Community discussions

MikroTik App
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1518
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

802.1x

Tue Jun 25, 2024 1:51 pm

Hi guys,

I'm trying to learn about 802.1x and I have small setup at home where I used hAP ac2 as UM and dot1x server for other devices and all my test devices (W10 and W11 machines as well as another ROS devices acting as a switch) authenticates without a problem and get proper VLAN.

Now I have small setup at work, without VLANs, router is on default configuration, I created certificate on my RB4011 at work because on this LTE router I can't get certificate.

My PC authenticates without a problem, when I plug in PC it asks for credential and that's it, it's working. But i'm having problems on my intercom. It doesn't want to authenticate. I uploaded created certificate but nothing.

Here is config export of my test hap ax lite LTE:
# 2024-06-25 12:36:12 by RouterOS 7.15.1
# software id = 
#
# model = L41G-2axD&FG621-EA
# serial number = 
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface wifi
set [ find default-name=wifi1 ] channel.band=2ghz-ax .skip-dfs-channels=\
    10min-cac .width=20/40mhz configuration.mode=ap .ssid=MikroTik-0E0DCD \
    disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes \
    .ft-over-ds=yes
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band="" sms-read=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/queue type
add fq-codel-ecn=no kind=fq-codel name=fq-codel-ethernet-default
/queue interface
set ether1 queue=fq-codel-ethernet-default
set ether2 queue=fq-codel-ethernet-default
set ether3 queue=fq-codel-ethernet-default
set ether4 queue=fq-codel-ethernet-default
/user-manager user
add name=Test1
add name=Test2
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wifi1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface dot1x server
add interface=ether4
add interface=ether3
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/radius
add address=127.0.0.1 service=dot1x
/system clock
set time-zone-name=Europe/Zagreb
/system logging
add topics=manager
add topics=radius
add topics=dot1x
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/user-manager
set certificate=RootCA enabled=yes
/user-manager router
add address=127.0.0.1 name=router1
And here is log output:
 12:28:29 radius,debug,packet sending Access-Request with id 70 to 127.0.0.1:1812
 12:28:29 radius,debug,packet     Signature = 0x838ffa370f1d0f264f0fa968854496ed
 12:28:29 radius,debug,packet     Framed-MTU = 1400
 12:28:29 radius,debug,packet     NAS-Port-Type = 15
 12:28:29 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:28:29 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:28:29 radius,debug,packet     Service-Type = 2
 12:28:29 radius,debug,packet     EAP-Message = 0x020200060300
 12:28:29 radius,debug,packet     User-Name = "Test2"
 12:28:29 radius,debug,packet     Acct-Session-Id = "0a000086"
 12:28:29 radius,debug,packet     NAS-Port-Id = "ether3"
 12:28:29 radius,debug,packet     State = 0xe795f5b3c9bdbff9ae1ad6b1c8c4ce3b
 12:28:29 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:28:29 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:28:29 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:28:29 radius,debug,packet     Message-Authenticator = 0xd0ffa4acc9a32bbd1ee27c
28ff335b03
 12:28:29 radius,debug resending 82:49
 12:28:29 radius,debug,packet sending Access-Request with id 70 to 127.0.0.1:1812
 12:28:29 radius,debug,packet     Signature = 0x838ffa370f1d0f264f0fa968854496ed
 12:28:29 radius,debug,packet     Framed-MTU = 1400
 12:28:29 radius,debug,packet     NAS-Port-Type = 15
 12:28:29 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:28:29 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:28:29 radius,debug,packet     Service-Type = 2
 12:28:29 radius,debug,packet     EAP-Message = 0x020200060300
 12:28:29 radius,debug,packet     User-Name = "Test2"
 12:28:29 radius,debug,packet     Acct-Session-Id = "0a000086"
 12:28:29 radius,debug,packet     NAS-Port-Id = "ether3"
 12:28:29 radius,debug,packet     State = 0xe795f5b3c9bdbff9ae1ad6b1c8c4ce3b
 12:28:29 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:28:29 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:28:29 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:28:29 radius,debug,packet     Message-Authenticator = 0xd0ffa4acc9a32bbd1ee27c
28ff335b03
 12:28:30 radius,debug timeout for 82:49
 12:28:30 dot1x,debug s ether3 "Test2" radius req timeout on dot1x, waiting for ea
p timeout
 12:28:30 manager,debug <<< tx Access-Reject to [127.0.0.1]:36738, id: 70
 12:28:43 interface,info ether3 link down
 12:28:47 interface,info ether2 link up (speed 100M, full duplex)
 12:28:52 dhcp,info defconf deassigned 192.168.88.252 for 0C:38:3E:51:7E:D4 i53W
 12:28:52 dhcp,info defconf assigned 192.168.88.252 for 0C:38:3E:51:7E:D4 i53W
 12:29:48 system,info UMS user <Test2> changed by winbox-3.40/tcp-msg(winbox):admi
n@192.168.88.254 (/user-manager user set *3 attributes="" disabled=no group=defaul
t-anonymous name=Test2 shared-users=1)
 12:29:52 interface,info ether2 link down
 12:29:54 interface,info ether3 link up (speed 100M, full duplex)
 12:29:54 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
 12:29:54 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:0 method:IDENTITY
 12:29:54 radius,debug new request 82:4a code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:29:54 radius,debug sending 82:4a to 127.0.0.1:1812
 12:29:54 radius,debug,packet sending Access-Request with id 71 to 127.0.0.1:1812
 12:29:54 radius,debug,packet     Signature = 0x7b89e25e56ee771daa85d3a2a7ba9cdd
 12:29:54 radius,debug,packet     Framed-MTU = 1400
 12:29:54 radius,debug,packet     NAS-Port-Type = 15
 12:29:54 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:29:54 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:29:54 radius,debug,packet     Service-Type = 2
 12:29:54 radius,debug,packet     EAP-Message = 0x0200000a015465737432
 12:29:54 radius,debug,packet     User-Name = "Test2"
 12:29:54 radius,debug,packet     Acct-Session-Id = "0b000086"
 12:29:54 radius,debug,packet     NAS-Port-Id = "ether3"
 12:29:54 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:29:54 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:29:54 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:29:54 radius,debug,packet     Message-Authenticator = 0x77443e27bd112b2ebffae5
14afbae1ba
 12:29:54 manager,debug >>> rx Access-Request from [127.0.0.1]:59177, id: 71
 12:29:54 manager,debug <<< tx Access-Challenge to [127.0.0.1]:59177, id: 71
 12:29:54 radius,debug,packet received Access-Challenge with id 71 from 127.0.0.1:
1812
 12:29:54 radius,debug,packet     Signature = 0x7155b9c0b1dcfad147d0deeaa9954fca
 12:29:54 radius,debug,packet     EAP-Message = 0x010100061920
 12:29:54 radius,debug,packet     State = 0xb453215d7c854b26bdead7c6b26c8506
 12:29:54 radius,debug,packet     Message-Authenticator = 0x92a703efe42fb3ba157db6
e291415b2d
 12:29:54 radius,debug received reply for 82:4a
 12:29:54 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:1 method:PEAP
 12:29:54 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:1 method:NAK(NONE)
 12:29:54 radius,debug new request 82:4b code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:29:54 radius,debug sending 82:4b to 127.0.0.1:1812
 12:29:54 radius,debug,packet sending Access-Request with id 72 to 127.0.0.1:1812
 12:29:54 radius,debug,packet     Signature = 0x38a9e10bd94784570b16b7efeff7ed29
 12:29:54 radius,debug,packet     Framed-MTU = 1400
 12:29:54 radius,debug,packet     NAS-Port-Type = 15
 12:29:54 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:29:54 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:29:54 radius,debug,packet     Service-Type = 2
 12:29:54 radius,debug,packet     EAP-Message = 0x020100060300
 12:29:54 radius,debug,packet     User-Name = "Test2"
 12:29:54 radius,debug,packet     Acct-Session-Id = "0b000086"
 12:29:54 radius,debug,packet     NAS-Port-Id = "ether3"
 12:29:54 radius,debug,packet     State = 0xb453215d7c854b26bdead7c6b26c8506
 12:29:54 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:29:54 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:29:54 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:29:54 radius,debug,packet     Message-Authenticator = 0x6b75b6e9764184e7ef4303
dbce5e21eb
 12:29:54 manager,debug >>> rx Access-Request from [127.0.0.1]:55650, id: 72
 12:29:54 manager,debug <<< tx Access-Challenge to [127.0.0.1]:55650, id: 72
 12:29:54 radius,debug,packet received Access-Challenge with id 72 from 127.0.0.1:
1812
 12:29:54 radius,debug,packet     Signature = 0xc89f80f960aa380f5d8830f13311963a
 12:29:54 radius,debug,packet     EAP-Message = 0x010200061520
 12:29:54 radius,debug,packet     State = 0xb453215d7c854b26bdead7c6b26c8506
 12:29:54 radius,debug,packet     Message-Authenticator = 0x5446e942759855a913016e
fcd06f2e22
 12:29:54 radius,debug received reply for 82:4b
 12:29:54 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:2 method:TTLS
