wired 802.1X authorization for Asus wl500gx router

Mikhail Kostousov mikhail.kostousov at gmail.com
Wed Feb 14 07:12:28 EST 2007


Thanks for answer!

On 2/14/07, Jouni Malinen <jkmaline at cc.hut.fi> wrote:
>
> On Mon, Feb 12, 2007 at 12:38:38AM +0100, Mikhail Kostousov wrote:
>
> > My provider required 802.1X authorization with dynamic WEP keys for
> wired
> > network. I've got it from my desktop computer, with next config:
>
> Dynamic WEP keys for wired network?? I've never heard of anyone using
> WEP on wired network nor am I aware of any driver supporting such a
> thing..
>
> > ap_scan=0
> > network={
> >        key_mgmt=IEEE8021X WPA-EAP
>
> WPA-EAP should not be here; WPA is only used with wireless networks.


Ok. I removed it.

>        eap=PEAP
> >        phase2="auth=MSCHAPV2"
> >        identity= (my user)
> >        password= (my password)
>
> I would assume the dynamic WEP part is bogus and you would need to add
> eapol_flags=0 to make wpa_supplicant not wait for dynamic keys.


I've added eapol_flags=0

> With command:
> > wpa_supplicant -ieth0 -Dwired -c wpa_supplicant_wired.conf -dd
> >
> > After that I compiled wpa_supplicant for my router, and tried to do such
> > thing with router. I got following log:
> >
> > Initializing interface 'vlan1' conf 'wpa_supplicant.conf' driver 'wired'

This does not match with your command line above (eth0 vs. vlan1). Which
> one it is? Is this with a created from eth0?


eth0 is ethernet adapter on my laptop (which connects with this
configuration perfectly),
vlan1 is VAN interface of my router (it is wired interface).
I tried new configuration on laptop and on router:

ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
network={
        key_mgmt=IEEE8021X
        eap=PEAP
        eapol_flags=0
        phase2="auth=MSCHAPV2"
        identity="xxxxx"
        password="xxxxx"

}

Laptop connected fine, by router has the same problem... :( I don't know
why... The log from router:




Initializing interface 'vlan1' conf 'wpa_supplicant.conf.1' driver 'wired'
ctrl_interface 'N/A' bridge 'N/A'
Configuration file 'wpa_supplicant.conf.1' ->
'/tmp/harddisk/wpa_supplicant.conf.1'
Reading configuration file '/tmp/harddisk/wpa_supplicant.conf.1'
ctrl_interface='/var/run/wpa_supplicant'
ap_scan=0
Line: 5 - start of a new network block
key_mgmt: 0x8
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00
00
eapol_flags=0 (0x0)
phase2 - hexdump_ascii(len=13):
     xx xx xx xx xx xx xx xx xx xx xx xx xx            auth=MSCHAPV2
identity - hexdump_ascii(len=7):
     xx xx xx xx xx xx xx                              xxxxxx
password - hexdump_ascii(len=8): [REMOVED]
Priority group 0
   id=0 ssid=''
Initializing interface (2) 'vlan1'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wired_init: Added multicast membership with packet socket
Own MAC address: 00:15:f2:88:fb:31
Setting scan request: 0 sec 100000 usec
Added interface vlan1
EAPOL: External notification - portControl=Auto
Already associated with a configured network - generating associated event
Association info event
State: DISCONNECTED -> ASSOCIATED
Associated to a new BSS: BSSID=01:80:c2:00:00:03
No keys have been configured - skip key clearing
Network configuration found for the current AP
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: clearing own WPA/RSN IE
EAPOL: External notification - portControl=Auto
Associated with 01:80:c2:00:00:03
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Cancelling scan request
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL - hexdump(len=4): 01 01 00 00
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL - hexdump(len=4): 01 01 00 00
EAPOL: idleWhile --> 0
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE




> I've tried to compare log of router and of desktop, and I found that
> > difference begin from line "EAPOL: idleWhile --> 0". Desktop doesn't
> have
> > this line. It has "RX EAPOL from 00:15:62:a3:53:86".
> >
> > I cannot understand, why it happens on router. I am using the same
> > configuration of wpa_supplicant, the same configuration of compilation
> > (exclude options for CC compiler).
>
> Are you using the same ethernet configuration (vlan vs. no vlan)?
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20070214/e802d68b/attachment.htm 


More information about the HostAP mailing list