1EAPOL_TEST(8)                                                    EAPOL_TEST(8)
2
3
4

NAME

6       eapol_test - EAP peer and RADIUS client testing
7

SYNOPSIS

9       eapol_test  [  -nWS  ]   [  -cconfig file ]  [ -aserver IP address ]  [
10       -Aclient IP address ]  [ -pUDP port ]  [ -sshared  secret  ]   [  -rre-
11       authentications ]  [ -ttimeout ]  [ -CConnect-Info ]  [ -MMAC address ]
12       [ -ofile ]  [ -Nattr spec ]
13
14       eapol_test scard
15
16       eapol_test sim [ PIN ]  [ num triplets ]
17

OVERVIEW

19       eapol_test is a program that links together the same EAP peer implemen‐
20       tation  that  wpa_supplicant  is  using  and  the RADIUS authentication
21       client code from hostapd. In addition, it has minimal glue code to com‐
22       bine  these two components in similar ways to IEEE 802.1X/EAPOL Authen‐
23       ticator state machines. In  other  words,  it  integrates  IEEE  802.1X
24       Authenticator  (normally,  an  access point) and IEEE 802.1X Supplicant
25       (normally, a wireless client) together to  generate  a  single  program
26       that  can be used to test EAP methods without having to setup an access
27       point and a wireless client.
28
29       The main uses for eapol_test are in  interoperability  testing  of  EAP
30       methods  against  RADIUS servers and in development testing for new EAP
31       methods. It can be easily used to automate EAP testing  for  interoper‐
32       ability  and regression since the program can be run from shell scripts
33       without require additional test components apart from a RADIUS  server.
34       For  example,  the automated EAP tests described in eap_testing.txt are
35       implemented with eapol_test. Similarly, eapol_test  could  be  used  to
36       implement  an  automated regression test suite for a RADIUS authentica‐
37       tion server.
38
39       As an example:
40
41
42              eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
43
44
45
46       tries to complete EAP authentication based on the network configuration
47       from  test.conf  against the RADIUS server running on the local host. A
48       re-authentication is triggered to test fast re-authentication. The con‐
49       figuration  file uses the same format for network blocks as wpa_suppli‐
50       cant.
51

COMMAND ARGUMENTS

53       -c configuration file path
54              A configuration to use. The configuration should  use  the  same
55              format for network blocks as wpa_supplicant.
56
57       -a AS address
58              IP   address  of  the  authentication  server.  The  default  is
59              '127.0.0.1'.
60
61       -A client address
62              IP address of the client. The default is to  select  an  address
63              automatically.
64
65       -p AS port
66              UDP port of the authentication server. The default is '1812'.
67
68       -s AS secret
69              Shared  secret  with  the authentication server.  The default is
70              'radius'.
71
72       -r count
73              Number of reauthentications.
74
75       -t timeout
76              Timeout in seconds. The default is 30.
77
78       -C info
79              RADIUS Connect-Info. The default is 'CONNECT 11Mbps 802.11b'.
80
81       -M mac address
82              Client  MAC  address  (Calling-Station-Id).   The   default   is
83              '02:00:00:00:00:01'.
84
85       -o file
86              Location to write out server certificate.
87
88       -N attr spec
89              Send  arbitrary  attribute  specific by attr_id:syntax:value, or
90              attr_id  alone.  attr_id  should  be  the  numeric  ID  of   the
91              attribute,  and syntax should be one of 's' (string), 'd' (inte‐
92              ger), or 'x' (octet string). The value is the attribute value to
93              send. When attr_id is given alone, NULL is used as the attribute
94              value. Multiple attributes can be specified by using the  option
95              several times.
96
97       -n     Indicates that no MPPE keys are expected.
98
99       -W     Wait for a control interface monitor before starting.
100
101       -S     Save configuration after authentication.
102

SEE ALSO

104       wpa_supplicant(8)
105
107       wpa_supplicant  is copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and
108       contributors.  All Rights Reserved.
109
110       This program is licensed under the BSD license (the one with advertise‐
111       ment clause removed).
112
113
114
115                                 01 March 2021                   EAPOL_TEST(8)
Impressum