 12:29:54 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:2 method:NAK(PEAP)
 12:29:54 radius,debug new request 82:4c code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:29:54 radius,debug sending 82:4c to 127.0.0.1:1812
 12:29:54 radius,debug,packet sending Access-Request with id 73 to 127.0.0.1:1812
 12:29:54 radius,debug,packet     Signature = 0xc24a55742a55c5be7c694821e1ae2101
 12:29:54 radius,debug,packet     Framed-MTU = 1400
 12:29:54 radius,debug,packet     NAS-Port-Type = 15
 12:29:54 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:29:54 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:29:54 radius,debug,packet     Service-Type = 2
 12:29:54 radius,debug,packet     EAP-Message = 0x020200060319
 12:29:54 radius,debug,packet     User-Name = "Test2"
 12:29:54 radius,debug,packet     Acct-Session-Id = "0b000086"
 12:29:54 radius,debug,packet     NAS-Port-Id = "ether3"
 12:29:54 radius,debug,packet     State = 0xb453215d7c854b26bdead7c6b26c8506
 12:29:54 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:29:54 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:29:54 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:29:54 radius,debug,packet     Message-Authenticator = 0x739b73aebe5d9c7a3cdef0
d1ebb425a0
 12:29:54 manager,debug >>> rx Access-Request from [127.0.0.1]:41204, id: 73
 12:29:54 manager,debug EAP rejected for user: "" 
 12:29:55 radius,debug resending 82:4c
 12:29:55 radius,debug,packet sending Access-Request with id 73 to 127.0.0.1:1812
 12:29:55 radius,debug,packet     Signature = 0xc24a55742a55c5be7c694821e1ae2101
 12:29:55 radius,debug,packet     Framed-MTU = 1400
 12:29:55 radius,debug,packet     NAS-Port-Type = 15
 12:29:55 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:29:55 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:29:55 radius,debug,packet     Service-Type = 2
 12:29:55 radius,debug,packet     EAP-Message = 0x020200060319
 12:29:55 radius,debug,packet     User-Name = "Test2"
 12:29:55 radius,debug,packet     Acct-Session-Id = "0b000086"
 12:29:55 radius,debug,packet     NAS-Port-Id = "ether3"
 12:29:55 radius,debug,packet     State = 0xb453215d7c854b26bdead7c6b26c8506
 12:29:55 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:29:55 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:29:55 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:29:55 radius,debug,packet     Message-Authenticator = 0x739b73aebe5d9c7a3cdef0
d1ebb425a0
 12:29:55 radius,debug resending 82:4c
 12:29:55 radius,debug,packet sending Access-Request with id 73 to 127.0.0.1:1812
 12:29:55 radius,debug,packet     Signature = 0xc24a55742a55c5be7c694821e1ae2101
 12:29:55 radius,debug,packet     Framed-MTU = 1400
 12:29:55 radius,debug,packet     NAS-Port-Type = 15
 12:29:55 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:29:55 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:29:55 radius,debug,packet     Service-Type = 2
 12:29:55 radius,debug,packet     EAP-Message = 0x020200060319
 12:29:55 radius,debug,packet     User-Name = "Test2"
 12:29:55 radius,debug,packet     Acct-Session-Id = "0b000086"
 12:29:55 radius,debug,packet     NAS-Port-Id = "ether3"
 12:29:55 radius,debug,packet     State = 0xb453215d7c854b26bdead7c6b26c8506
 12:29:55 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:29:55 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:29:55 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:29:55 radius,debug,packet     Message-Authenticator = 0x739b73aebe5d9c7a3cdef0
d1ebb425a0
 12:29:55 radius,debug timeout for 82:4c
 12:29:55 dot1x,debug s ether3 "Test2" radius req timeout on dot1x, waiting for ea
p timeout
 12:29:55 manager,debug <<< tx Access-Reject to [127.0.0.1]:41204, id: 73
 12:30:26 dot1x,packet s ether3 rx EAPOL-Start
 12:30:26 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
 12:30:26 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:0 method:IDENTITY
 12:30:26 radius,debug new request 82:4d code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:30:26 radius,debug sending 82:4d to 127.0.0.1:1812
 12:30:26 radius,debug,packet sending Access-Request with id 74 to 127.0.0.1:1812
 12:30:26 radius,debug,packet     Signature = 0x68512b96dea27f9a15ccc786b5b09955
 12:30:26 radius,debug,packet     Framed-MTU = 1400
 12:30:26 radius,debug,packet     NAS-Port-Type = 15
 12:30:26 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:30:26 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:30:26 radius,debug,packet     Service-Type = 2
 12:30:26 radius,debug,packet     EAP-Message = 0x0200000a015465737432
 12:30:26 radius,debug,packet     User-Name = "Test2"
 12:30:26 radius,debug,packet     Acct-Session-Id = "0c000086"
 12:30:26 radius,debug,packet     NAS-Port-Id = "ether3"
 12:30:26 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:30:26 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:30:26 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:30:26 radius,debug,packet     Message-Authenticator = 0xbd4dc116d2fcd09cf13762
97ac1d3f3a
 12:30:26 manager,debug >>> rx Access-Request from [127.0.0.1]:51734, id: 74
 12:30:26 manager,debug <<< tx Access-Challenge to [127.0.0.1]:51734, id: 74
 12:30:26 radius,debug,packet received Access-Challenge with id 74 from 127.0.0.1:
1812
 12:30:26 radius,debug,packet     Signature = 0x33707975fdfd3adf35b9d4bd4837899a
 12:30:26 radius,debug,packet     EAP-Message = 0x010100061920
 12:30:26 radius,debug,packet     State = 0x6cd47aa768082d3c241f663618c6295a
 12:30:26 radius,debug,packet     Message-Authenticator = 0xa2032992b162fad255238f
84b9b5c7a5
 12:30:26 radius,debug received reply for 82:4d
 12:30:26 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:1 method:PEAP
 12:30:26 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:1 method:NAK(NONE)
 12:30:26 radius,debug new request 82:4e code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:30:26 radius,debug sending 82:4e to 127.0.0.1:1812
 12:30:26 radius,debug,packet sending Access-Request with id 75 to 127.0.0.1:1812
 12:30:26 radius,debug,packet     Signature = 0x50c2a5def1d59010435ba2254629f5c6
 12:30:26 radius,debug,packet     Framed-MTU = 1400
 12:30:26 radius,debug,packet     NAS-Port-Type = 15
 12:30:26 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:30:26 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:30:26 radius,debug,packet     Service-Type = 2
 12:30:26 radius,debug,packet     EAP-Message = 0x020100060300
 12:30:26 radius,debug,packet     User-Name = "Test2"
 12:30:26 radius,debug,packet     Acct-Session-Id = "0c000086"
 12:30:26 radius,debug,packet     NAS-Port-Id = "ether3"
 12:30:26 radius,debug,packet     State = 0x6cd47aa768082d3c241f663618c6295a
 12:30:26 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:30:26 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:30:26 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:30:26 radius,debug,packet     Message-Authenticator = 0x3190e8948f341b2531b284
6ac8a2f813
 12:30:26 manager,debug >>> rx Access-Request from [127.0.0.1]:34303, id: 75
 12:30:26 manager,debug <<< tx Access-Challenge to [127.0.0.1]:34303, id: 75
 12:30:26 radius,debug,packet received Access-Challenge with id 75 from 127.0.0.1:
1812
 12:30:26 radius,debug,packet     Signature = 0x344d5aaefd4bc332ef4ade09b2937981
 12:30:26 radius,debug,packet     EAP-Message = 0x010200061520
 12:30:26 radius,debug,packet     State = 0x6cd47aa768082d3c241f663618c6295a
 12:30:26 radius,debug,packet     Message-Authenticator = 0xf8d0dcdcb285fa084904e6
705faf3089
 12:30:26 radius,debug received reply for 82:4e
 12:30:26 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:2 method:TTLS
 12:30:26 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:2 method:NAK(PEAP)
 12:30:26 radius,debug new request 82:4f code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:30:26 radius,debug sending 82:4f to 127.0.0.1:1812
 12:30:26 radius,debug,packet sending Access-Request with id 76 to 127.0.0.1:1812
 12:30:26 radius,debug,packet     Signature = 0x5cb18d7ae3fce102151f1ea8349eadcb
 12:30:26 radius,debug,packet     Framed-MTU = 1400
 12:30:26 radius,debug,packet     NAS-Port-Type = 15
 12:30:26 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:30:26 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:30:26 radius,debug,packet     Service-Type = 2
 12:30:26 radius,debug,packet     EAP-Message = 0x020200060319
 12:30:26 radius,debug,packet     User-Name = "Test2"
 12:30:26 radius,debug,packet     Acct-Session-Id = "0c000086"
 12:30:26 radius,debug,packet     NAS-Port-Id = "ether3"
 12:30:26 radius,debug,packet     State = 0x6cd47aa768082d3c241f663618c6295a
 12:30:26 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:30:26 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:30:26 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:30:26 radius,debug,packet     Message-Authenticator = 0xa91bfca0664cf366a21375
80f9d110bf
 12:30:26 manager,debug >>> rx Access-Request from [127.0.0.1]:33637, id: 76
 12:30:26 manager,debug EAP rejected for user: "" 
 12:30:26 radius,debug resending 82:4f
