Authenticating ...
 

EAPlab provides a RADIUS environment allowing you to test EAP supplicants in various scenarios.

How can I use EAPlab?

There a several uses we can think of:
802.1X lab
Suppose you want to test 802.1X, either wireless (WPA2-Enterprise) or wired. You have the necessary networking equipment and you would like to test authentication without the hassle of setting up a RADIUS server. This could be a student assignment or a training lab. As long as your target is something like a wireless controller, you want to focus on its functions and not spend time on learning about RADIUS deployment. Here EAPlab is your friend. All you need to do, is to point your network equipment to our RADIUS server and use one of our fixed configurations. You can use the fixed configurations without any registration.
Experimentation at home
Modern wireless home devices usually support WPA2-Enterprise, so you can easily set up such a network if you have access to a RADIUS server. Since your home IP is probably changing, it is not so easy to set up a connection to any production RADIUS server unless you resort to something like VPN. EAPlab provides you with a RADIUS server which is accessible from everywhere, so you home experiments will run just fine.
New device testing
A new wireless device appears and you want to test how it will behave, what EAP types will it handle, whether you can configure it safely, etc.

The lab can simulate a correctly working RADIUS server, or at your choice can intentionally misbehave in numerous ways. That way, you can test the new device's beheviour in very many success and failure scenarios. The best approach is to set an individual EAPlab profile configurate the device, connect, then change the RADIUS server settings reconnect and observe.

Testing XML configuration profiles
In SENSE project we work on describing EAP configuration in a universal XML profile. Using the provided CAT instance you can generate various profiles and check how your supplicant will consume it. You can also test your configuration against the EAPlab RADIUS servers.

What EAPlab is not

Being an EAPlab is is not a RADIUSlab, i.e. we put emphasis on settings important for EAP but not on various other useful RADIUS features like accounting, VLAN setting, Chargeable-User-Identity and many others. If you think that it would be great if we did support these missing functions, let us know. If enough potential users find this useful, we could decide to extend the functionality.

What you should NOT use EAPlab for

First of all, remember that we provide this free service for experimentation and do not want heavy traffic. Please respect the Terms of Use.

EAPlab is an experimenting environment, therefore you should not use it for any king of "production". While, in principle it would be possible to create a number of user accounts and set up a small WPA2-Enterprise network, this is not welcome by us.

We do not guarantee any safety of pseudo-credentials set in EAPlab or the persistence of created accounts. We will delete inactive accounts. We will allow an inactivity period of at least 6 months (possibly longer depending on the number of users and available resources), after which the accounts will be deleted.

Using EAPlab

A typical testing setup on your side would consist of:

  • A RADIUS client - this may be an Access-Point capable of WPA2-Enterprise authentication or a RADIUS proxy to which your client is connected to.
  • An EAP supplicant - typically this would be wireless device which you will connect to your Access-Point using WPA2-Enterprise.

EAPlab will allow you to test how your supplicant will behave if various things go wrong. For instance, the supplicant should be able to authenticate the server before sending any user credentials by comparing server's certificate and name with the expected values. If things go well, i.e. the server you are connecting to provides expected credentials, your supplicant should just connect. However when something goes wrong it gets interesting to see how your supplicant will behave. What will be the user experience, will it catch all problems with server side errors, etc.

In EAPlab we have put together operational experience gathered by the eduroam community servicing millions of various devices and hundreds of different RADIUS setups. You will be able to test your supplicant in possibly strange situations, which you might have not thought about, but which are results of real cases experienced in eduroam.

Authentication

You can start using EAPlab without any registration, however if you want to save configuration data for later reuse, you must authenticate with an identity provider of your choice. EAPlab reserves the right to withhold access in cases listed in Terms of Use.