EAP Lab – Creation and maintenance of experimentation environment

Objective

To create a convenient and accessible testing environment for EAP configurator and supplicant testing with a purpose of lowering the difficulty and therefore cost of implementation and testing.

Motivation

Wireless connectivity based on 802.1x and various EAP methods (the basis of so-called WPA2- Enterprise) is becoming very popular, but as identified by the GN3 analysis and already mentioned before, is still perceived as complicated in configuration. Supplicant programming and testing requires an interaction with a RADIUS server. Also configuration building (like that provided by the eduroam Configuration Assistant Tool) requires a testing environment against a RADIUS server with as many EAP methods available as possible. While configuring an access point is reasonably straightforward, setting up and configuring a RADIUS server requires advanced knowledge. The purpose of setting the EAP lab is to reduce the burden of preparing a RADIUS server and let implementers and testes focus on their actual task. The EAP Lab will be of use in the following situations:

Device and supplicant testing
Wireless administrators, in particular representing larger consortia like eduroam, will be able to test new devices in many setup scenarios. Testing of not only proper but also insecure configurations will be possible so that both strong and weak points of the tested devices can be uncovered. Supplicant programmers will be able to use the EAP Lab in a similar way, testing their implementations against a range of conditions and scenarios. This will be particularly important for implementers of the proposed automated configuration standard, as EAP Lab will also publish various generic XML configuration files already configured to work (or purposely not work) with the Lab RADIUS server. eduroam Operations will be able to use a test site of eduroam Configuration Assistant Tool and create device installers which will work with the EAP Lab, thus enabling a wide testing of device configurators.
Configuration Assistant Tool module development
While one of the goals of this project is to introduce a uniform configuration standard, one cannot expect that it will be taken up in a short time. Therefore it is necessary to plan for adding new and update existing configuration CAT modules. CAT modules should support a maximum number of EAP types, therefore testing against a fully configured RADIUS server is crucial. A module programmer typically does not have a RADIUS server at hand, in particular not one that can be reconfigured to his testing needs. Using the EAP Lab will only require a local access point set to interface with the EAP Lab server.