 12:30:26 radius,debug,packet sending Access-Request with id 76 to 127.0.0.1:1812
 12:30:26 radius,debug,packet     Signature = 0x5cb18d7ae3fce102151f1ea8349eadcb
 12:30:26 radius,debug,packet     Framed-MTU = 1400
 12:30:26 radius,debug,packet     NAS-Port-Type = 15
 12:30:26 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:30:26 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:30:26 radius,debug,packet     Service-Type = 2
 12:30:26 radius,debug,packet     EAP-Message = 0x020200060319
 12:30:26 radius,debug,packet     User-Name = "Test2"
 12:30:26 radius,debug,packet     Acct-Session-Id = "0c000086"
 12:30:26 radius,debug,packet     NAS-Port-Id = "ether3"
 12:30:26 radius,debug,packet     State = 0x6cd47aa768082d3c241f663618c6295a
 12:30:26 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:30:26 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:30:26 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:30:26 radius,debug,packet     Message-Authenticator = 0xa91bfca0664cf366a21375
80f9d110bf
 12:30:26 radius,debug resending 82:4f
 12:30:26 radius,debug,packet sending Access-Request with id 76 to 127.0.0.1:1812
 12:30:26 radius,debug,packet     Signature = 0x5cb18d7ae3fce102151f1ea8349eadcb
 12:30:26 radius,debug,packet     Framed-MTU = 1400
 12:30:26 radius,debug,packet     NAS-Port-Type = 15
 12:30:26 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:30:26 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:30:26 radius,debug,packet     Service-Type = 2
 12:30:26 radius,debug,packet     EAP-Message = 0x020200060319
 12:30:26 radius,debug,packet     User-Name = "Test2"
 12:30:26 radius,debug,packet     Acct-Session-Id = "0c000086"
 12:30:26 radius,debug,packet     NAS-Port-Id = "ether3"
 12:30:26 radius,debug,packet     State = 0x6cd47aa768082d3c241f663618c6295a
 12:30:26 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:30:26 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:30:26 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:30:26 radius,debug,packet     Message-Authenticator = 0xa91bfca0664cf366a21375
80f9d110bf
 12:30:27 radius,debug timeout for 82:4f
 12:30:27 dot1x,debug s ether3 "Test2" radius req timeout on dot1x, waiting for ea
p timeout
 12:30:27 manager,debug <<< tx Access-Reject to [127.0.0.1]:33637, id: 76
 12:30:40 interface,info ether3 link down
 12:30:44 interface,info ether2 link up (speed 100M, full duplex)
 12:30:46 dhcp,info defconf deassigned 192.168.88.252 for 0C:38:3E:51:7E:D4 i53W
 12:30:47 dhcp,info defconf assigned 192.168.88.252 for 0C:38:3E:51:7E:D4 i53W
 12:31:07 interface,info ether2 link down
 12:31:10 interface,info ether3 link up (speed 100M, full duplex)
 12:31:10 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
 12:31:10 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:0 method:IDENTITY
 12:31:10 radius,debug new request 82:50 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:31:10 radius,debug sending 82:50 to 127.0.0.1:1812
 12:31:10 radius,debug,packet sending Access-Request with id 77 to 127.0.0.1:1812
 12:31:10 radius,debug,packet     Signature = 0xc22e1a66be3803c3a1081938ddbd75b3
 12:31:10 radius,debug,packet     Framed-MTU = 1400
 12:31:10 radius,debug,packet     NAS-Port-Type = 15
 12:31:10 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:31:10 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:31:10 radius,debug,packet     Service-Type = 2
 12:31:10 radius,debug,packet     EAP-Message = 0x0200000a015465737432
 12:31:10 radius,debug,packet     User-Name = "Test2"
 12:31:10 radius,debug,packet     Acct-Session-Id = "0d000086"
 12:31:10 radius,debug,packet     NAS-Port-Id = "ether3"
 12:31:10 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:31:10 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:31:10 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:31:10 radius,debug,packet     Message-Authenticator = 0xf9fdbd065d5415dbd87a75
19745cfe73
 12:31:10 manager,debug >>> rx Access-Request from [127.0.0.1]:40467, id: 77
 12:31:10 manager,debug <<< tx Access-Challenge to [127.0.0.1]:40467, id: 77
 12:31:10 radius,debug,packet received Access-Challenge with id 77 from 127.0.0.1:
1812
 12:31:10 radius,debug,packet     Signature = 0x0bcfbd2723401257e43ba6e55e95e6dd
 12:31:10 radius,debug,packet     EAP-Message = 0x010100061920
 12:31:10 radius,debug,packet     State = 0x6d907101e6703ebc66e18d8767b00554
 12:31:10 radius,debug,packet     Message-Authenticator = 0x1e75c89ed0d3034a187ea1
25f9ed2418
 12:31:10 radius,debug received reply for 82:50
 12:31:10 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:1 method:PEAP
 12:31:10 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:1 method:NAK(NONE)
 12:31:10 radius,debug new request 82:51 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:31:10 radius,debug sending 82:51 to 127.0.0.1:1812
 12:31:10 radius,debug,packet sending Access-Request with id 78 to 127.0.0.1:1812
 12:31:10 radius,debug,packet     Signature = 0x3ca6cb92bad1e78d4d972bd928541ade
 12:31:10 radius,debug,packet     Framed-MTU = 1400
 12:31:10 radius,debug,packet     NAS-Port-Type = 15
 12:31:10 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:31:10 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:31:10 radius,debug,packet     Service-Type = 2
 12:31:10 radius,debug,packet     EAP-Message = 0x020100060300
 12:31:10 radius,debug,packet     User-Name = "Test2"
 12:31:10 radius,debug,packet     Acct-Session-Id = "0d000086"
 12:31:10 radius,debug,packet     NAS-Port-Id = "ether3"
 12:31:10 radius,debug,packet     State = 0x6d907101e6703ebc66e18d8767b00554
 12:31:10 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:31:10 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:31:10 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:31:10 radius,debug,packet     Message-Authenticator = 0x45cad563edc4acf5e28856
c79dc8944e
 12:31:10 manager,debug >>> rx Access-Request from [127.0.0.1]:38574, id: 78
 12:31:10 manager,debug <<< tx Access-Challenge to [127.0.0.1]:38574, id: 78
 12:31:10 radius,debug,packet received Access-Challenge with id 78 from 127.0.0.1:
1812
 12:31:10 radius,debug,packet     Signature = 0xd8e724bbc303426759da19427e19a67b
 12:31:10 radius,debug,packet     EAP-Message = 0x010200061520
 12:31:10 radius,debug,packet     State = 0x6d907101e6703ebc66e18d8767b00554
 12:31:10 radius,debug,packet     Message-Authenticator = 0x985b94eeeb9af181a547b7
8bcc22ff75
 12:31:10 radius,debug received reply for 82:51
 12:31:10 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:2 method:TTLS
 12:31:10 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:2 method:NAK(PEAP)
 12:31:10 radius,debug new request 82:52 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:31:10 radius,debug sending 82:52 to 127.0.0.1:1812
 12:31:10 radius,debug,packet sending Access-Request with id 79 to 127.0.0.1:1812
 12:31:10 radius,debug,packet     Signature = 0x554f5b89efb95a42204eb26da777cabe
 12:31:10 radius,debug,packet     Framed-MTU = 1400
 12:31:10 radius,debug,packet     NAS-Port-Type = 15
 12:31:10 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:31:10 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:31:10 radius,debug,packet     Service-Type = 2
 12:31:10 radius,debug,packet     EAP-Message = 0x020200060319
 12:31:10 radius,debug,packet     User-Name = "Test2"
 12:31:10 radius,debug,packet     Acct-Session-Id = "0d000086"
 12:31:10 radius,debug,packet     NAS-Port-Id = "ether3"
 12:31:10 radius,debug,packet     State = 0x6d907101e6703ebc66e18d8767b00554
 12:31:10 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:31:10 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:31:10 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:31:10 radius,debug,packet     Message-Authenticator = 0xbc7b6fc9d59b1ede2216a7
a7cca36d42
 12:31:10 manager,debug >>> rx Access-Request from [127.0.0.1]:52784, id: 79
 12:31:10 manager,debug EAP rejected for user: "" 
 12:31:11 radius,debug resending 82:52
 12:31:11 radius,debug,packet sending Access-Request with id 79 to 127.0.0.1:1812
 12:31:11 radius,debug,packet     Signature = 0x554f5b89efb95a42204eb26da777cabe
 12:31:11 radius,debug,packet     Framed-MTU = 1400
 12:31:11 radius,debug,packet     NAS-Port-Type = 15
 12:31:11 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:31:11 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:31:11 radius,debug,packet     Service-Type = 2
 12:31:11 radius,debug,packet     EAP-Message = 0x020200060319
 12:31:11 radius,debug,packet     User-Name = "Test2"
 12:31:11 radius,debug,packet     Acct-Session-Id = "0d000086"
 12:31:11 radius,debug,packet     NAS-Port-Id = "ether3"
 12:31:11 radius,debug,packet     State = 0x6d907101e6703ebc66e18d8767b00554
 12:31:11 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:31:11 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:31:11 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:31:11 radius,debug,packet     Message-Authenticator = 0xbc7b6fc9d59b1ede2216a7
a7cca36d42
 12:31:11 radius,debug resending 82:52
 12:31:11 radius,debug,packet sending Access-Request with id 79 to 127.0.0.1:1812
