EAPOL Authentication Issue
246 views
Skip to first unread message
Bhushan Karia
Apr 26, 2018, 9:10:52 AM4/26/18
to VOLTHA Discuss
Dear All,
I am trying to simulate pon network on VOLTHA. I followed steps mentioned in wikipedia for building VOLTHA using docker image. Below are the steps in short.
1) Started eight container voltha esamble using docker-compose.
docker-compose -f compose/docker-compose-system-test.yml up -d
2) Started PONSIM using following steps.
sudo -s
. ./env.sh
./ponsim/main.py -v
3) Started ONOS controller and freeradius
docker-compose -f compose/docker-compose-auth-test.yml up -d onos
docker-compose -f compose/docker-compose-auth-test.yml.newradius up -d freeradius
4) Done provision of OLT and ONU in voltha from vOLTHA CLI.
preprovision_olt -t ponsim_olt -H 172.17.0.1:50060
enable
devices
# Above step also added flow rules in PONSIM but i have seen one error related to dhcp2relay during this provision as below.
2018-04-26 09:30:06,640 | ERROR | spatch-topology0 | DhcpL2Relay | 178 - org.opencord.dhcpl2relay - 1.3.0.SNAPSHOT | Master of none, can't relay DHCP Message to server
5) After provisioning I have started RG using below command.
docker run --net=host --privileged --name RG -it voltha-tester bash
6) Now i am trying for EAPOL using wpa_supplicant in RG but i am not able to suceed in that below is the error i am getting in ONOS logs.
2018-04-26 09:40:15,802 | ERROR | ew I/O worker #4 | SadisManager | 172 - org.opencord.sadis-app - 2.0.0.SNAPSHOT | Data not found for id uni-128
2018-04-26 09:40:15,802 | ERROR | ew I/O worker #4 | AaaManager | 177 - org.opencord.aaa - 1.5.0.SNAPSHOT | Could not create new state machine for uni-128
Please let me know how to proceed further for solving this authentication flow.
Regards,
Bhushan Karia
I am trying to simulate pon network on VOLTHA. I followed steps mentioned in wikipedia for building VOLTHA using docker image. Below are the steps in short.
1) Started eight container voltha esamble using docker-compose.
docker-compose -f compose/docker-compose-system-test.yml up -d
2) Started PONSIM using following steps.
sudo -s
. ./env.sh
./ponsim/main.py -v
3) Started ONOS controller and freeradius
docker-compose -f compose/docker-compose-auth-test.yml up -d onos
docker-compose -f compose/docker-compose-auth-test.yml.newradius up -d freeradius
4) Done provision of OLT and ONU in voltha from vOLTHA CLI.
preprovision_olt -t ponsim_olt -H 172.17.0.1:50060
enable
devices
# Above step also added flow rules in PONSIM but i have seen one error related to dhcp2relay during this provision as below.
2018-04-26 09:30:06,640 | ERROR | spatch-topology0 | DhcpL2Relay | 178 - org.opencord.dhcpl2relay - 1.3.0.SNAPSHOT | Master of none, can't relay DHCP Message to server
5) After provisioning I have started RG using below command.
docker run --net=host --privileged --name RG -it voltha-tester bash
6) Now i am trying for EAPOL using wpa_supplicant in RG but i am not able to suceed in that below is the error i am getting in ONOS logs.
2018-04-26 09:40:15,802 | ERROR | ew I/O worker #4 | SadisManager | 172 - org.opencord.sadis-app - 2.0.0.SNAPSHOT | Data not found for id uni-128
2018-04-26 09:40:15,802 | ERROR | ew I/O worker #4 | AaaManager | 177 - org.opencord.aaa - 1.5.0.SNAPSHOT | Could not create new state machine for uni-128
Please let me know how to proceed further for solving this authentication flow.
Regards,
Bhushan Karia
christos alexandris
Apr 26, 2018, 9:26:58 AM4/26/18
to VOLTHA Discuss
Hello,
Is this message displayed when you try the EAPOL using wpa_suplicant :
Is this message displayed when you try the EAPOL using wpa_suplicant :
eth0: CTRL-EVENT-EAP-STARTED EAP authentication started ?
