 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=request><EAP ID=8> <info=relay eap-request from Radius> sent
2016-Dec-23 11:16:16.296473 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=response><EAP ID=8>
2016-Dec-23 11:16:16.296629 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> Radius <msg code=access_request><msg ID=7> sent <ip=192.168.138.231>:<port=1812>
2016-Dec-23 11:16:16.298428 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> Radius ACCESS-ACCEPT received : Session Timeout: 448981 sec, VLAN Tag : 0, Filter id : , CUI : None
2016-Dec-23 11:16:16.298587 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> <pkt type=EAP_PACKET> <EAP code=success><EAP ID=8> <info=relay eap-request from Radius> sent
2016-Dec-23 11:16:16.299526 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> M1 <msg type=EAPOL_KEY> PTK sent
2016-Dec-23 11:16:16.416797 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> M2 <pkt type=EAPOL_KEY> MIC Verified
2016-Dec-23 11:16:16.417688 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> M3 <msg type=EAPOL_KEY> WPA2 PTK Negotiation sent
2016-Dec-23 11:16:16.476605 | 78:4f:43:29:a2:a8 | 1X Authentication | <AID=1> M4 <pkt type=EAPOL_KEY> <key type=Unicast Key> Key Pairwise
2016-Dec-23 11:16:17.920539 | 78:4f:43:29:a2:a8 | DHCP | <msg_type=DISCOVER><server_ip=255.255.255.255><server_mac=ff:ff:ff:ff:ff:ff><client_ip=0.0.0.0>
2016-Dec-23 11:16:17.921364 | 78:4f:43:29:a2:a8 | DHCP | <msg_type=OFFER><server_ip=192.168.242.1><server_mac=00:09:0f:09:ff:11><offered_ip=192.168.242.85>
2016-Dec-23 11:16:18.928163 | 78:4f:43:29:a2:a8 | DHCP | <msg_type=REQUEST><server_ip=255.255.255.255><server_mac=ff:ff:ff:ff:ff:ff><client_ip=0.0.0.0>
2016-Dec-23 11:16:18.929344 | 78:4f:43:29:a2:a8 | IP Address Discovered | <Old IP discovery Method=none><Old IP=0.0.0.0><New IP discovery Method=dhcp><New IP=192.168.242.85>
2016-Dec-23 11:16:18.929517 | 78:4f:43:29:a2:a8 | DHCP | <msg_type=ACK><server_ip=192.168.242.1><server_mac=00:09:0f:09:ff:11><offered_ip=192.168.242.85>
2016-Dec-23 11:16:20.221679 | 78:4f:43:29:a2:a8 | Station Assign | <AID=1>[bgn](v0) removed from <AP=3> ESSID=Guest B-BSSID=00:0c:e6:02:c3:55 Ch=6 reason=Inactivity timer expired

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s