 12:31:11 radius,debug,packet     Signature = 0x554f5b89efb95a42204eb26da777cabe
 12:31:11 radius,debug,packet     Framed-MTU = 1400
 12:31:11 radius,debug,packet     NAS-Port-Type = 15
 12:31:11 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:31:11 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:31:11 radius,debug,packet     Service-Type = 2
 12:31:11 radius,debug,packet     EAP-Message = 0x020200060319
 12:31:11 radius,debug,packet     User-Name = "Test2"
 12:31:11 radius,debug,packet     Acct-Session-Id = "0d000086"
 12:31:11 radius,debug,packet     NAS-Port-Id = "ether3"
 12:31:11 radius,debug,packet     State = 0x6d907101e6703ebc66e18d8767b00554
 12:31:11 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:31:11 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:31:11 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:31:11 radius,debug,packet     Message-Authenticator = 0xbc7b6fc9d59b1ede2216a7
a7cca36d42
 12:31:11 radius,debug timeout for 82:52
 12:31:11 dot1x,debug s ether3 "Test2" radius req timeout on dot1x, waiting for ea
p timeout
 12:31:11 manager,debug <<< tx Access-Reject to [127.0.0.1]:52784, id: 79
 12:31:32 interface,info ether3 link down
 12:31:34 interface,info ether2 link up (speed 100M, full duplex)
 12:31:40 dhcp,info defconf deassigned 192.168.88.252 for 0C:38:3E:51:7E:D4 i53W
 12:31:40 dhcp,info defconf assigned 192.168.88.252 for 0C:38:3E:51:7E:D4 i53W
 12:32:50 interface,info ether2 link down
 12:32:52 interface,info ether3 link up (speed 100M, full duplex)
 12:32:52 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
 12:32:52 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:0 method:IDENTITY
 12:32:52 radius,debug new request 82:53 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:32:52 radius,debug sending 82:53 to 127.0.0.1:1812
 12:32:52 radius,debug,packet sending Access-Request with id 80 to 127.0.0.1:1812
 12:32:52 radius,debug,packet     Signature = 0xf5525862692e19239ed560d6e96b4385
 12:32:52 radius,debug,packet     Framed-MTU = 1400
 12:32:52 radius,debug,packet     NAS-Port-Type = 15
 12:32:52 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:32:52 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:32:52 radius,debug,packet     Service-Type = 2
 12:32:52 radius,debug,packet     EAP-Message = 0x0200000a015465737432
 12:32:52 radius,debug,packet     User-Name = "Test2"
 12:32:52 radius,debug,packet     Acct-Session-Id = "0e000086"
 12:32:52 radius,debug,packet     NAS-Port-Id = "ether3"
 12:32:52 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:32:52 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:32:52 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:32:52 radius,debug,packet     Message-Authenticator = 0x86877315c977d7121ba6e6
c64ec7aee1
 12:32:52 manager,debug >>> rx Access-Request from [127.0.0.1]:44954, id: 80
 12:32:52 manager,debug <<< tx Access-Challenge to [127.0.0.1]:44954, id: 80
 12:32:52 radius,debug,packet received Access-Challenge with id 80 from 127.0.0.1:
1812
 12:32:52 radius,debug,packet     Signature = 0x6426325e7e5bfde9b8fd034e735b97d6
 12:32:52 radius,debug,packet     EAP-Message = 0x010100061920
 12:32:52 radius,debug,packet     State = 0x405e9f1e39b8131b1c740f97d5278586
 12:32:52 radius,debug,packet     Message-Authenticator = 0x80a5c3d8307f8ab4d45e11
bd79415257
 12:32:52 radius,debug received reply for 82:53
 12:32:52 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:1 method:PEAP
 12:32:52 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:1 method:NAK(TLS)
 12:32:52 radius,debug new request 82:54 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:32:52 radius,debug sending 82:54 to 127.0.0.1:1812
 12:32:52 radius,debug,packet sending Access-Request with id 81 to 127.0.0.1:1812
 12:32:52 radius,debug,packet     Signature = 0x878cec3cc2b7b71cc9c87935d4873610
 12:32:52 radius,debug,packet     Framed-MTU = 1400
 12:32:52 radius,debug,packet     NAS-Port-Type = 15
 12:32:52 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:32:52 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:32:52 radius,debug,packet     Service-Type = 2
 12:32:52 radius,debug,packet     EAP-Message = 0x02010006030d
 12:32:52 radius,debug,packet     User-Name = "Test2"
 12:32:52 radius,debug,packet     Acct-Session-Id = "0e000086"
 12:32:52 radius,debug,packet     NAS-Port-Id = "ether3"
 12:32:52 radius,debug,packet     State = 0x405e9f1e39b8131b1c740f97d5278586
 12:32:52 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:32:52 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:32:52 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:32:52 radius,debug,packet     Message-Authenticator = 0xbaf0fc90f12aff346b49c6
0cd0ab69a6
 12:32:52 manager,debug >>> rx Access-Request from [127.0.0.1]:56605, id: 81
 12:32:52 manager,debug <<< tx Access-Challenge to [127.0.0.1]:56605, id: 81
 12:32:52 radius,debug,packet received Access-Challenge with id 81 from 127.0.0.1:
1812
 12:32:52 radius,debug,packet     Signature = 0x06f8fcf7ff03f21b360c61b2a7151d44
 12:32:52 radius,debug,packet     EAP-Message = 0x010200061520
 12:32:52 radius,debug,packet     State = 0x405e9f1e39b8131b1c740f97d5278586
 12:32:52 radius,debug,packet     Message-Authenticator = 0x9f82dcccd5d552ff883ec1
39245d1c20
 12:32:52 radius,debug received reply for 82:54
 12:32:52 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:2 method:TTLS
 12:32:52 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:2 method:NAK(TLS)
 12:32:52 radius,debug new request 82:55 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:32:52 radius,debug sending 82:55 to 127.0.0.1:1812
 12:32:52 radius,debug,packet sending Access-Request with id 82 to 127.0.0.1:1812
 12:32:52 radius,debug,packet     Signature = 0xf0aaf246f89cee6ee407fb4bc749f743
 12:32:52 radius,debug,packet     Framed-MTU = 1400
 12:32:52 radius,debug,packet     NAS-Port-Type = 15
 12:32:52 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:32:52 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:32:52 radius,debug,packet     Service-Type = 2
 12:32:52 radius,debug,packet     EAP-Message = 0x02020006030d
 12:32:52 radius,debug,packet     User-Name = "Test2"
 12:32:52 radius,debug,packet     Acct-Session-Id = "0e000086"
 12:32:52 radius,debug,packet     NAS-Port-Id = "ether3"
 12:32:52 radius,debug,packet     State = 0x405e9f1e39b8131b1c740f97d5278586
 12:32:52 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:32:52 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:32:52 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:32:52 radius,debug,packet     Message-Authenticator = 0x078b9f998c0f4a0d9a66c3
d46fd08de7
 12:32:52 manager,debug >>> rx Access-Request from [127.0.0.1]:35972, id: 82
 12:32:52 manager,debug EAP rejected for user: "" 
 12:32:52 radius,debug resending 82:55
 12:32:52 radius,debug,packet sending Access-Request with id 82 to 127.0.0.1:1812
 12:32:52 radius,debug,packet     Signature = 0xf0aaf246f89cee6ee407fb4bc749f743
 12:32:52 radius,debug,packet     Framed-MTU = 1400
 12:32:52 radius,debug,packet     NAS-Port-Type = 15
 12:32:52 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:32:52 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:32:52 radius,debug,packet     Service-Type = 2
 12:32:52 radius,debug,packet     EAP-Message = 0x02020006030d
 12:32:52 radius,debug,packet     User-Name = "Test2"
 12:32:52 radius,debug,packet     Acct-Session-Id = "0e000086"
 12:32:52 radius,debug,packet     NAS-Port-Id = "ether3"
 12:32:52 radius,debug,packet     State = 0x405e9f1e39b8131b1c740f97d5278586
 12:32:52 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:32:52 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:32:52 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:32:52 radius,debug,packet     Message-Authenticator = 0x078b9f998c0f4a0d9a66c3
d46fd08de7
 12:32:53 radius,debug resending 82:55
 12:32:53 radius,debug,packet sending Access-Request with id 82 to 127.0.0.1:1812
 12:32:53 radius,debug,packet     Signature = 0xf0aaf246f89cee6ee407fb4bc749f743
 12:32:53 radius,debug,packet     Framed-MTU = 1400
 12:32:53 radius,debug,packet     NAS-Port-Type = 15
 12:32:53 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:32:53 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:32:53 radius,debug,packet     Service-Type = 2
 12:32:53 radius,debug,packet     EAP-Message = 0x02020006030d
 12:32:53 radius,debug,packet     User-Name = "Test2"
 12:32:53 radius,debug,packet     Acct-Session-Id = "0e000086"
 12:32:53 radius,debug,packet     NAS-Port-Id = "ether3"
 12:32:53 radius,debug,packet     State = 0x405e9f1e39b8131b1c740f97d5278586
 12:32:53 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:32:53 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:32:53 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:32:53 radius,debug,packet     Message-Authenticator = 0x078b9f998c0f4a0d9a66c3
d46fd08de7
 12:32:53 radius,debug timeout for 82:55
 12:32:53 dot1x,debug s ether3 "Test2" radius req timeout on dot1x, waiting for ea
p timeout
