Have questions? Stuck? Please check our FAQ for some common questions and answers.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

 

This page describes how to test authentication using the ONOS AAA application and a demo RADIUS server. It uses ONOS and a Mininet network to simulate the client side of the authentication process, and OpenRADIUS to implement the RADIUS server. This description is heavily dependent on the ON.Lab network.

What You Will Need

  • An instance of ONOS to run. The AAA app is packaged as part of ONOS
  • A Mininet instance
  • A FreeRADIUS instance

OpenRadius Setup

In the ON.Lab office, we have a FreeRADIUS server running on 10.1.128.10 (login ubuntu/ubuntu). This server can be configured to use MD5 or TLS authentication for EAP. To change the EAP type, edit the file /etc/freeradius/eap.conf and modify the default_eap_type attribute. 

Mininet Setup

ONOS Setup

WPA Supplicant Setup

wpa_supplicant configuration
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=0
fast_reauth=0
network={
        key_mgmt=WPA-EAP
        #eap=TLS
        #eap=MD5
        identity="testuser"
        password="testpassword"
        ca_cert="/etc/cert/cacert.pem"
        client_cert="/etc/cert/client.pem"
        private_key="/etc/cert/client.key"
     	private_key_passwd="whatever"
        eapol_flags=3
}

 

Testing Authentication

h1 sudo wpa_supplicant -Dwired -ih1-eth0 -c/etc/config/wpa_supplicant.conf

 

Useful Debugging Tools

tcpdump command
sudo tcpdump -vvv -X -n -i eth1

 

 

  • No labels