How to use eapol_test for running EAP-Peer and Radius Client on separate machines

Aamer Sattar aamer.786pk at gmail.com
Fri Aug 3 12:14:36 EDT 2012 

Hi Jouni,
Thanks for the quick reply. Actually, in eapol_test, the original
EAP-Messages are encapsulated and decapsulated inside RADIUS client in
single program. I want to separate them out. I am trying to send the
original EAP message/packet (e.g. over the TCP connection) towards the
Radius client (running as a separate process or on some other machine). The
radius client should then encapsulate EAP-Message inside Radius packet
which is sent over UDP to the Radius Server,

Radius Server process the radius request and send the radius response
towards the Radius Client over UDP.  Then Radius client decapsulate the
Eap-Response message from Radius Packet and send back EAP-Response message
over the TCP connection to the EAP-Peer (which may be running on some other
machine).

For the Radius packets, they are sent/received over UDP. But what about the
EAP-Requests/Responses. Are they sent/received between EAP-Peer and Radius
Client over TCP/Unix socket/UDP in eapol_test??
I want to  transport EAP  messages over TCP connection between EAP-Peer and
Radius Client for EAP-SIM testing.

About the preauth_test, Can I use it for EAP-SIm testing between EAP-Peer
and Eap-Server?

BR,
AAMER

On Fri, Aug 3, 2012 at 11:30 AM, Jouni Malinen <j at w1.fi> wrote:

> On Fri, Aug 03, 2012 at 09:51:43AM +0200, Aamer Sattar wrote:
> > I have used eapol_test for EAP-SIM testing with hostapd as a Radius
> Server.
> > Now as eapol_test contains both the EAP-Peer and Radius Client inside
> it. I
> > want to separate out the EAP-Peer and Radius Client to run the both
> > components on separate machines for showing the below concept:
> >
> > EAP-Peer <----> Radius Client (E.g. AP) <----->Radius Server
>
> How about run an AP on the separate host and a WLAN station (or same
> using the 'wired' driver interface and Ethernet) on the device that runs
> EAP-Peer?
>
> > Should I try to just separate out functionality in eapol_test.c or some
> > other relevant components to achieve it easily. Any pointers to this will
> > be highly appreciated.
>
> I'm not sure why you would use eapol_test.c for this.. This is the
> normal use case for APs and NAS devices in general. The main purpose of
> eapol_test was to avoid having to do that with two components. If you
> want to use a separate test tool, you could use hostapd on the "AP"
> (e.g., with driver=none or driver=test to avoid having to have any WLAN
> hardware) and then use preauth_test on the EAP client. This uses RSN
> pre-authentication frames between the EAP-Peer and RADIUS client and is
> pretty similar to the case of using wired IEEE 802.1X.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20120803/effb57e1/attachment.htm

More information about the HostAP mailing list