I thought Id put up a capture I did on a Meru controller for Radius authentication while trying to connect to an AP. Its interesting stuff, although I dont like that you cant see the username in the radius messages. Not a fan of that, as I think it should show the username for troubleshooting purposes. You can see in the capture where I unassociated with the AP, and then re-associated, radius, then DHCP. So here is how I did the capture:
kansas(15)# station-log
Interactive Per-Station Event Logging Shell (enter "help" for help)
By default logging is Disabled (enter "enable" to Enable logging)
station-log> station add 5c:ac:4c:6a:31:6c
Added station 5c:ac:4c:6a:31:6c at position 0
station-log> enable
Logging enabled
2012-Dec-14 08:39:17.062603 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=INFO><server_ip=255.255.255.255><server_mac=ff:ff:ff:ff:ff:ff><client_ip=192.168.12.21>
2012-Dec-14 08:39:17.065082 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=INFO_ACK><server_ip=192.168.1.7><server_mac=00:1c:2e:23:6e:00><offered_ip=0.0.0.0>
2012-Dec-14 08:39:24.668680 | 5c:ac:4c:6a:31:6c | 802.11 State | Disassoc received <AP_ID=1><BSSID=00:0c:e6:4a:03:6d> <Reason code=8> <RSSI=-8>
2012-Dec-14 08:39:24.669535 | 5c:ac:4c:6a:31:6c | 802.11 State | state change <old=Associated><new=Unauthenticated><AP=00:0c:e6:09:ac:d7><BSSID=00:0c:e6:4a:03:6d>
2012-Dec-14 08:39:24.669657 | 5c:ac:4c:6a:31:6c | Station Assign | <AID=1> Assign Removed From <AP_ID=1><ESSID=kansas-voice><BSSID=00:0c:e6:4a:03:6d><reason=80211State downgraded>
2012-Dec-14 08:39:24.671715 | 5c:ac:4c:6a:31:6c | 802.11 State | Disassoc reason: Unspecified<AID=1><BSSID=00:0c:e6:4a:03:6d>
2012-Dec-14 08:39:25.230526 | 5c:ac:4c:6a:31:6c | Station Assign | <AID=1> assigned to <AP_ID=1><ESSID=kansas-voice><BSSID=00:0c:e6:4a:03:6d><reason=Station probed on another BSSID>
2012-Dec-14 08:39:25.230692 | 5c:ac:4c:6a:31:6c | Station Assign | <AID=1> assigned to <AP_ID=1><ESSID=kansas-rad><BSSID=00:0c:e6:4a:24:e4><reason=Station probed>
2012-Dec-14 08:39:25.230695 | 5c:ac:4c:6a:31:6c | Station Assign | <AID=1> assigned to <AP_ID=2><ESSID=kansas-rad><BSSID=00:0c:e6:4a:13:cc><reason=Station probed>
2012-Dec-14 08:39:25.353874 | 5c:ac:4c:6a:31:6c | 802.11 State | state change <old=Unauthenticated><new=Authenticated><AP=00:0c:e6:09:ac:d7><BSSID=00:0c:e6:4a:24:e4>
2012-Dec-14 08:39:25.356951 | 5c:ac:4c:6a:31:6c | 1X Authentication | <EAP code=request> <EAP ID=1> <EAP type=Identity> sent
2012-Dec-14 08:39:25.357866 | 5c:ac:4c:6a:31:6c | 802.11 State | state change <old=Authenticated><new=Associated><AP=00:0c:e6:09:ac:d7><BSSID=00:0c:e6:4a:24:e4>
2012-Dec-14 08:39:25.390550 | 5c:ac:4c:6a:31:6c | 1X Authentication | <auth method=WPA_EAP>:<pkt type=EAPOL_START> recvd <ESSID=kansas-rad> <BSSID=00:0c:e6:4a:24:e4>
2012-Dec-14 08:39:25.390553 | 5c:ac:4c:6a:31:6c | 1X Authentication | <EAP code=request> <EAP ID=1> <EAP type=Identity> sBent
2012-Dec-14 08:39:25.403648 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=1>
2012-Dec-14 08:39:25.403650 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=127> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:25.404557 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=1>
2012-Dec-14 08:39:26.093155 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=2> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.301517 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=2>
2012-Dec-14 08:39:26.301520 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=128> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:26.304307 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=3> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.313459 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=3>
2012-Dec-14 08:39:26.313548 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=129> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:26.314971 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=4> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.329452 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=4>
2012-Dec-14 08:39:26.329542 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=130> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:26.331165 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=5> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.339717 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=5>