 12:32:53 manager,debug <<< tx Access-Reject to [127.0.0.1]:35972, id: 82
 12:33:23 dot1x,packet s ether3 rx EAPOL-Start
 12:33:23 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
 12:33:23 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:0 method:IDENTITY
 12:33:23 radius,debug new request 82:56 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:33:23 radius,debug sending 82:56 to 127.0.0.1:1812
 12:33:23 radius,debug,packet sending Access-Request with id 83 to 127.0.0.1:1812
 12:33:23 radius,debug,packet     Signature = 0xbd58805820bba1d5b3c3bab2ace6b640
 12:33:23 radius,debug,packet     Framed-MTU = 1400
 12:33:23 radius,debug,packet     NAS-Port-Type = 15
 12:33:23 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:33:23 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:33:23 radius,debug,packet     Service-Type = 2
 12:33:23 radius,debug,packet     EAP-Message = 0x0200000a015465737432
 12:33:23 radius,debug,packet     User-Name = "Test2"
 12:33:23 radius,debug,packet     Acct-Session-Id = "0f000086"
 12:33:23 radius,debug,packet     NAS-Port-Id = "ether3"
 12:33:23 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:33:23 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:33:23 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:33:23 radius,debug,packet     Message-Authenticator = 0x8f2b95dedf7be8bfd7854d
3d09f49eda
 12:33:23 manager,debug >>> rx Access-Request from [127.0.0.1]:43125, id: 83
 12:33:23 manager,debug <<< tx Access-Challenge to [127.0.0.1]:43125, id: 83
 12:33:23 radius,debug,packet received Access-Challenge with id 83 from 127.0.0.1:
1812
 12:33:23 radius,debug,packet     Signature = 0x8b7b8feb6a5f80de0550d6204ecba498
 12:33:23 radius,debug,packet     EAP-Message = 0x010100061920
 12:33:23 radius,debug,packet     State = 0xe3ac06e995fe8d465361a119257b006a
 12:33:23 radius,debug,packet     Message-Authenticator = 0xab94c70068e4865d594baf
d55292734c
 12:33:23 radius,debug received reply for 82:56
 12:33:23 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:1 method:PEAP
 12:33:23 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:1 method:NAK(TLS)
 12:33:23 radius,debug new request 82:57 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:33:23 radius,debug sending 82:57 to 127.0.0.1:1812
 12:33:23 radius,debug,packet sending Access-Request with id 84 to 127.0.0.1:1812
 12:33:23 radius,debug,packet     Signature = 0x437a3fe9b60cd7d9bd1f6bfda83eb1fd
 12:33:23 radius,debug,packet     Framed-MTU = 1400
 12:33:23 radius,debug,packet     NAS-Port-Type = 15
 12:33:23 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:33:23 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:33:23 radius,debug,packet     Service-Type = 2
 12:33:23 radius,debug,packet     EAP-Message = 0x02010006030d
 12:33:23 radius,debug,packet     User-Name = "Test2"
 12:33:23 radius,debug,packet     Acct-Session-Id = "0f000086"
 12:33:23 radius,debug,packet     NAS-Port-Id = "ether3"
 12:33:23 radius,debug,packet     State = 0xe3ac06e995fe8d465361a119257b006a
 12:33:23 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:33:23 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:33:23 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:33:23 radius,debug,packet     Message-Authenticator = 0x414e0c5af3017b887917c0
c03abe6279
 12:33:23 radius,debug,packet received Access-Challenge with id 84 from 127.0.0.1:
1812
 12:33:23 radius,debug,packet     Signature = 0x1b0bc506e232a6669be10b167a184e7f
 12:33:23 manager,debug >>> rx Access-Request from [127.0.0.1]:46015, id: 84
 12:33:23 manager,debug <<< tx Access-Challenge to [127.0.0.1]:46015, id: 84
 12:33:23 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:2 method:TTLS
 12:33:23 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:2 method:NAK(TLS)
 12:33:23 radius,debug,packet     EAP-Message = 0x010200061520
 12:33:23 radius,debug,packet     State = 0xe3ac06e995fe8d465361a119257b006a
 12:33:23 radius,debug,packet     Message-Authenticator = 0xe789a32c83e5331915c938
2ed2621861
 12:33:23 radius,debug received reply for 82:57
 12:33:23 radius,debug new request 82:58 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:33:23 radius,debug sending 82:58 to 127.0.0.1:1812
 12:33:23 radius,debug,packet sending Access-Request with id 85 to 127.0.0.1:1812
 12:33:23 radius,debug,packet     Signature = 0x01bc2ea65467a3baa80bc818a87a6a65
 12:33:23 radius,debug,packet     Framed-MTU = 1400
 12:33:23 radius,debug,packet     NAS-Port-Type = 15
 12:33:23 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:33:23 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:33:23 radius,debug,packet     Service-Type = 2
 12:33:23 radius,debug,packet     EAP-Message = 0x02020006030d
 12:33:23 radius,debug,packet     User-Name = "Test2"
 12:33:23 radius,debug,packet     Acct-Session-Id = "0f000086"
 12:33:23 radius,debug,packet     NAS-Port-Id = "ether3"
 12:33:23 radius,debug,packet     State = 0xe3ac06e995fe8d465361a119257b006a
 12:33:23 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:33:23 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:33:23 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:33:23 radius,debug,packet     Message-Authenticator = 0x7f98e0733e523708a77e0e
985101275d
 12:33:23 manager,debug >>> rx Access-Request from [127.0.0.1]:47836, id: 85
 12:33:23 manager,debug EAP rejected for user: "" 
 12:33:24 radius,debug resending 82:58
 12:33:24 radius,debug,packet sending Access-Request with id 85 to 127.0.0.1:1812
 12:33:24 radius,debug,packet     Signature = 0x01bc2ea65467a3baa80bc818a87a6a65
 12:33:24 radius,debug,packet     Framed-MTU = 1400
 12:33:24 radius,debug,packet     NAS-Port-Type = 15
 12:33:24 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:33:24 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:33:24 radius,debug,packet     Service-Type = 2
 12:33:24 radius,debug,packet     EAP-Message = 0x02020006030d
 12:33:24 radius,debug,packet     User-Name = "Test2"
 12:33:24 radius,debug,packet     Acct-Session-Id = "0f000086"
 12:33:24 radius,debug,packet     NAS-Port-Id = "ether3"
 12:33:24 radius,debug,packet     State = 0xe3ac06e995fe8d465361a119257b006a
 12:33:24 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:33:24 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:33:24 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:33:24 radius,debug,packet     Message-Authenticator = 0x7f98e0733e523708a77e0e
985101275d
 12:33:24 radius,debug resending 82:58
 12:33:24 radius,debug,packet sending Access-Request with id 85 to 127.0.0.1:1812
 12:33:24 radius,debug,packet     Signature = 0x01bc2ea65467a3baa80bc818a87a6a65
 12:33:24 radius,debug,packet     Framed-MTU = 1400
 12:33:24 radius,debug,packet     NAS-Port-Type = 15
 12:33:24 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:33:24 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:33:24 radius,debug,packet     Service-Type = 2
 12:33:24 radius,debug,packet     EAP-Message = 0x02020006030d
 12:33:24 radius,debug,packet     User-Name = "Test2"
 12:33:24 radius,debug,packet     Acct-Session-Id = "0f000086"
 12:33:24 radius,debug,packet     NAS-Port-Id = "ether3"
 12:33:24 radius,debug,packet     State = 0xe3ac06e995fe8d465361a119257b006a
 12:33:24 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:33:24 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:33:24 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:33:24 radius,debug,packet     Message-Authenticator = 0x7f98e0733e523708a77e0e
985101275d
 12:33:24 radius,debug timeout for 82:58
 12:33:24 dot1x,debug s ether3 "Test2" radius req timeout on dot1x, waiting for ea
p timeout
 12:33:24 manager,debug <<< tx Access-Reject to [127.0.0.1]:47836, id: 85
 12:33:36 interface,info ether3 link down
 12:33:41 interface,info ether2 link up (speed 100M, full duplex)
 12:33:44 dhcp,info defconf deassigned 192.168.88.252 for 0C:38:3E:51:7E:D4 i53W
 12:33:44 dhcp,info defconf assigned 192.168.88.252 for 0C:38:3E:51:7E:D4 i53W
 12:34:25 interface,info ether2 link down
 12:34:27 interface,info ether3 link up (speed 100M, full duplex)
 12:34:27 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
 12:34:57 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
 12:34:57 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:0 method:IDENTITY
 12:34:57 radius,debug new request 82:59 code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:34:57 radius,debug sending 82:59 to 127.0.0.1:1812
 12:34:57 radius,debug,packet sending Access-Request with id 86 to 127.0.0.1:1812
 12:34:57 radius,debug,packet     Signature = 0xe4c99db1c6df1a7edfc91749c75962e9
 12:34:57 radius,debug,packet     Framed-MTU = 1400
 12:34:57 radius,debug,packet     NAS-Port-Type = 15
 12:34:57 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:34:57 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:34:57 radius,debug,packet     Service-Type = 2
 12:34:57 radius,debug,packet     EAP-Message = 0x0200000a015465737432
 12:34:57 radius,debug,packet     User-Name = "Test2"
 12:34:57 radius,debug,packet     Acct-Session-Id = "10000086"