Best Regards, Christos
Bhushan Karia
Apr 26, 2018, 9:30:15 AM4/26/18
to christos alexandris, VOLTHA Discuss
Yes I am trying it using wpa supplicant in RG.
root@bhushan-HP-240-G6-Notebook-PC:/# /sbin/wpa_supplicant -Dwired -ipon1_128 -c /etc/wpa_supplicant/wpa_supplicant.conf
Successfully initialized wpa_supplicant
pon1_128: Associated with 01:80:c2:00:00:03
WMM AC: Missing IEs
pon1_128: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Regards,root@bhushan-HP-240-G6-Notebook-PC:/# /sbin/wpa_supplicant -Dwired -ipon1_128 -c /etc/wpa_supplicant/wpa_supplicant.conf
Successfully initialized wpa_supplicant
pon1_128: Associated with 01:80:c2:00:00:03
WMM AC: Missing IEs
pon1_128: CTRL-EVENT-EAP-FAILURE EAP authentication failed
To view this discussion on the web visit https://groups.google.com/a/opencord.org/d/msgid/voltha-discuss/1aab49f1-96c1-454e-978f-a84fa4411b63%40opencord.org.--
You received this message because you are subscribed to the Google Groups "VOLTHA Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to voltha-discuss+unsubscribe@opencord.org.
To post to this group, send email to voltha-...@opencord.org.
Visit this group at https://groups.google.com/a/opencord.org/group/voltha-discuss/.
christos alexandris
Apr 26, 2018, 9:37:36 AM4/26/18
to VOLTHA Discuss, christos....@nokia.com
OK, so the authentication didn't even start.
When you enabled the device, was it enabled successfully?
Did you add some configuration in onos?
When you enabled the device, was it enabled successfully?
Did you add some configuration in onos?
To unsubscribe from this group and stop receiving emails from it, send an email to voltha-discus...@opencord.org.
To post to this group, send email to voltha-...@opencord.org.
Visit this group at https://groups.google.com/a/opencord.org/group/voltha-discuss/.
Bhushan Karia
Apr 26, 2018, 9:54:39 AM4/26/18
to christos alexandris, VOLTHA Discuss
Yes device enabled successfully and flow rules are pushed successfully from the ONOS to ponsim. I have not done any configuration in ONOS. However as per yml file netcfg.json was pushed in docker image for ONOS apps. Here attaching same json file for reference. Let me know if any other configuration required in ONOS.
Regards,To unsubscribe from this group and stop receiving emails from it, send an email to voltha-discuss+unsubscribe@opencord.org.
To post to this group, send email to voltha-...@opencord.org.
Visit this group at https://groups.google.com/a/opencord.org/group/voltha-discuss/.
To view this discussion on the web visit https://groups.google.com/a/opencord.org/d/msgid/voltha-discuss/0208d543-1d53-4ee2-8be7-4d467e18fe43%40opencord.org.
christos alexandris
Apr 26, 2018, 10:23:10 AM4/26/18
to VOLTHA Discuss, christos....@nokia.com
Hello,
I do believe you need to add sadis config reagarding uni-128, in your onos apps config.
Something like:
"org.opencord.sadis" : {
"sadis" : {
"integration" : {
"cache" : {
"enabled" : true,
"maxsize" : 50,
"ttl" : "PT1m"
}
},
"entries" : [ {
"id" : "uni-128",
"cTag" : 2,
"sTag" : 2,
"nasPortId" : "uni-128",
"circuitId" : "uni-128"
}, {
"id" : "serial number found in onos cli when you execute devices command",
"hardwareIdentifier" : "YourPonsimMac",
"ipAddress" : "YourPonsimIP",
"nasId" : "NASID"
} ]
}
}
I hope that this get the jobs done for you.
I do believe you need to add sadis config reagarding uni-128, in your onos apps config.
Something like:
"org.opencord.sadis" : {
"sadis" : {
"integration" : {
"cache" : {
"enabled" : true,
"maxsize" : 50,
"ttl" : "PT1m"
}
},
"entries" : [ {
"id" : "uni-128",
"cTag" : 2,
"sTag" : 2,
"nasPortId" : "uni-128",
"circuitId" : "uni-128"
}, {
"id" : "serial number found in onos cli when you execute devices command",
"hardwareIdentifier" : "YourPonsimMac",
"ipAddress" : "YourPonsimIP",
"nasId" : "NASID"
} ]
}
}
I hope that this get the jobs done for you.
