EAPTest 4+

EAPTest is a tool for networking professionals working in 802.1x secure network access environments.

EAPTest allows testing of authentication and accounting on RADIUS Servers. Authentication protocols include PAP and the common Extended Authentication Protocol (EAP) methods. The tool greatly facilitates the setup and troubleshooting in 802.1x environments.

RADIUS (Remote Authentication Dial In User Service) is a networking protocol that provides centralized Authentication, Authorization and Accounting for users connecting to a wired or wireless secure network. When a client connects to a wired network access switch or to a wireless network access point, before access is granted, valid credentials (user and password) must be provide by the user to the network device. This device validates the user credentials communicating with an Authentication Server. The Authentication Server checks the credentials and responds to the network device accepting or rejecting the user and optionally providing information about the privileges that should been assigned to the user. Clients authenticates to the network using the 802.1x protocol. Network devices validates user credentials using the RADIUS protocol.

Several methods to protect the user credentials sent from the client to the Authentication Server are available. These methods are defined in the EAP protocol (Extended Authentication Protocol). EAPTest supported methods are TTLS, PEAP, TLS, MSCHAPv2, MD5 and GTC. For TTLS is possible to use PAP, CHAP, MSCHAP, MSCHAPv2, MD5 and GTC as inner methods. For PEAP, the inner methods available are MSCHAPv2, MD5 and GTC. In addition ro EAP methods, the PAP protocol is also implemented.

Information about the type of network access such as access device, wireless network or location are sent to the Authentication Server through attributes contained in the RADIUS messages.Information about an authenticated user is also returned by the Server using attributes.

EAPTest simulates both the client and the network access device communicating with the Authentication Server providing a real time graphical view of the RADIUS messages interchanged with the Authentication Server. All RADIUS attributes contained in the messages are shown, including information about the Digital Certificates received from the server for TTLS and PEAP methods.

Attributes sent to the Authentication Server can be specified in order to test all the possible scenarios. RADIUS attributes are defined in an EAPTest dictionary database that can be easily extended importing dictionary files. RFC2865, 2868, 3162 and 3576 standard attributes and vendor specific dictionaries from Microsoft, Cisco and Aruba are included.

Starting with version 2.0.0 the tool supports Performance Tests. You can select the number of Concurrent Requests sent to the authenticacion server simulating a number of clients performing authentications simultaneously setting the workload requested to the server.

Starting with version 3.0.0 full session simulation is implemented. Accounting updates can be automatically sent to the authentication server and dynamic RADIUS messages (Disconnect and CoA) can be received and acknowledged.

EAPTest has been used to troubleshoot secure networks based on FreeRADIUS, Microsoft IAS/NAP and Aruba ClearPass.