Due to a ransomware attack, the wiki was reverted to a July 2022 version. . We apologize for the lack of a more recent valid backup.
...
The ONOS RADIUS AAA app takes in RADIUS 802.1X/EAPOL authentication requests from supplicants within its managed network and forwards them on to an external RADIUS server. In this testing environment, we use Mininet hosts in an ONOS managed network as the supplicants, and use the wpa_supplicant Linux command as the client to initiate authentication. Once the host issues the request, the ONOS AAA app receives the packet, and handles communication with the RADIUS server and the supplicant.
...
| Code Block |
|---|
mininet> h1 sudo wpa_supplicant -Dwired -ih1-eth0 -c/etc/config/wpa_supplicant.conf Successfully initialized wpa_supplicant h1-eth0: Associated with 01:80:c2:00:00:03 h1-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started h1-eth0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 h1-eth0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected h1-eth0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.org/CN=Example Certificate Authority' h1-eth0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin@example.org' h1-eth0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully |
Useful Debugging Tools
It can be useful sometimes to watch the network traffic between ONOS and the RADIUS server. Run this command on the VM that is running ONOS to see the packets being sent. This command may differ depending on your network configuration:
| Code Block | ||
|---|---|---|
| ||
sudo tcpdump -vvv -X -n -i eth1 |
...