Test Report About Interoperability Between Huawei WLAN ...

Test Report About Interoperability Between Huawei WLAN Devices and Aruba ClearPass Authentication Server

Issue 01

Date 2018-05-08

HUAWEI TECHNOLOGIES CO., LTD.

Issue 01 (2018-05-08) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

i

Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

http://www.huawei.com/

mailto:[email protected]

Test Report About Interoperability Between Huawei WLAN Devices and Aruba ClearPass Authentication Server About This Document


ii

About This Document

Purpose This document is the test report about interoperability between the Araba ClearPass authentication server and Huawei WLAN devices. This test report is prepared and confirmed by all involved test parties according to the actual interoperability test process and results.

Test Report About Interoperability Between Huawei WLAN Devices and Aruba ClearPass Authentication Server Contents


iii

Contents

About This Document ............................................................................................................... ii

1 Overview ................................................................................................................................... 1

1.1 Project Introduction ............................................................................................................................................... 1 1.2 Test Devices and Software ..................................................................................................................................... 1 1.3 Test Networking .................................................................................................................................................... 1

2 Test Contents ............................................................................................................................ 3 2.1 Test Cases ............................................................................................................................................................. 3 2.2 Test Summary........................................................................................................................................................ 3

3 Test Cases .................................................................................................................................. 4

3.1 802.1x Authentication Used Between the AC and ClearPass Authentication Server ................................................. 4 3.2 MAC Address Authentication Used Between the AC and ClearPass Authentication Server...................................... 5 3.3 Portal Authentication Used Between the AC and ClearPass Authentication Server .................................................. 7 3.4 Dynamic VLAN .................................................................................................................................................... 9 3.5 ACL Authorization ...............................................................................................................................................10 3.6 Forcible User Logout ............................................................................................................................................12

Test Report About Interoperability Between Huawei WLAN Devices and Aruba ClearPass Authentication Server 1 Overview


1

1 Overview

1.1 Project Introduction In the XXX project, the Aruba ClearPass authentication server is used on the live network. The customer wants to replace the WLAN network. Huawei devices are still connected to the Aruba ClearPass authentication server on the live network to provide Wi-Fi access.

1.2 Test Devices and Software

Device Name Device Version Description

AC6605 V2R8C10SPC100 An AC6605 provides 24 GE interfaces and two 10GE interfaces. It provides 128 Gbit/s switching capacity and 10 Gbit/s forwarding capability.

AP6050DN V2R8C10SPC200 11ac Wave2 AP

ClearPass 2.3 Aruba authentication server

1.3 Test Networking The AP communicates with the AC at Layer 3 and goes online through Option 43. The ClearPass authentication server can communicate with the AC and exchange service VLAN packets.

Test Report About Interoperability Between Huawei WLAN Devices and Aruba ClearPass Authentication Server 1 Overview


2

ACSwitch

ClearPass

APSTA

Test Report About Interoperability Between Huawei WLAN Devices and Aruba ClearPass Authentication Server 2 Test Contents


3

2 Test Contents

2.1 Test Cases Test Case Name Description Test Result Remarks

802.1x authentication The AC is connected to the ClearPass authentication server, and performs 802.1x authentication for the STA.

ok

MAC address authentication

The AC is connected to the ClearPass authentication server, and performs MAC address authentication for the STA.

ok

Portal authentication The AC is connected to the ClearPass authentication server, and performs Portal authentication for the STA.

ok

Dynamic VLAN The RADIUS server can deliver dynamic VLANs.

ok

ACL authorization The RADIUS server can deliver ACLs. ok

2.2 Test Summary Test Conclusion Through verification, Huawei AC can communicate with the Aruba ClearPass authentication server through 802.1x authentication, MAC address authentication, and Portal authentication on the Aruba ClearPass authentication server. In addition, the ClearPass authentication server can deliver dynamic VLANs and ACLs.

Customer Signature Manufacturer Signature

Test Report About Interoperability Between Huawei WLAN Devices and Aruba ClearPass Authentication Server 3 Test Cases


4

3 Test Cases

3.1 802.1x Authentication Used Between the AC and ClearPass Authentication Server

Test Item 802.1x authentication used between the AC and ClearPass authentication server

Test Objective To test 802.1x authentication supported by WLAN devices.

Test Environment

Networking diagram:

ACSwitch

ClearPass

APSTA

Prerequisites: 1. All devices are working properly. 2. The test environment has been set up according to the networking diagram.

