Test And Debug RADIUS Response Time With EAPOL-TEST
Slow internet connectivity is a bane for any organization, whether end-users or customers. It affects productivity as people may need help to use resources, access files and tools for work, etc. It can also affect their customer service as there could be delays in raising tickets, loading websites, etc.
However, a slow internet connection could be due to many reasons, such as the number of users on the bandwidth, insufficient bandwidth, and end-user devices (old, outdated devices, etc. ). Effective troubleshooting can occur only when you detect the root cause of the slow connection.
This article will help you leverage a free-source tool (‘eapol-test”)to test your Cloud RADIUS server and measure the response time for authentication requests.
What is RADIUS Response Time
The RADIUS (Remote Access Dial-In User Server) is an authentication protocol that ensures that only authenticated users can access your network. It prevents unauthorized users from accessing your data and acts as a safeguard against attacks and malicious users.
RADIUS is the AAA (Authentication, Authorization, and Accounting) server. True to its name, it grants or denies access, provides various levels of user access authorization, and keeps an account of all the users on your network.
For the RADIUS to work, it typically prompts the Network Attached Storage (NAS) for credentials or a challenge. The user provides the required credentials, which is sent to the RADIUS server. The RADIUS server then allows or rejects the user per the preset conditions.
RADIUS response time is set to anywhere between 1 to 10 milliseconds. If a NAS fails to receive a response within the stipulated time, it must resend the request until the user can access the needed facility. A RADIUS testing tool tests a RADIUS server’s functionality, performance, and robustness.
Why Test Your RADIUS With A RADIUS Monitoring Tool
Troubleshooting a RADIUS is tedious and would take hours, especially when dealing with various services and protocols. A CloudRADIUS monitoring tool like eapol_test helps to measure the amount of time a server takes to respond, process a request, and send a reply. It also measures the time it takes to respond to the client.
RADIUS monitoring tool helps test the performance and viability of a server against predetermined service level agreements.
How To Test Your CoudRADIUS?
The developers of the wpa_supplicant software on Linux provide a handy tool called eapol_test that will test an EAP authentication flow like a client with a lot of debug information.
Installation of the eapol_test executable
Generic eapol_test build instructions:
- Install generic build tooling for your distribution (e.g., ‘build-essential’)
- Install OpenSSL development headers (if applicable, e.g., ‘libssl-dev’, ‘openssl-devel’)
- Install DBus development headers (if applicable, e.g. ‘libdbus-1-dev’, ‘dbus-devel’)
- Install libnl development headers (if applicable, e.g. ‘libnl*-3-dev’, ‘libnl3-devel’)
Commands for installing the eapol_test
* tar xzf wpa_supplicant-*.tar.gz
* cd wpa_supplicant-*/wpa_supplicant
* sed ‘s/^.*CONFIG_EAPOL_TEST.*/CONFIG_EAPOL_TEST=y/’ < defconfig > .config
* CFLAGS=”-Wno-deprecated-declarations” make eapol_test
* sudo install -m 0755 eapol_test /usr/local/bin
Parameters
- Config file
After installing the eapol_test script, the config file must be created. Below is the sample:
network={
ssid=”ssidname”
key_mgmt=WPA-EAP
eap=TLS
identity=”identityname”
ca_cert=”ca.pem”
client_cert=”cert.cer”
private_key=”cert.key”
private_key_passwd=”password”
}
The configuration file provides the necessary information regarding the CA (Certificate Authority) and client certificate, including their paths and optional private key password if applicable. It is essential to ensure that these parameters are accurately saved in the configuration file using the exact file names for the CA and client certificate.
JoinNow MultiOS Management Portal can generate client certificates from the PKI. You must navigate the PKI (Public Key Infrastructure) section and select the “Create Certificate” option. The CA certificate should represent the root certificate of the CloudRADIUS Server Certificate and must be in .pem format.
By default, SecureW2 utilizes the DigiCert Global Root CA, which is taken from the Network Profiles section by selecting “Edit” and then “Certificates.” It is necessary to convert the certificate to .pem format before using it. The letter ‘c’ denotes the .oem format. Please note that the values mentioned here are examples. You need to use the values applicable to your environment.
- Port Number
The port number should be mentioned specifically. It is denoted by `p.`
3. Shared Secret
SharedSecret, similar to the Port number, is specific for each organization and should be included in the command. It is denoted by `s.`
- RADIUS Server IP
If you are also using Satellite CloudRADIUS servers, you can also use those IP Addresses.
Command Usage
The following is the command to be used to run the authentication request:
eapol_test -c <configfile> -p <portnumber> -s <shared secret> -a <RADIUS IP Address>
This should return the complete logs of the authentication requests, including the handshakes. Capturing the time before and after the command should help calculate the response time, including the internet latency.
Success/Failure Identification
$?
This command can be used to determine whether the authentication was successful.
Response time calculation
date +%s%3
The above command gives the time in milliseconds. This can be executed before and after the eapol_test script. The total time taken for the response can be calculated by calculating the difference between these values. This includes the latency on the internet.
Sample snippet:
startTime=$(date +%s%3)
eapol_test -c <configfile> -p <portnumber> -s <shared secret> -a <RADIUS IP Address>
result=$?
endTime=$(date +%s%3)
responseTime = $endTime – $startTime
echo($result)
Test SecureW2s CloudRADIUS With eapol_test For Quick Troubleshooting
Slow internet need not be the reason for slow connectivity. However, testing SecureW2s CloudRADIUS with the eapol-test tool will be a good start to troubleshooting your internet worries. As for anything else, our highly recommended support team is here to help you around the clock.