 12:34:57 radius,debug,packet     NAS-Port-Id = "ether3"
 12:34:57 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:34:57 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:34:57 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:34:57 radius,debug,packet     Message-Authenticator = 0xec5a482dd3ec32f76bc8a4
6d926e1102
 12:34:57 manager,debug >>> rx Access-Request from [127.0.0.1]:38137, id: 86
 12:34:57 manager,debug <<< tx Access-Challenge to [127.0.0.1]:38137, id: 86
 12:34:57 radius,debug,packet received Access-Challenge with id 86 from 127.0.0.1:
1812
 12:34:57 radius,debug,packet     Signature = 0xc8377cb4c58293c5e3dd128868e9303a
 12:34:57 radius,debug,packet     EAP-Message = 0x010100061920
 12:34:57 radius,debug,packet     State = 0x8f76ba6a007738ea1b185fc304dc0a6a
 12:34:57 radius,debug,packet     Message-Authenticator = 0x3f639699aa4396efd75093
8b8d2bceb6
 12:34:57 radius,debug received reply for 82:59
 12:34:57 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:1 method:PEAP
 12:34:57 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:1 method:PEAP
 12:34:57 radius,debug new request 82:5a code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:34:57 radius,debug sending 82:5a to 127.0.0.1:1812
 12:34:57 radius,debug,packet sending Access-Request with id 87 to 127.0.0.1:1812
 12:34:57 radius,debug,packet     Signature = 0xb62c13668dffc6cbc5841851813f8794
 12:34:57 radius,debug,packet     Framed-MTU = 1400
 12:34:57 radius,debug,packet     NAS-Port-Type = 15
 12:34:57 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:34:57 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:34:57 radius,debug,packet     Service-Type = 2
 12:34:57 radius,debug,packet     EAP-Message = 0x0201013919800000012f160301012a01
 12:34:57 radius,debug,packet       0001260303042d826a960cf6c98823b6
 12:34:57 radius,debug,packet       aed1f419a0c79719850649840007bcc1
 12:34:57 radius,debug,packet       d6dadfaaf00000acc030c02cc028c024
 12:34:57 radius,debug,packet       c014c00a00a500a300a1009f006b006a
 12:34:57 radius,debug,packet       00690068003900380037003600880087
 12:34:57 radius,debug,packet       00860085c032c02ec02ac026c00fc005
 12:34:57 radius,debug,packet       009d003d00350084c02fc02bc027c023
 12:34:57 radius,debug,packet       c013c00900a400a200a0009e00670040
 12:34:57 radius,debug,packet       003f003e0033003200310030009a0099
 12:34:57 radius,debug,packet       009800970045004400430042c031c02d
 12:34:57 radius,debug,packet       c029c025c00ec004009c003c002f0096
 12:34:57 radius,debug,packet       00410007c011c007c00cc00200050004
 12:34:57 radius,debug,packet       c012c008001600130010000dc00dc003
 12:34:57 radius,debug,packet       000a00ff01000051000b000403000102
 12:34:57 radius,debug,packet       000a001c001a00170019001c00
 12:34:57 radius,debug,packet     EAP-Message = 0x1b0018001a0016000e000d000b000c00
 12:34:57 radius,debug,packet       09000a000d0020001e06010602060305
 12:34:57 radius,debug,packet       01050205030401040204030301030203
 12:34:57 radius,debug,packet       03020102020203000f000101
 12:34:57 radius,debug,packet     User-Name = "Test2"
 12:34:57 radius,debug,packet     Acct-Session-Id = "10000086"
 12:34:57 radius,debug,packet     NAS-Port-Id = "ether3"
 12:34:57 radius,debug,packet     State = 0x8f76ba6a007738ea1b185fc304dc0a6a
 12:34:57 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:34:57 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:34:57 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:34:57 radius,debug,packet     Message-Authenticator = 0xf98ffcad0d9772bc6790a7
3fb9bb5c3c
 12:34:57 manager,debug >>> rx Access-Request from [127.0.0.1]:47921, id: 87
 12:34:57 radius,debug,packet received Access-Challenge with id 87 from 127.0.0.1:
1812
 12:34:57 radius,debug,packet     Signature = 0xd19c330a7fb791c9588a43e82762cad4
 12:34:57 radius,debug,packet     EAP-Message = 0x0102058219c000000697160303003102
 12:34:57 radius,debug,packet       00002d03033baf262ba9cb0ceb3021f1
 12:34:57 radius,debug,packet       cb916acad89e5b0d9c1f87d1db015475
 12:34:57 radius,debug,packet       b1d384fb4000c030000005ff01000100
 12:34:57 radius,debug,packet       16030305010b0004fd0004fa0004f730
 12:34:57 radius,debug,packet       8204f3308203dba003020102021203d6
 12:34:57 radius,debug,packet       5ed438b706f116064f8fa61ea0f386ac
 12:34:57 radius,debug,packet       300d06092a864886f70d01010b050030
 12:34:57 radius,debug,packet       33310b30090603550406130255533116
 12:34:57 radius,debug,packet       3014060355040a130d4c657427732045
 12:34:57 radius,debug,packet       6e6372797074310c300a060355040313
 12:34:57 radius,debug,packet       03523131301e170d3234303631393036
 12:34:57 radius,debug,packet       353332365a170d323430393137303635
 12:34:57 radius,debug,packet       3332355a301c311a3018060355040313
 12:34:57 radius,debug,packet       11666964656e73616c2e64646e732e6e
 12:34:57 radius,debug,packet       657430820122300d06092a8648
 12:34:57 radius,debug,packet     EAP-Message = 0x86f70d01010105000382010f00308201
 12:34:57 radius,debug,packet       0a0282010100cd2c5d49c4beffb0c400
 12:34:57 radius,debug,packet       bc39b822a1b88d070d7a7ee09935a215
 12:34:57 radius,debug,packet       2433fe5b139f5ca4417461f64223451f
 12:34:57 radius,debug,packet       36cc66485918eca0c5c6eca048837db4
 12:34:57 radius,debug,packet       79fe75cbcecc6af55e9b5597c053c52c
 12:34:57 radius,debug,packet       996f99d386bd71badec362eced3995a6
 12:34:57 radius,debug,packet       655396ca6fa3c50a34d38ccbbd1d1c4f
 12:34:57 radius,debug,packet       3034c1edde085eedc9db113d5b7d3aee
 12:34:57 radius,debug,packet       510836ce0bca1698e7c2c77390b4a547
 12:34:57 radius,debug,packet       9f7c4e28b6750d22d96c753814733714
 12:34:57 radius,debug,packet       46b37f52aaac8546808154b29d3b7904
 12:34:57 radius,debug,packet       33042fc3d3a1a6e58f1843fd28795c49
 12:34:57 radius,debug,packet       3152bfa05f055405ca3154afc44d668e
 12:34:57 radius,debug,packet       2ddc53d920d3d4d5cd63c6fbbe1a991b
 12:34:57 radius,debug,packet       6f4cf335630770360772482e16
 12:34:57 radius,debug,packet     EAP-Message = 0xfbdd020da6489a2fc443f6179f2ee593
 12:34:57 radius,debug,packet       0f02b4209aa7561ebb0203010001a382
 12:34:57 radius,debug,packet       021630820212300e0603551d0f0101ff
 12:34:57 radius,debug,packet       0404030205a0301d0603551d25041630
 12:34:57 radius,debug,packet       1406082b0601050507030106082b0601
 12:34:57 radius,debug,packet       0505070302300c0603551d130101ff04
 12:34:57 radius,debug,packet       023000301d0603551d0e04160414ebcf
 12:34:57 radius,debug,packet       4fc5d52514d398c02e1a9c4eaf90a74c
 12:34:57 radius,debug,packet       9474301f0603551d23041830168014c5
 12:34:57 radius,debug,packet       cf46a4eaf4c3c07a6c95c42db05e922f
 12:34:57 radius,debug,packet       26e3b9305706082b0601050507010104
 12:34:57 radius,debug,packet       4b3049302206082b0601050507300186
 12:34:57 radius,debug,packet       16687474703a2f2f7231312e6f2e6c65
 12:34:57 manager,debug <<< tx Access-Challenge to [127.0.0.1]:47921, id: 87
 12:34:57 radius,debug,packet       6e63722e6f7267302306082b06010505
 12:34:57 radius,debug,packet       0730028617687474703a2f2f7231312e
 12:34:57 radius,debug,packet       692e6c656e63722e6f72672f30
 12:34:57 radius,debug,packet     EAP-Message = 0x1c0603551d1104153013821166696465
 12:34:57 radius,debug,packet       6e73616c2e64646e732e6e6574301306
 12:34:57 radius,debug,packet       03551d20040c300a3008060667810c01
 12:34:57 radius,debug,packet       020130820105060a2b06010401d67902
 12:34:57 radius,debug,packet       04020481f60481f300f1007700199810
 12:34:57 radius,debug,packet       7109f0d6522e3080d29e3f64bb836e28
 12:34:57 radius,debug,packet       ccf90f528eeedfce4a3f16b4ca000001
 12:34:57 radius,debug,packet       902f7c7eb00000040300483046022100
 12:34:57 radius,debug,packet       e5812a994ab8019c88723b5436a02fca
 12:34:57 radius,debug,packet       21dc542b2b05e4b6340f855b35b1daa6
 12:34:57 radius,debug,packet       022100bd53631915488eb4336649b61f
 12:34:57 radius,debug,packet       e2e9aa856ae7f2f148b4822b65a39b24
 12:34:57 radius,debug,packet       15d8e800760076ff883f0ab6fb9551c2
 12:34:57 radius,debug,packet       61ccf587ba34b4a4cdbb29dc68420a9f
 12:34:57 radius,debug,packet       e6674c5a3a74000001902f7c7ef40000
 12:34:57 radius,debug,packet       0403004730450221009c882666
 12:34:57 radius,debug,packet     EAP-Message = 0x2e6822b4a29dc828b268434370826325
 12:34:57 radius,debug,packet       544cb3664c2f5b7ff653285102200d21
 12:34:57 radius,debug,packet       55fac6dae0084f799a48a93b27ab64f7
 12:34:57 radius,debug,packet       b7d1798aae1375a6cfe78c33a093300d
 12:34:57 radius,debug,packet       06092a864886f70d01010b0500038201
 12:34:57 radius,debug,packet       01007d931a297b3b7c2e95c8126220b1
 12:34:57 radius,debug,packet       abddd01c5ef1b8288e6af0eae8b8777f
 12:34:57 radius,debug,packet       04e2b26005889e82d5d603b3f9c5086c
 12:34:57 radius,debug,packet       b4f99eb0a389f7060689d4b015383610
 12:34:57 radius,debug,packet       d8c6d08ec4a17f0be2f521b0676c5b41
 12:34:57 radius,debug,packet       b430bef973eb54f5cee0c6c2a17912f6
