Table of Contents Table of contents: Radiator® AAA Server Installing Radiator 3GPP AAA Server 2 - Installing Radiator 3GPP AAA Server Configuring Radiator 3GPP AAA Server 4 - Configuring Radiator 3GPP AAA Server

3. Testing Radiator 3GPP AAA Server

This section describes the test scenarios for Radiator 3GPP AAA Server.
To prepare the test setup:
  1. Download the latest versions of Radiator, Radiator UtilXS, Radiator Carrier Pack, and Radiator SIM Module. Radiator 3GPP AAA Server is part of the Radiator SIM Module.
  2. Install the downloaded softwares.
  3. Create a separate directory for testing.
  4. Copy goodies/simcards.dat from Radiator SIM Pack directory into the testing directory.
  5. Copy all configuration files (*.cfg) into the testing directory.
  6. Start the radiusd processes in the following order:
    1. 3GPP AAA Server
    2. HSS for processing MAR (Multimedia-Auth-Request) and SAR (Server-Assignment-Request)
    3. S6b for processing ASR (Abort-Session-Request)
    4. RADIUS/EAP-AKA (Extensible Authentication Protocol - Authentication and Key Agreement) to Diameter/SWm conversion. This requires Radiator 4.16 with patches or newer.
    To start these radiusd processes, execute the following commands in the testing directory: 
    radiusd -dictionary /etc/radiator/dictionary -log_stdout -foreground -trace 4 
      -config 3gpp-aaa-server.cfg

radiusd -dictionary /etc/radiator/dictionary -log_stdout -foreground -trace 4 
      -config server-hss.cfg

radiusd -dictionary /etc/radiator/dictionary -log_stdout -foreground -trace 4 
      -config server-s6b.cfg

radiusd -dictionary /etc/radiator/dictionary -log_stdout -foreground -trace 4 
      -config server-swm.cfg
  7. If you need a Radius to Diameter conversion, start the process with the following command in the testing directory: 
    radiusd -dictionary /etc/radiator/dictionary -log_stdout -foreground -trace 4 
      -config radius-eap-convert.cfg

3.1. Compiling eapol_test

eapol_test is a part of wpa_supplicant suite Opens in new window. It is a tool for testing Radiator EAP-SIM (Extensible Authentication Protocol - Subscriber Identity Module), EAP-AKA, and EAP-AKA' (Extensible Authentication Protocol - Authentication and Key Agreement Prime) protocols. You can configure it to act as a supplicant to generate RADIUS requests which are sent directly to the RADIUS server. With eapol_test, you can test the system without the hardware client, supplicant, and wireless access point.
Note
The eapol_test configuration .config file is in directory wpa_supplicant/. After creating or updating it, always rerun make eapol_test because the eapol_test target is not a part of the default make target.

Enabling AKA methods and USIM simulator

EAP-AKA and EAP-AKA' require similar configuration than EAP-SIM. For EAP-AKA and EAP-AKA' the Milenage parameters are defined in format password="Ki:OPc:SQN" in eapol_test .config file.
To enable the AKA (Authentication and Key Agreement) methods and USIM (Universal Subscriber Identity Module) simulator: 
echo CONFIG_EAP_AKA=y >> .config
echo CONFIG_EAP_AKA_PRIME=y >> .config
echo CONFIG_USIM_SIMULATOR=y >> .config
make eapol_test

3.2. Testing SWm requests sent by ePDG

About this task

This test scenario tests the functionality of Diameter SWm connection between the ePDG (Evolved Packet Data Gateway) and Radiator 3GPP AAA Server.

