Packets does not reach to device

 

Loose connection between device and XSUPPLICANT

Following XSUPPLICANT scripts need to be modified based upon the connections (on which interface we need to allow EAPOL packets and on which interfaces we have to deny) and the IP address assigned.

The very first packet sent to device should be EAPOL packet. Data packets will be dropped if the first packet is not EAPOL.

Packets do not reach to that interface of device which is connected to radius server.

 

Packets must be getting dropped at kernel level due to some malformed fields.

The kernel must not be lifting those packets to the protocol level.

The decoding of the packet could have some issue.

The other interface is down.

 

Packets do not reach to Radius Server

 

Loose connection between device and RADIUS SERVER.

IP Configured at device for RADIUS SERVER must not match the IP configured at the RADIUS SERVER’s interface connected with device.

 

Radius Server does not reply back to device

 

The RADIUS SERVER must not be having the XSUPPLICANT details with it

Check following files:

The entry corresponding to the mac address of the xsupplicant interface which is connected to device should be updated.

 

00:02:A5:4E:FF:83 Auth-Type := eap, User-Password == "00:02:A5:4E:FF:83"

Tunnel-type:0 = 13,

Tunnel-Medium-Type:0 = 6,

Tunnel-Private-Group-ID:0 = 201,

Reply-Message = "Hello, %u"

 

/usr/local/etc/raddb/clients.conf

Ip should be updated

 

client 10.10.10.40/24 {

secret = authd

shortname = device

}

Radius Server replies back to device with “access challenge”

 

Authentication issues at RADIUS SERVER

Credentials must be verified properly.

XSUPPLICANT should retrigger the EAPOL packets

FDB does not get updated at device accordingly

 

Problem with authentication of the particular MAC or port.

Retrigger the EAPOL packet and check above mentioned scenarios one by one to find whether packets are getting dropped somewhere or there is some problem with the credential matching.