 12:34:57 radius,debug,packet       1139eba1616ece9bc5a38fc8ae1e4bed
 12:34:57 radius,debug,packet       2b6a55d4c559ecb047efe4a32808b2e6
 12:34:57 radius,debug,packet       288e8f513e35f5a3b22366cb2d5f4f2b
 12:34:57 radius,debug,packet       697f59f57dc7d47535bfd9c62552df8c
 12:34:57 radius,debug,packet       d211dd13200c1fcffb52e40587
 12:34:57 radius,debug,packet     EAP-Message = 0xa26797254a2e45ccfc756b5cce4c6c3d
 12:34:57 radius,debug,packet       62cb9494a12a62778529003c5b554eca
 12:34:57 radius,debug,packet       4a014f12568db1db5aa1cc1e5cdd8e9a
 12:34:57 radius,debug,packet       02d786563179afa87b865c10dd40fb52
 12:34:57 radius,debug,packet       10ea34182663b27fa6c3ae79d3e7ec0b
 12:34:57 radius,debug,packet       aa6a755111160303014d0c0001490300
 12:34:57 radius,debug,packet       1741048a0131c8ab92df8340241d36d9
 12:34:57 radius,debug,packet       1ed65847b09438f78d4e13531d8505fe
 12:34:57 radius,debug,packet       bb413a302d3ce5f557e1e78e34b03914
 12:34:57 radius,debug,packet       8b
 12:34:57 radius,debug,packet     State = 0x8f76ba6a007738ea1b185fc304dc0a6a
 12:34:57 radius,debug,packet     Message-Authenticator = 0x0f33c2d8542e6ae0ee27ca
37152901fa
 12:34:57 radius,debug received reply for 82:5a
 12:34:57 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:2 method:PEAP
 12:34:57 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:2 method:PEAP
 12:34:57 radius,debug new request 82:5b code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:34:57 radius,debug sending 82:5b to 127.0.0.1:1812
 12:34:57 radius,debug,packet sending Access-Request with id 88 to 127.0.0.1:1812
 12:34:57 radius,debug,packet     Signature = 0xb07463120967483c185480568fb15677
 12:34:57 radius,debug,packet     Framed-MTU = 1400
 12:34:57 radius,debug,packet     NAS-Port-Type = 15
 12:34:57 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:34:57 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:34:57 radius,debug,packet     Service-Type = 2
 12:34:57 radius,debug,packet     EAP-Message = 0x020200061900
 12:34:57 radius,debug,packet     User-Name = "Test2"
 12:34:57 radius,debug,packet     Acct-Session-Id = "10000086"
 12:34:57 radius,debug,packet     NAS-Port-Id = "ether3"
 12:34:57 radius,debug,packet     State = 0x8f76ba6a007738ea1b185fc304dc0a6a
 12:34:57 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:34:57 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:34:57 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:34:57 radius,debug,packet     Message-Authenticator = 0x409ab613bf661e9d5ad222
145e7a48bb
 12:34:57 manager,debug >>> rx Access-Request from [127.0.0.1]:46109, id: 88
 12:34:57 radius,debug,packet received Access-Challenge with id 88 from 127.0.0.1:
1812
 12:34:57 radius,debug,packet     Signature = 0xeb7a62d82618435c99d0b04152177262
 12:34:57 radius,debug,packet     EAP-Message = 0x0103012519005434dfc47bfc212d6347
 12:34:57 radius,debug,packet       f37b88fce8064f3d02010100397c314a
 12:34:57 radius,debug,packet       cd45ce4256ec0e4820b6fb12104613f4
 12:34:57 radius,debug,packet       0ae6802e3e138b30e2295fc2d1572266
 12:34:57 radius,debug,packet       1c900d5bd0b86c6a972aa74d26a5029f
 12:34:57 radius,debug,packet       a324c84030436a9d7380dd962550658c
 12:34:57 radius,debug,packet       4169db410801e2c4494aeb69b4e9f7dd
 12:34:57 radius,debug,packet       7ab603b2e1c6818bdb51936af30af4b1
 12:34:57 radius,debug,packet       3ed3ef0e4e6360b05209944ac26d0550
 12:34:57 radius,debug,packet       51425f426c08b3a92f3675c53d22a656
 12:34:57 radius,debug,packet       3032f9d53ed5a3a6e4a5c5c222b17f97
 12:34:57 radius,debug,packet       dc646322882b3eb397e2bfc5b1fd3209
 12:34:57 radius,debug,packet       9292e60e9d1245c91d7d206f24916e58
 12:34:57 radius,debug,packet       c58cfd548ffc081ee2d64923b34144b9
 12:34:57 radius,debug,packet       b6b180521709463daa28176045476d85
 12:34:57 radius,debug,packet       1abaa0920ab6357af0138e984c
 12:34:57 radius,debug,packet     EAP-Message = 0xbf3b5ae1c25df0bb23d311c337e9dde1
 12:34:57 radius,debug,packet       a35c87bfd3862e193c6517bee6e3aa16
 12:34:57 radius,debug,packet       030300040e000000
 12:34:57 radius,debug,packet     State = 0x8f76ba6a007738ea1b185fc304dc0a6a
 12:34:57 radius,debug,packet     Message-Authenticator = 0x319dee87be189d2961dfba
af8de9db2d
 12:34:57 radius,debug received reply for 82:5b
 12:34:57 manager,debug <<< tx Access-Challenge to [127.0.0.1]:46109, id: 88
 12:34:57 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:3 method:PEAP
 12:34:57 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:3 method:PEAP
 12:34:57 radius,debug new request 82:5c code=Access-Request service=dot1x called-
id=78-9A-18-0E-0D-CB
 12:34:57 radius,debug sending 82:5c to 127.0.0.1:1812
 12:34:57 radius,debug,packet sending Access-Request with id 89 to 127.0.0.1:1812
 12:34:57 radius,debug,packet     Signature = 0xdc7c249651ebbc1baf4d01f44de67114
 12:34:57 radius,debug,packet     Framed-MTU = 1400
 12:34:57 radius,debug,packet     NAS-Port-Type = 15
 12:34:57 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:34:57 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:34:57 radius,debug,packet     Service-Type = 2
 12:34:57 radius,debug,packet     EAP-Message = 0x02030011198000000007150303000202
 12:34:57 radius,debug,packet       30
 12:34:57 radius,debug,packet     User-Name = "Test2"
 12:34:57 radius,debug,packet     Acct-Session-Id = "10000086"
 12:34:57 radius,debug,packet     NAS-Port-Id = "ether3"
 12:34:57 radius,debug,packet     State = 0x8f76ba6a007738ea1b185fc304dc0a6a
 12:34:57 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:34:57 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:34:57 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:34:57 radius,debug,packet     Message-Authenticator = 0xa3d235cce1ab5f42d9bede
0485f8412c
 12:34:57 manager,debug >>> rx Access-Request from [127.0.0.1]:33376, id: 89
 12:34:57 manager,debug EAP rejected for user: "" ssl: fatal alert received
 12:34:57 radius,debug resending 82:5c
 12:34:57 radius,debug,packet sending Access-Request with id 89 to 127.0.0.1:1812
 12:34:57 radius,debug,packet     Signature = 0xdc7c249651ebbc1baf4d01f44de67114
 12:34:57 radius,debug,packet     Framed-MTU = 1400
 12:34:57 radius,debug,packet     NAS-Port-Type = 15
 12:34:57 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:34:57 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:34:57 radius,debug,packet     Service-Type = 2
 12:34:57 radius,debug,packet     EAP-Message = 0x02030011198000000007150303000202
 12:34:57 radius,debug,packet       30
 12:34:57 radius,debug,packet     User-Name = "Test2"
 12:34:57 radius,debug,packet     Acct-Session-Id = "10000086"
 12:34:57 radius,debug,packet     NAS-Port-Id = "ether3"
 12:34:57 radius,debug,packet     State = 0x8f76ba6a007738ea1b185fc304dc0a6a
 12:34:57 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:34:57 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:34:57 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:34:57 radius,debug,packet     Message-Authenticator = 0xa3d235cce1ab5f42d9bede
0485f8412c
 12:34:57 radius,debug resending 82:5c
 12:34:57 radius,debug,packet sending Access-Request with id 89 to 127.0.0.1:1812
 12:34:57 radius,debug,packet     Signature = 0xdc7c249651ebbc1baf4d01f44de67114
 12:34:57 radius,debug,packet     Framed-MTU = 1400
 12:34:57 radius,debug,packet     NAS-Port-Type = 15
 12:34:57 radius,debug,packet     Called-Station-Id = "78-9A-18-0E-0D-CB"
 12:34:57 radius,debug,packet     Calling-Station-Id = "0C-38-3E-51-7E-D4"
 12:34:57 radius,debug,packet     Service-Type = 2
 12:34:57 radius,debug,packet     EAP-Message = 0x02030011198000000007150303000202
 12:34:57 radius,debug,packet       30
 12:34:57 radius,debug,packet     User-Name = "Test2"
 12:34:57 radius,debug,packet     Acct-Session-Id = "10000086"
 12:34:57 radius,debug,packet     NAS-Port-Id = "ether3"
 12:34:57 radius,debug,packet     State = 0x8f76ba6a007738ea1b185fc304dc0a6a
 12:34:57 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
 12:34:57 radius,debug,packet     NAS-Identifier = "MikroTik"
 12:34:57 radius,debug,packet     NAS-IP-Address = 127.0.0.1
 12:34:57 radius,debug,packet     Message-Authenticator = 0xa3d235cce1ab5f42d9bede
0485f8412c
 12:34:58 dot1x,debug s ether3 "Test2" radius req timeout on dot1x, waiting for ea
p timeout
 12:34:58 radius,debug timeout for 82:5c
 12:34:58 manager,debug <<< tx Access-Reject to [127.0.0.1]:33376, id: 89
 12:35:03 interface,info ether3 link down
 12:35:38 system,info UMS user <Test2> changed by winbox-3.40/tcp-msg(winbox):admi
n@192.168.88.254 (/user-manager user set *3 attributes="" disabled=no group=defaul
t name=Test2 shared-users=1)
 12:36:03 system,info,account user admin logged in from 192.168.88.254 via winbox
 12:45:04 system,info,account user admin logged in from 192.168.88.254 via winbox
Here are settings from device:
802.1x.jpg
User tested with another PC, authenticates without a probem.
You do not have the required permissions to view the files attached to this post.
 