2012-Dec-14 08:39:26.339802 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=131> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:26.341434 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=6> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.352354 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response8><EAP ID=6>
2012-Dec-14 08:39:26.352441 | 5c:ac:4c:6a:31:6c | 1X Autentication | Radius <msg code=access_request><msg ID=132> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:26.359052 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=7> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.370289 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=7>
2012-Dec-14 08:39:26.370379 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=133> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:26.371666 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=8> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.377093 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=8>
2012-Dec-14 08:39:26.377173 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=134> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:26.378653 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=9> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.396420 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=9>
2012-Dec-14 08:39:26.396506 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=135> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:26.513465 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=10> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.536170 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=10>
2012-Dec-14 08:39:26.536259 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=136> sent <ip=192.168.1.7>:<port=1812>
2012-Dec-14 08:39:26.537897 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=request><EAP ID=11> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.545930 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=response><EAP ID=11>
2012-Dec-14 08:39:26.546015 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius <msg code=access_request><msg ID=137> sent <ip=192.168.1.7>:<port=1812>
201w2-Dec-14 08:39:26.571877 | 5c:ac:4c:6a:31:6c | 1X Authentication | Radius ACCESS-ACCEPT received : VLAN Tag : 0, Filter id : , CUI : None
2012-Dec-14 08:39:26.571903 | 5c:ac:4c:6a:31:6c | 1X Authentication | <pkt type=EAP_PACKET> <EAP code=success><EAP ID=12> <info=relay eap-request from Radius> sent
2012-Dec-14 08:39:26.572762 | 5c:ac:4c:6a:31:6c | 1X Authentication | <msg type=EAPOL_KEY> <key=broadcast> sent
2012-Dec-14 08:39:26.573861 | 5c:ac:4c:6a:31:6c | 1X Authentication | <msg type=EAPOL_KEY> <key=unicast> sent
2012-Dec-14 08:39:26.644597 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=REQUEST><server_ip=255.255.255.255><server_mac=ff:ff:ff:ff:ff:ff><client_ip=0.0.0.0>
2012-Dec-14 08:39:26.647028 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=NACK><server_ip=192.168.1.7><server_mac=00:1c:2e:23:6e:00><offered_ip=0.0.0.0>
2012-Dec-14 08:39:26.667579 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=DISCOVER><server_ip=255.255.255.255><server_mac=ff:ff:ff:ff:ff:ff><client_ip=0.0.0.0>
2012-Dec-14 08:39:28.581687 | 5c:ac:4c:6a:31:6c | Station Assign | <AID=1> Assign Removed From <AP_ID=1><ESSID=kansas-voice><BSSID=00:0c:e6:4a:03:6d><reason=Inactivity timer expired>
2012-Dec-14 08:39:31.751032 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=DISCOVER><server_ip=255.255.255.255><server_mac=ff:ff:ff:ff:ff:ff><client_ip=0.0.0.0>
2012-Dec-14 08:39:31.753338 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=OFFER><server_ip=192.168.1.7><server_mac=00:1c:2e:23:6e:00><offered_ip=192.168.9.41>
2012-Dec-14 08:39:31.766158 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=REQUEST><server_ip=255.255.255.255><server_mac=ff:ff:ff:ff:ff:ff><client_ip=0.0.0.0>
2012-Dec-14 08:39:31.768740 | 5c:ac:4c:6a:31:6c | IP Address Discovered | <Old IP discovery Method=none><Old IP=0.0.0.0><New IP discovery Method=dhcp><New IP=192.168.9.41>
2012-Dec-14 08:39:31.768743 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=ACK><server_ip=192.168.1.7><server_mac=00:1c:2e:23:6e:00><offered_ip=192.168.9.41>
2012-Dec-14 08:39:37.275863 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=INFO><server_ip=255.255.255.255><server_mac=ff:ff:ff:ff:ff:ff><client_ip=192.168.9.41>
2012-Dec-14 08:39:38.027778 | 5c:ac:4c:6a:31:6c | DHCP | <msg_type=INFO_ACK><server_ip=192.168.1.7><server_mac=00:1c:2e:23:6e:00><offered_ip=0.0.0.0>
station-log>
great stuff.
ReplyDelete