.................................................................................................................................... ........................................................................................................................
How to Configure for a TLS Demo Out of the Box8950 AAA Certificate Manager
22-24 365-360-001R6.0
Issue 1, December 2008
.................................................................................................................................... ........................................................................................................................
Create a small tuple file using notepad:
->cat tuple.txt
User-Name = steve
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
And launch the RADIUS test tool in EAP-TLS mode to check:
->..\bin\nrtest -f tuple.txt -cbc EapTls$SimpleCallback -id steve
-cfclient.pem -cp test-client -tf trusted.pem -v
Xmit: Access-Request
User-Name = "steve"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
EAP-Message = "Response/Identity(1): data=steve"
Message-Authenticator = "00000000000000000000000000000000"
Packet authenticator is valid
Recv: Access-Challenge after 1953 ms.
Message-Authenticator = "60B6D929DFE86EE6C1BA69C0F267EFD9"
State = "1"
Session-Timeout = 180
EAP-Message = "Request/EAP-TLS(2): flags=20(S) "
Sending a 0 byte message to the EAP TLS client:
Received a 108 byte message from the EAP TLS client:
Handshake,v3.1
ClientHello
version 3.1
random =
404431C306BC65BFD2EDC94DF4D768528F6F1A0F86BAA9D00CF94E100187
6D70
session_id =
cipher_suites
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DH_DSS_WITH_AES_256_CBC_SHA
TLS_DH_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA