EAPTest is a tool that allows testing of authentication on RADIUS servers using common Extended Authentication Protocol (EAP) methods. The tool greatly facilitates the setup and troubleshooting in 802.1x wired and wireless environments.

RADIUS (Remote Authentication Dial In User Service) is a networking protocol that provides centralized Authentication, Authorization and Accounting for users connecting to a wired or wireless secure network. When a client connects to a wired network access switch or to a wireless network access point, before access is granted, valid credentials (user and password) must be provide by the user to the network device. This device validates the user credentials communicating with an Authentication Server. The Authentication Server checks the credentials and responds to the network device accepting or rejecting the user and optionally providing information about the privileges that should been assigned to the user. Clients authenticates to the network using the 802.1x protocol. Network devices validates user credentials using the RADIUS protocol.

Several methods to protect the user credentials sent from the client to the Authentication Server are available. These methods are defined in the EAP protocol (Extended Authentication Protocol). EAPTest supported methods are TTLS, PEAP, TLS, MSCHAPv2, MD5 and GTC. For TTLS is possible to use PAP, CHAP, MSCHAP, MSCHAPv2, MD5 and GTC as inner methods. For PEAP, the inner methods available are MSCHAPv2, MD5 and GTC. TLS Digital Identity authentication can be tested simply loading a Digital Identity PKCS#12 (PFX) file.

EAPTest simulates both the client and the network access device communicating with the Authentication Server providing a real time graphical view of the RADIUS messages interchanged with the Authentication Server. RADIUS attributes contained in the messages are shown, including information about the Digital Certificates received from the server for TLS, TTLS and PEAP methods.

RADIUS attributes

Information about the type of network access such as access device, wireless network or location are sent to the Authentication Server through attributes contained in the RADIUS messages.

Attributes sent to the Authentication Server can be specified in order to test all the possible scenarios. Information about an authenticated user is also returned by the Server using attributes. A RADIUS Dictionary Database is used to send and interpret received attributes.

Server connectivity test

Authentication Server network connectivity can be verified using the ICMP Server Connectivity Test.

Accounting test

RADIUS Accounting can be tested using Start, Stop or Update request types. Attributes sent to the Authentication Server can be specified in order to test all the different scenarios. 

Automatic Accounting can be enabled in authentication tests to simulate a complete client access. After a successful authentication, a sequence of Start and Stop Accounting messages are automatically sent.

Full session simulation

Full client session simulation can be performed. If the Authentication phase is successful, a sequence of Accounting messages (Start, Stop and Updates) are sent. Session duration can be established or undefined and terminated at the end of the test. During the session, dynamic Authorization Disconnect and Change of Authorization (CoA) messages received from the server are displayed and can be accepted, rejected or ignored.

TLS digital identity

Digital Identities for TLS authentication method can be easily loaded using PKCS#12 (Personal Information Interchange) files.

Performance tests

Starting with version 2.0.0 the tool supports Performance Tests. You can select the number of concurrent requests sent to the authentication server simulating a number of clients performing authentications simultaneously setting the workload requested to the server.

Detail popover view

You can explore specific values of authentications, failures and time by right clicking on a chart and dragging the mouse.

Performance reports

Report mode automatically performs sequentially performance tests for different numbers of simultaneous clients providing a view of server behavior in function of authentication request load.

Parameter profiles

Profiles allow you to maintain several test scenaries. Test parameters including the attributes and the digital identity used int TLS authentication can be saved to a profile for later retrieval. Profiles enables you to load a specific profile when needed.

Attribute dictionaries database

Default database includes standard attributes from RFC2865, 2868, 3162 and 3576 and vendor specific dictionaries for Microsoft, Cisco and Aruba. More dictionaries can be added to the database importing standard RADIUS Attribute dictionary files. Large number of dictionary files are available from the Freeradius distribution included in OS X.

© Copyright 2017 www.ermitacode.com. All rights reserved.