EAPTest is a tool that allows testing of authentication on RADIUS servers using common Extended Authentication Protocol (EAP) methods. The tool greatly facilitates the setup and troubleshooting in 802.1x wired and wireless environments.
RADIUS (Remote Authentication Dial In User Service) is a networking protocol that provides centralized Authentication, Authorization and Accounting for users connecting to a wired or wireless secure network. When a client connects to a wired network access switch or to a wireless network access point, before access is granted, valid credentials (user and password) must be provide by the user to the network device. This device validates the user credentials communicating with an Authentication Server. The Authentication Server checks the credentials and responds to the network device accepting or rejecting the user and optionally providing information about the privileges that should been assigned to the user. Clients authenticates to the network using the 802.1x protocol. Network devices validates user credentials using the RADIUS protocol.
Several methods to protect the user credentials sent from the client to the Authentication Server are available. These methods are defined in the EAP protocol (Extended Authentication Protocol). EAPTest supported methods are TTLS, PEAP, TLS, MSCHAPv2, MD5 and GTC. For TTLS is possible to use PAP, CHAP, MSCHAP, MSCHAPv2, MD5 and GTC as inner methods. For PEAP, the inner methods available are MSCHAPv2, MD5 and GTC. TLS Digital Identity authentication can be tested simply loading a Digital Identity PKCS#12 (PFX) file. For TLS based methods, TLS v1, v1.1 and v1.2 are supported.
EAPTest simulates both the client and the network access device communicating with the Authentication Server providing a real time graphical view of the RADIUS messages interchanged with the Authentication Server. RADIUS attributes contained in the messages are shown, including EAP message, TLS establishment and Digital Certificates received from the server.
Someone mentioned to me that he has a 20 minute delay deploying Windows 7 to 801.1x EAP networks. They noted http://support.microsoft.com/kb/978152 which is “A Windows Vista-based or Windows Server 2008-based computer does not respond to 802.1X authentication requests for 20 minutes after a failed authentication”.
But didn’t see a fix similar for Windows 7. So, what do they do? They ask PFE of course! I got together with Yong Rhee and Carl Luberti and we kicked the tires a few and found that to fix this you need to likely do two things:
1) Apply http://support.microsoft.com/?id=976373 which is “A computer that is connected to an IEEE 802.1x-authenticated network via another 802.1x enabled device does not connect to the correct network” and then add the registry key to modify the timeout value:
Dot1xProfile is a small utility to generate 802.1x network authentication profiles. EAPTest is a tool that allows testing of authentication on RADIUS servers using common Extended Authentication Protocol (EAP) methods. The tool greatly facilitates the setup and troubleshooting in 802.1x wired and wireless environments.
For wired networks
To use the new registry setting in a wired network, follow these steps:
- I tried to use Apple configurator 2 in the Mojave MacOS 10.14.6 but i was not able to install it (i tried to use the Wi-Fi settings which could be wrong, but this is the only option available to try constructing the dot1x profile!) Thank you once again!
- Enable 802.1x wired authentication.; 2 minutes to read; D; S; In this article. The November 14, 2017 update to Windows 10 (build 15063.726) enables 802.1x wired authentication MDM policies on Surface Hub devices. The feature allows organizations to enforce standardized wired network authentication using the IEEE 802.1x authentication protocol.This is already available for wireless.
- How to configure wired 802.1X for Mac OSX 10.6.3 Open System Preferences. Open Network under Network & Wireless. Click on Advanced and we get to TCP/IP settings. Make sure the option Configure IPv4 is set to Using DHCP. Choose the DNS tab and make sure there are nothing there.Remove them with the -button on the bottom. Choose the 802.1X tab and add a new user profile using the + button on.
1. Open Registry Editor. To do this, click Start
Collapse this imageExpand this image
Dot1x Profile Download
, type regedit in the Start Search box, and then press ENTER.
2. Locate and then right-click the following registry subkey:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftdot3svc
3. Point to New, and then click DWORD Value.
4. Type BlockTime, and then press ENTER. Creative suite 5 mac download.
5. Right-click BlockTime, and then click Modify.
6. Click Decimal under Base. Battle vs chess mac download.
7. In the Value data box, type an appropriate value for the blocking period, and then click OK. The value that you specify for this registry entry represents the number of minutes that the system waits before it retries a failed authentication. The default value is 20 and the valid range is 1 – 60. If you set this key to 0, it will not apply at all.
8. Exit Registry Editor.
For wireless networks
To use the new registry setting in a wireless network, follow these steps:
1. Open Registry Editor. To do this, click Start
Dot1x Credentials Profile
Collapse this imageExpand this image
, type regedit in the Start Search box, and then press ENTER.
2. Locate and then right-click the following registry subkey:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftwlansvc
3. Point to New, and then click DWORD Value.
4. Type BlockTime, and then press ENTER.
5. Right-click BlockTime, and then click Modify.
6. Click Decimal under Base.
7. In the Value data box, type an appropriate value for the blocking period, and then click OK. The value that you specify for this registry entry represents the number of minutes that the system waits before it retries a failed authentication. The default value is 20 and the valid range is 1 – 60. If you set this key to 0, it will not apply at all.
Exit Registry Editor.
Setting the value to something smallish, like say, 2.
Dot1x-access-profile
Hope this helps you in your deployments!
Dot1x Profile Image
Jeff, Carl and Yong