Procedure

To test EAP authentication initiated by an end user:
  1. Open aka-simulator.conf, located in Radiator SIM Pack's /goodies directory, and check that identity is 0232010000000000@nai.epc.mnc001.mcc232.3gppnetwork.org.
  2. Run eapol_test to make sure the authentication works correctly. This sends a RADIUS EAP-AKA request to a Radiator radiusd instance started with radius-eap-convert.cfg. The request is converted to a DER (Diameter EAP Request) and sent over SWm.
To test other requests sent by ePDG:
  1. Send an AAR (AA Request) over SWm. Use the correct -session_id from a previous DER. To do this, execute the following command in the Radiator SIM Pack directory: 
    perl goodies/diapwtst-3gpp
        -trace 4 -swm aar -originhost epdg3.epc.mnc001.mcc232.3gppnetwork.org
        -originrealm epc.mnc001.mcc232.3gppnetwork.org -user
        232010000000000@nai.epc.mnc001.mcc232.3gppnetwork.org -session_id
        'epdg.epc.mnc001.mcc232.3gppnetwork.org;1450276781;831118;0'
    Note
    Use epdg3.epc.mnc001.mcc232.3gppnetwork.org because epdg.epc.mnc001.mcc232.3gppnetwork.org already has a session with Radiator 3GPP AAA Server.
  2. Send an STR (Session-Termination-Request) over SWm to terminate the session started with EAP-AKA. Use the correct -session_id. To do this, execute the following command in the Radiator SIM Pack directory: 
    perl
        goodies/diapwtst-3gpp -trace 4 -swm str -originhost
        epdg3.epc.mnc001.mcc232.3gppnetwork.org -originrealm
        epc.mnc001.mcc232.3gppnetwork.org -user
        232010000000000@nai.epc.mnc001.mcc232.3gppnetwork.org
        Termination-Cause=DIAMETER_LOGOUT -session_id
        'epdg.epc.mnc001.mcc232.3gppnetwork.org;1450276781;831118;0'

3.3. Testing S6b requests sent by PDG

About this task

This test scenario tests if the user session is created to the PDN GW (Packet Data Network Gateway).

Before you begin

You need to have SWm session for the tested IMSI (International mobile subscriber identity). For more information, see Testing SWm requests sent by ePDG.

Procedure

To execute the test:
  1. Send an AAR over S6b to create a process. To do this, execute the following command in the Radiator SIM Pack directory: 
    perl goodies/diapwtst-3gpp -trace 4 -s6b aar
     -originhost pgw.epc.mnc001.mcc232.3gppnetwork.org
     -originrealm epc.mnc001.mcc232.3gppnetwork.org
     -user 232010000000000@nai.epc.mnc001.mcc232.3gppnetwork.org
  2. Send an STR over S6b to terminate the process created in the previous step. Use the correct -session_id. To do this, execute the following command in the Radiator SIM Pack directory: 
    perl goodies/diapwtst-3gpp -trace 4 -s6b str
     -originhost pgw.epc.mnc001.mcc232.3gppnetwork.org
     -originrealm epc.mnc001.mcc232.3gppnetwork.org
     -user 232010000000000@nai.epc.mnc001.mcc232.3gppnetwork.org
     Termination-Cause=DIAMETER_LOGOUT
     -session_id 'pgw.epc.mnc001.mcc232.3gppnetwork.org;1234;1'

3.4. Testing SWx requests sent by HSS

About this task

This test scenario tests the user session termination.

Before you begin

You need to have SWm session for the tested IMSI. For more information, see Testing SWm requests sent by ePDG.

Procedure

To execute the test:
  1. Send an RTR (Registration-Termination-Request) over SWx to terminate all SWm, S6b, STa, and SWa sessions Radiator 3GPP AAA Server has for a specific IMSI. To do this, execute the following command in the Radiator SIM Pack directory: 
    perl goodies/diapwtst-3gpp -trace 4
     -originhost hss2.aaa.mnc001.mcc232.3gppnetwork.org
     -originrealm aaa.mnc001.mcc232.3gppnetwork.org
     -desthost radiator-3gpp.aaa.mnc001.mcc232.3gppnetwork.org
     -swx rtr -user 232010000000000
  2. Send an PPR (Push-Profile-Request) over SWx to replace the profile and trigger reauthentication for SWm, STA, and SWa sessions Radiator 3GPP AAA Server has for the IMSI. To do this, execute the following command in the Radiator SIM Pack directory: 
    perl goodies/diapwtst-3gpp -trace 4
     -originhost hss2.aaa.mnc001.mcc232.3gppnetwork.org
     -originrealm aaa.mnc001.mcc232.3gppnetwork.org
     -desthost radiator-3gpp.aaa.mnc001.mcc232.3gppnetwork.org
     -swx ppr -user 232010000000000
    Note
    You can add PPR-Flags=1 to the command to send PPR-Flags parameter with the desired value.
Note
If Origin-Host hss.aaa.mnc001.mcc232.3gppnetwork.org is used, 3gpp-aaa-server.cfg instance must be restarted after RTR or other request over SWx.
Table of Contents Table of contents: Radiator® AAA Server Installing Radiator 3GPP AAA Server 2 - Installing Radiator 3GPP AAA Server Configuring Radiator 3GPP AAA Server 4 - Configuring Radiator 3GPP AAA Server