wired 802.1X authorization for Asus wl500gx router

Mikhail Kostousov mikhail.kostousov at gmail.com
Sun Feb 11 18:38:38 EST 2007 

Hello!
My provider required 802.1X authorization with dynamic WEP keys for wired
network. I've got it from my desktop computer, with next config:
##################################
### wpa_supplicant_wired.conf
ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
network={
        key_mgmt=IEEE8021X WPA-EAP
        eap=PEAP
        phase2="auth=MSCHAPV2"
        identity= (my user)
        password= (my password)
}
##################################

With command:
wpa_supplicant -ieth0 -Dwired -c wpa_supplicant_wired.conf -dd

After that I compiled wpa_supplicant for my router, and tried to do such
thing with router. I got following log:

Initializing interface 'vlan1' conf 'wpa_supplicant.conf' driver 'wired'
ctrl_interface 'N/A' bridge 'N/A'
Configuration file 'wpa_supplicant.conf' ->
'/tmp/harddisk/wpa_supplicant.conf'
Reading configuration file '/tmp/harddisk/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ap_scan=0
Line: 5 - start of a new network block
key_mgmt: 0x9
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00
00
phase2 - hexdump_ascii(len=13):
     XX XX XX XX XX XX XX XX XX XX XX XX            auth=MSCHAPV2
identity - hexdump_ascii(len=7):
     XX XX XX XX XX XX XX                              aaaaaaa
password - hexdump_ascii(len=8): [REMOVED]
Priority group 0
   id=0 ssid=''
Initializing interface (2) 'vlan1'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wired_init: Added multicast membership with packet socket
Own MAC address: 00:15:f2:88:fb:31
Setting scan request: 0 sec 100000 usec
Added interface vlan1
EAPOL: External notification - portControl=Auto
Already associated with a configured network - generating associated event
Association info event
State: DISCONNECTED -> ASSOCIATED
Associated to a new BSS: BSSID=01:80:c2:00:00:03
No keys have been configured - skip key clearing
Network configuration found for the current AP
WPA: No WPA/RSN IE available from association info
WPA: Set cipher suites based on configuration
WPA: Selected cipher suites: group 30 pairwise 24 key_mgmt 9 proto 2
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00
00 0f ac 04 01 00 00 0f ac 01 00 00
EAPOL: External notification - portControl=Auto
Associated with 01:80:c2:00:00:03
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Cancelling scan request
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL - hexdump(len=4): 01 01 00 00
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL - hexdump(len=4): 01 01 00 00
EAPOL: idleWhile --> 0
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface vlan1
State: ASSOCIATED -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
No keys have been configured - skip key clearing
Cancelling scan request
Cancelling authentication timeout


I've tried to compare log of router and of desktop, and I found that
difference begin from line "EAPOL: idleWhile --> 0". Desktop doesn't have
this line. It has "RX EAPOL from 00:15:62:a3:53:86".

I cannot understand, why it happens on router. I am using the same
configuration of wpa_supplicant, the same configuration of compilation
(exclude options for CC compiler).
Where is the problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20070212/4d1ce55d/attachment.htm

More information about the HostAP mailing list