Bhushan Karia
Apr 26, 2018, 11:04:21 AM4/26/18
to christos alexandris, VOLTHA Discuss
Hi Christos,
Thanks for the quick help. I have edited config file added configuration related to sadis app as per your suggestion, and restarted onos service. But i am still getting same error. I have added below configuration for the same. "org.opencord.sadis" : {
"sadis" : {
"integration" : {
"cache" : {
"enabled" : true,
"maxsize" : 50,
"ttl" : "PT1m"
}
},
"entries" : [ {
"id" : "uni-128", # (This is an entry for a subscriber) Same as the portName of the Port as seen in onos ports command
"cTag" : 2, # C-tag of the subscriber
"sTag" : 2, # S-tag of the subscriber
"nasPortId" : "uni-128", # NAS Port Id of the subscriber, could be different from the id above
"circuitid" : "uni-128"
}, {
"id" : "54012794e77143b5be922c88f63e6b44", # (This is an entry for an OLT device) Same as the serial of the OLT logical device as see
"hardwareIdentifier" : "00:00:00:00:00:80", # MAC address to be used for this OLT
"ipAddress" : "172.25.0.1", # IP address to be used for this OLT
"nasId" : "B100-NASID" # NAS ID to be used for this OLT
} ]
}
},
Below is the output of devices and ports command in onos cli."cTag" : 2, # C-tag of the subscriber
"sTag" : 2, # S-tag of the subscriber
"nasPortId" : "uni-128", # NAS Port Id of the subscriber, could be different from the id above
"circuitid" : "uni-128"
}, {
"id" : "54012794e77143b5be922c88f63e6b44", # (This is an entry for an OLT device) Same as the serial of the OLT logical device as see
"hardwareIdentifier" : "00:00:00:00:00:80", # MAC address to be used for this OLT
"ipAddress" : "172.25.0.1", # IP address to be used for this OLT
"nasId" : "B100-NASID" # NAS ID to be used for this OLT
} ]
}
},
onos> ports
id=of:0000aabbccddeeff, available=true, local-status=connected 4m53s ago, role=MASTER, type=SWITCH, mfr=cord porject, hw=simualted pon, sw=simualted pon, serial=54012794e77143b5be922c88f63e6b44, driver=default, channelId=172.25.0.1:33368, managementAddress=172.25.0.1, protocol=OF_13
port=0, state=enabled, type=fiber, speed=0 , portName=nni, portMac=00:00:00:00:00:00
port=128, state=enabled, type=fiber, speed=0 , portName=uni-128, portMac=00:00:00:00:00:80
onos> devices
id=of:0000aabbccddeeff, available=true, local-status=connected 6m33s ago, role=MASTER, type=SWITCH, mfr=cord porject, hw=simualted pon, sw=simualted pon, serial=54012794e77143b5be922c88f63e6b44, driver=default, channelId=172.25.0.1:33368, managementAddress=172.25.0.1, protocol=OF_13
To unsubscribe from this group and stop receiving emails from it, send an email to voltha-discuss+unsubscribe@opencord.org.
To post to this group, send email to voltha-...@opencord.org.
Visit this group at https://groups.google.com/a/opencord.org/group/voltha-discuss/.
To view this discussion on the web visit https://groups.google.com/a/opencord.org/d/msgid/voltha-discuss/f6187ea3-fab8-4ff7-932b-a7613a1c6e01%40opencord.org.
Bhushan Karia
Apr 26, 2018, 12:12:32 PM4/26/18
to christos alexandris, VOLTHA Discuss
Hi Christos,
Configuration were not applied correctly now it applied correctly, which i have checked through CLI as well as webservice call, but still authentication is not done successfully.onos> onos:sadis 54012794e77143b5be922c88f63e6b44
[id:54012794e77143b5be922c88f63e6b44,cTag:null,sTag:null,nasPortId:null,uplinkPort:-1,slot:-1,hardwareIdentifier:00:00:00:00:00:80,ipaddress:172.25.0.1,nasId:B100-NASID,circuitId:null,remoteId:null]
curl -X GET --header 'Accept: application/json' 'http://localhost:8181/onos/v1/network/configuration'
{
"ports": {
"of:00000cafecafecafe/3": {
"interfaces": [
{
"name": "yoyoma",
"ips": [
"10.0.2.2/24"
],
"mac": "00:00:00:01:02:00"
}
]
},
"of:00000cafecafecafe/2": {
"interfaces": [
{
"name": "yoyoma2",
"ips": [
"10.0.2.3/24"
],
"mac": "00:00:00:01:03:00"
}
]
},
"of:0000000000000001/2": {
"interfaces": [
{
"name": "yoyoma1",
"ips": [
"10.0.2.1/24"
],
"mac": "00:00:00:01:01:00"
}
]
},
"of:00000cafecafecafe/4": {
"interfaces": [
{
"name": "yoyoma4",
"ips": [
"10.0.2.4/24"
],
"mac": "00:00:00:01:04:00"
}
]
}
},
"apps": {
"org.opencord.aaa": {
"AAA": {
"radiusIp": "172.25.0.100",
"nasIp": "5.6.7.8",
"radiusServerPort": "1812",
"radiusSecret": "SECRET",
"bindings": [
{
"mac": "de:ad:be:ef:ba:11",
"s-tag": 2,
"c-tag": 2,
"nas_port_id": "location"
},
{
"mac": "de:ad:be:ef:ca:fe",
"s-tag": 2,
"c-tag": 122,
"nas_port_id": "location"
}
]
}
},
"org.opencord.sadis": {
"sadis": {
"integration": {
"cache": {
"enabled": true,
"maxsize": 50,
"ttl": "PT1m"
}
},
"entries": [
{
"id": "uni-128",
"cTag": 2,
"sTag": 2,
"nasPortId": "uni-128",
"circuitid": "uni-128"
},
{
"id": "54012794e77143b5be922c88f63e6b44",
"hardwareIdentifier": "00:00:00:00:00:80",
"ipAddress": "172.25.0.1",
"nasId": "B100-NASID"
}
]
}
}
},
"devices": {
"of:0001000000000005": {
"basic": {
"driver": "pmc-olt"
},
"accessDevice": {
"uplink": "0",
"vlan": "1004"
}
},
"of:0001000000000006": {
"basic": {
"driver": "pmc-olt"
},
"accessDevice": {
"uplink": "0",
"vlan": "1005"
}
},
"of:0001000000000003": {
"basic": {
"driver": "pmc-olt"
},
"accessDevice": {
"uplink": "0",
"vlan": "1002"
}
},
"of:0001000000000004": {
"basic": {
"driver": "pmc-olt"
},
"accessDevice": {
"uplink": "0",
"vlan": "1003"
}
},
"of:0001aabbccddeeff": {
"basic": {
"driver": "pmc-olt"
},
"accessDevice": {
"uplink": "0",
"vlan": "2"
}
},
"of:0001000000000002": {
"basic": {
"driver": "pmc-olt"
},
"accessDevice": {
"uplink": "0",
"vlan": "1001"
}
}
},
"links": {},
"hosts": {},
"layouts": {},
"regions": {}
}Bhushan Karia
christos alexandris
Apr 27, 2018, 3:15:44 AM4/27/18
to VOLTHA Discuss, christos....@nokia.com
Hello Bhushan,
Try to change the
Try to change the
"of:0001aabbccddeeff": {
"basic": {
"driver": "pmc-olt"
},
"accessDevice": {
"uplink": "0",
"vlan": "2"
}
},to 0000aabbccddeeff.
Regards, Christos
Regards, Christos
Bhushan Karia
Apr 27, 2018, 5:37:36 AM4/27/18
to christos alexandris, VOLTHA Discuss
Hi Christos,
This changed value is not accepted by ONOS, it is giving me error as follows.
{
"code": 500,
"message": "com.fasterxml.jackson.databind.node.TextNode cannot be cast to com.fasterxml.jackson.databind.node.ObjectNode"
}Regards,
Bhushan Karia
To unsubscribe from this group and stop receiving emails from it, send an email to voltha-discuss+unsubscribe@opencord.org.
To post to this group, send email to voltha-...@opencord.org.
Visit this group at https://groups.google.com/a/opencord.org/group/voltha-discuss/.
To view this discussion on the web visit https://groups.google.com/a/opencord.org/d/msgid/voltha-discuss/9a2572e0-68c5-423b-bef2-f0f64c2d45c2%40opencord.org.
christos alexandris
Apr 27, 2018, 5:51:20 AM4/27/18
to VOLTHA Discuss, christos....@nokia.com
Hello,
I am pretty sure that you need to change this 1 to 0, and I 've never seen your error message before.
