Рет қаралды 8,583
ISE TME Thomas Howard talks about the RADIUS protocol and how to perform client simulations.
Topics:
00:00 Intro
00:25 Poll: What tools do you use to test RADIUS?
02:22 Why RADIUS?
03:15 RADIUS RFCs
www.rfc-editor.org/rfc/rfc2865 | RADIUS
www.rfc-editor.org/rfc/rfc2866 | RADIUS Accounting
www.rfc-editor.org/rfc/rfc3579 | RADIUS EAP Support
www.rfc-editor.org/rfc/rfc5176 | RADIUS Change of Authorization Support
05:13 Network Device Capabilities cs.co/nad-capabilities
06:08 RADIUS for Network Authentication
06:54 802.1X with RADIUS flow
08:54 MAC Authentication Bypass (MAB) with RADIUS flow
10:33 Most Popular RADIUS Attributes and ISE RADIUS Network Access Attributes: community.cisco.com/t5/securi...
11:34 Demo: RADIUS Packet Capture (TCPDump) on ISE for RADIUS Authentication and Accounting Start+Stop
14:30 Demo: RADIUS Packet Capture in WireShark
17:27 Network Access Security is a Spectrum with identity credentials
17:54 ISE Supported EAP Methods/Protocols and FIPS : cs.co/ise-fips
20:20 ISE Policy Sets Examples for testing
23:52 Useful RADIUS Attributes and Conditions
25:51 ISE Smart Conditions
26:27 Authorization Attributes and Vendor Specific Attributes (VSAs)
28:24 Minimum RADIUS Attributes required for ISE
29:20 Demo: ISE Diagnostic Tools - Session Trace Tests
32:39 Demo: Windows - NTRadPing Simulator (CHAP not enabled by default)
34:55 Demo: macOS - EAPTest @ ermitacode.com/eaptest/
38:10 Demo: Java - RadiusSimulator.jar @ developer.cisco.com/docs/pxgr...
for Authentication and Accounting Start & Stop
43:54 eapol_test on Linux from wpa_supplicant team
- eapol_test: w1.fi/wpa_supplicant/devel/te...
- Configurations: w1.fi/cgit/hostap/plain/wpa_s...
- Building eapol_test: wiki.freeradius.org/guide/edu...
49:19 Using Podman on macOS to Build and Run eapol_test
51:36 Demo: eapol_test
```sh
eapol_test \
-c eapol_test_configs/peap.thomas.cfg \
-a 198.18.133.27 \
-s ISEisC00L \
-N 6:d:2 -N 61:d:19 -N 30:s:11:11:11:11:11:11:.corp
```
Additional Resources:
- Testing RADIUS from CLI has many more examples: www.securityccie.net/2023/02/...