Steps taken so far: Started from vanilla 7.3.1 install, configured as router, DHCP client on WAN, DHCP server on LAN, Uploaded all required certs to the RouterBOARD, logging dot1x to log.
dot1x config:
Code: Select all
Enabled: yes
Interface: ether1
EAP Methods: EAP PEAP, EAP MSCHAPv2
Identity: [same as what has been tested to work with 801.1x auth on desktop machine]
Password: [same as what has been tested to work with 801.1x auth on desktop machine]
Anon. Identity: anonymous
Certificate: none
Comment:
Status: authenticated
Reality: No network access – defaults back to forwarding to our system for MAC-based filtering
Here is a sample of the log:
Code: Select all
Time | Buffer | Topics | Message
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Start
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:1 method:IDENTITY
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:1 method:IDENTITY
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:191 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:191 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:192 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:192 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:193 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:193 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:194 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:194 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:195 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:195 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:196 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:196 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:197 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:197 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:198 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:198 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:199 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:199 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:200 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:200 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:201 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:201 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:202 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:202 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Request id:203 method:PEAP
Jun/24/2022 20:03:44 | memory | dot1x, packet | c ether1 tx EAPOL-Packet EAP-Response id:203 method:PEAP
Jun/24/2022 20:03:44 | memory | dhcp, info | dhcp-client on ether1 got IP address xx.xxx.xxx.xx
Jun/24/2022 20:03:45 | memory | dot1x, packet | c ether1 rx EAPOL-Packet EAP-Success id:203
Jun/24/2022 20:03:45 | memory | dot1x, debug | c ether1 authorized
Any hints of how to force the dot1x module to do the additional MSCHAPv2 Auth? Or do you suspect it's doing MSCHAPv2 here, encapsulated by the PEAP tunnel, with the log only showing details about the PEAP tunnel? When I remove EAP Method "EAP MSCHAPv2" it still shows as authenticated but with a shorter set of log messages.