Instead of editing the netcfg.json file you send me before, try adding the new config with the curl command like this : curl --user karaf:karaf -X POST -H "Content-Type: application/json" http://localhost:8181/onos/v1/network/configuration/ -d .
Christos
I am pretty sure that you need to change this 1 to 0, and I 've never seen your error message before.
Instead of editing the netcfg.json file you send me before, try adding the new config with the curl command like this : curl --user karaf:karaf -X POST -H "Content-Type: application/json" http://localhost:8181/onos/v1/network/configuration/ -d .
Christos
Bhushan Karia
Apr 27, 2018, 6:02:29 AM4/27/18
to christos alexandris, VOLTHA Discuss
Hi Christos,
I am doing posting only through swagger ui. I am not changing json file because some how changed value is not picked by ONOS service. So all yesterday changes done by REST API only. And in response i am getting 500 status with mentioned error in my last mail.Regards,
Bhushan Karia
To unsubscribe from this group and stop receiving emails from it, send an email to voltha-discuss+unsubscribe@opencord.org.
To post to this group, send email to voltha-...@opencord.org.
Visit this group at https://groups.google.com/a/opencord.org/group/voltha-discuss/.
To view this discussion on the web visit https://groups.google.com/a/opencord.org/d/msgid/voltha-discuss/57d4a5b0-8c93-4d23-a47a-e04294922659%40opencord.org.
christos alexandris
Apr 27, 2018, 6:26:25 AM4/27/18
to VOLTHA Discuss, christos....@nokia.com
Please share the command exactly as you execute it, along with the output.
Bhushan Karia
Apr 27, 2018, 7:35:18 AM4/27/18
to christos alexandris, VOLTHA Discuss
Hi Christos,
Finally i am able to change the values, i think it was json format problem. So first i have done GET request copied that output and changed value of id from 1 to 0 as suggested by you and posted same json back which added one more device with new id. 2018-04-27 11:08:16,259 | ERROR | h for user karaf | SadisManager | 172 - org.opencord.sadis-app - 2.0.0.SNAPSHOT | Data not found for id 45aaf20358db4fbaa86e239da330cdd0
# Below is the sadis subscriber output from ONOS console
onos> sadis 45aaf20358db4fbaa86e239da330cdd0
[id:45aaf20358db4fbaa86e239da330cdd0,cTag:null,sTag:null,nasPortId:null,uplinkPort:-1,slot:-1,hardwareIdentifier:00:00:00:00:00:80,ipaddress:172.25.0.1,nasId:B100-NASID,circuitId:null,remoteId:null]
[id:45aaf20358db4fbaa86e239da330cdd0,cTag:null,sTag:null,nasPortId:null,uplinkPort:-1,slot:-1,hardwareIdentifier:00:00:00:00:00:80,ipaddress:172.25.0.1,nasId:B100-NASID,circuitId:null,remoteId:null]
But Strange thing is that when i try to fetch same customer through webservice I am getting 404 error.
Request
curl -X GET --header 'Accept: application/json' 'http://localhost:8181/onos/sadis/sadisApp/cache/subscriber/45aaf20358db4fbaa86e239da330cdd0'
{
"code": 404,
"message": "Subscriber not found"
}To unsubscribe from this group and stop receiving emails from it, send an email to voltha-discuss+unsubscribe@opencord.org.
To post to this group, send email to voltha-...@opencord.org.
Visit this group at https://groups.google.com/a/opencord.org/group/voltha-discuss/.
To view this discussion on the web visit https://groups.google.com/a/opencord.org/d/msgid/voltha-discuss/3b8b5b7f-4df8-40b0-9e0a-7e0dcc4d3b4a%40opencord.org.
Bhushan Karia
Apr 27, 2018, 8:34:32 AM4/27/18
to christos alexandris, VOLTHA Discuss
Hi Christos,
I have corrected sadis entry instead or serial now i have putted id in entry. Now i am not getting any error in ONOS logs for generated EAPOL request through wpa_supplicant. But somehow request is not received by freeradius also so it is stuck somewhere in between. I am checking logs of all components and will share details for further troubleshooting. Thanks for the shared information.Reply all
Reply to author
Forward
0 new messages