1EAPOL_TEST(8) EAPOL_TEST(8)
2
3
4
6 eapol_test - EAP peer and RADIUS client testing
7
9 eapol_test [ -nWS ] [ -cconfig file ] [ -aserver IP address ] [
10 -Aclient IP address ] [ -pUDP port ] [ -sshared secret ] [ -rre-
11 authentications ] [ -ttimeout ] [ -CConnect-Info ] [ -MMAC address ]
12 [ -ofile ] [ -Nattr spec ]
13
14 eapol_test scard
15
16 eapol_test sim [ PIN ] [ num triplets ]
17
19 eapol_test is a program that links together the same EAP peer implemen‐
20 tation that wpa_supplicant is using and the RADIUS authentication
21 client code from hostapd. In addition, it has minimal glue code to com‐
22 bine these two components in similar ways to IEEE 802.1X/EAPOL Authen‐
23 ticator state machines. In other words, it integrates IEEE 802.1X
24 Authenticator (normally, an access point) and IEEE 802.1X Supplicant
25 (normally, a wireless client) together to generate a single program
26 that can be used to test EAP methods without having to setup an access
27 point and a wireless client.
28
29 The main uses for eapol_test are in interoperability testing of EAP
30 methods against RADIUS servers and in development testing for new EAP
31 methods. It can be easily used to automate EAP testing for interoper‐
32 ability and regression since the program can be run from shell scripts
33 without require additional test components apart from a RADIUS server.
34 For example, the automated EAP tests described in eap_testing.txt are
35 implemented with eapol_test. Similarly, eapol_test could be used to
36 implement an automated regression test suite for a RADIUS authentica‐
37 tion server.
38
39 As an example:
40
41
42 eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
43
44
45
46 tries to complete EAP authentication based on the network configuration
47 from test.conf against the RADIUS server running on the local host. A
48 re-authentication is triggered to test fast re-authentication. The con‐
49 figuration file uses the same format for network blocks as wpa_suppli‐
50 cant.
51
53 -c configuration file path
54 A configuration to use. The configuration should use the same
55 format for network blocks as wpa_supplicant.
56
57 -a AS address
58 IP address of the authentication server. The default is
59 '127.0.0.1'.
60
61 -A client address
62 IP address of the client. The default is to select an address
63 automatically.
64
65 -p AS port
66 UDP port of the authentication server. The default is '1812'.
67
68 -s AS secret
69 Shared secret with the authentication server. The default is
70 'radius'.
71
72 -r count
73 Number of reauthentications.
74
75 -t timeout
76 Timeout in seconds. The default is 30.
77
78 -C info
79 RADIUS Connect-Info. The default is 'CONNECT 11Mbps 802.11b'.
80
81 -M mac address
82 Client MAC address (Calling-Station-Id). The default is
83 '02:00:00:00:00:01'.
84
85 -o file
86 Location to write out server certificate.
87
88 -N attr spec
89 Send arbitrary attribute specific by attr_id:syntax:value, or
90 attr_id alone. attr_id should be the numeric ID of the
91 attribute, and syntax should be one of 's' (string), 'd' (inte‐
92 ger), or 'x' (octet string). The value is the attribute value to
93 send. When attr_id is given alone, NULL is used as the attribute
94 value. Multiple attributes can be specified by using the option
95 several times.
96
97 -n Indicates that no MPPE keys are expected.
98
99 -W Wait for a control interface monitor before starting.
100
101 -S Save configuration after authentication.
102
104 wpa_supplicant(8)
105
107 wpa_supplicant is copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and
108 contributors. All Rights Reserved.
109
110 This program is licensed under the BSD license (the one with advertise‐
111 ment clause removed).
112
113
114
115 01 March 2021 EAPOL_TEST(8)