This page describes how to test authentication using the ONOS AAA application and a demo RADIUS server. It uses ONOS and a Mininet network to simulate the client side of the authentication process, and OpenRADIUS to implement the RADIUS server. This description is heavily dependent on the ON.Lab network.

What You Will Need

• An instance of ONOS to run. The AAA app is packaged as part of ONOS
• A Mininet instance
• A FreeRADIUS instance

OpenRadius Setup

Mininet Setup

ONOS Setup

WPA Supplicant Setup

ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=0
fast_reauth=0
network={
        key_mgmt=WPA-EAP
        #eap=TLS
        #eap=MD5
        identity="testuser"
        password="testpassword"
        ca_cert="/etc/cert/cacert.pem"
        client_cert="/etc/cert/client.pem"
        private_key="/etc/cert/client.key"
     	private_key_passwd="whatever"
        eapol_flags=3
}

Testing Authentication

h1 sudo wpa_supplicant -Dwired -ih1-eth0 -c/etc/config/wpa_supplicant.conf

Useful Debugging Tools

sudo tcpdump -vvv -X -n -i eth1