tdw
Forum Guru
Forum Guru
Posts: 2032
Joined: Sat May 05, 2018 11:55 am

Re: 802.1x

Fri Jun 28, 2024 1:47 pm

Those device certificate settings look to be incorrect. The CA Certificate should, given the name, be the Let's Encrypt root authority certificate - Windows and other OS will already have this installed as a trusted CA. The Device Certificate should not be the server certificate and likely be not installed, it will be used to identify the client when using EAP-TLS.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1518
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: 802.1x

Sat Jun 29, 2024 3:55 pm

Thank you for answer, I tried without the certificates and just with the CA certificate but same thing, unable to authenticate. What else I can try ?

Is it a problem that device expects .pem but I have only .crt and .key files and certificate uploaded into device is .crt only so .key is missing ?
 
tdw
Forum Guru
Forum Guru
Posts: 2032
Joined: Sat May 05, 2018 11:55 am

Re: 802.1x

Sun Jun 30, 2024 3:31 am

A file with a .crt extension can, and often does, contain PEM encoded content. Unless you are using self-signed certificates you will not have the private key for the CA certificate.

The purpose of the the CA certificate on the client is to validate the authenticity of the signer of the server certificate. The certificate on the RADIUS server should present the full certificate chain, not just the server itself, otherwise there will be a gap in the chain due to the client not having the intermediate certificates.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1518
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: 802.1x

Sun Jun 30, 2024 8:21 am

Certificate was created using let's encrypt on Mikrotik. When exporting that certificate two files are created. Same certificate that's on the radius is in the device. .key file is created when password is added while exporting it from the device.
 
tdw
Forum Guru
Forum Guru
Posts: 2032
Joined: Sat May 05, 2018 11:55 am

Re: 802.1x

Sun Jun 30, 2024 9:51 pm

That isn't the CA, download it from Let's Encrypt. The RADIUS server certificate is only required by usermanager on the Mikrotik, no need to export it.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1518
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: 802.1x

Mon Jul 01, 2024 7:18 am

Okay, so I went to Let's Encrypt web site: https://letsencrypt.org/certificates/ and I downloaded Let's Encrypt R11 because in certificate used in User manager CN is R11 and key type is RSA 2048 and I uploaded that certificate to my device but nothing... Still refuse to connect.

Who is online

Users browsing this forum: No registered users and 2 guests