Test Procedure

1. Correctly configure the AC so that the AP delivers the SSID SSID-Dot1x, and enable WPA2-802.1x.

2. Correctly configure the RADIUS server and create a user account. 3. Associate the STA with the SSID and enter the correct user name and password.

Expected result 1 is displayed.

Expected Results

The STA is successfully associated with the SSID, obtains an IP address, and is authenticated successfully.

Test Results The STA is successfully associated with the SSID, obtains an IP address, and is authenticated successfully.



5

User information is displayed on the ClearPass authentication server.

Remarks


3.2 MAC Address Authentication Used Between the AC and ClearPass Authentication Server

Test Item MAC address authentication used between the AC and ClearPass authentication server



6

Test Objective To test MAC address authentication supported by WLAN devices.

Test Environment

Networking diagram:

ACSwitch

ClearPass

APSTA


Test Procedure

1. Correctly configure the AC so that the AP delivers SSID SSID-MAC, and enable MAC address authentication.

2. Correctly configure the RADIUS server to authenticate the STAs through MAC address authentication.

3. Associate the STA with SSID-MAC. Expected result 1 is displayed.

Expected Results STA1 is successfully associated with SSID-MAC, obtains an IP address, and can ping the gateway.

Test Results

The STA is successfully associated with the SSID and obtains an IP address.

Remarks




7

3.3 Portal Authentication Used Between the AC and ClearPass Authentication Server

Test Item Portal authentication used between the AC and ClearPass authentication server

Test Objective To test Portal authentication between the AC and ClearPass authentication server.

Test Environment

Networking diagram:

ACSwitch

ClearPass

APSTA


Test Procedure

1. Configure wireless Portal service on the AC, set the SSID to SSID-Portal, and configure Portal authentication based on HTTP.

2. Configure the Portal authentication service on the Portal server (Aruba ClearPass authentication server).

3. Associate the STA with SSID-Portal. Expected result 1 is displayed. 4. The STA attempts to access a web page by using the browser. Expected result 2 is

displayed.

Expected Results

1. The STA is successfully associated with the SSID, and the STA is in pre-auth state on the AC.

2. The STA is redirected to the authentication page. After the account is entered and the STA is authenticated, the STA is in success state and can ping the gateway.

Test Results

1. The STA is associated with the SSID and is in pre-auth state on the AC.

2. The STA is redirected to the authentication page. After the account is entered and the

STA is authenticated, the STA is in success state.



8

Remarks




9

3.4 Dynamic VLAN Test Item Dynamic VLAN

Test Objective To test the dynamic VLAN supported by WLAN devices.

Test Environment

Networking diagram:

ACSwitch

ClearPass

APSTA

Prerequisites: 1. All devices are working properly. 2. The WLAN has been correctly configured.

Test Procedure

1. Correctly configure the AC so that the AP delivers SSID SSID-MAC, enable MAC address authentication, and set the service VLAN to VLAN 2184.

2. Correctly configure the RADIUS server, create a user account, and configure authorization VLAN 2022.

3. Associate the STA with the SSID and enter the correct user name and password. Expected result 1 is displayed.

Expected Results The STA can obtain an IP address on the network segment of VLAN 2022.

Test Results

The STA is associated with the SSID and obtains the IP address on the network segment of VLAN 2022.



10

Remarks


3.5 ACL Authorization

Test Item ACL authorization

Test Objective To test that WLAN devices support ACL authorization delivered by the ClearPass authentication server.

Test Environment Networking diagram:



11

ACSwitch

ClearPass

APSTA


Test Procedure

1. Correctly configure the AC so that the AP delivers the SSID SSID-Dot1x, and enable WPA2-802.1x.

2. Configure ACL 3031 on the AC to forbid access to the specified IP address 189.180.10.70.


4. Associate the STA with the SSID, and enter the correct user account and password. Expected result 1 is displayed.

5. Cancel authorization on the RADIUS server, and re-associate the STA, and ping 189.180.10.70. Expected result 2 is displayed.

Expected Results

1. The STA can obtain an address and obtain authorization ACL 3031. The IP address of 189.180.10.70 cannot be pinged.

2. The STA can obtain an IP address and can ping 189.180.10.70 successfully.

Test Results

The STA can associate with the SSID, obtain an address, and obtain authorization ACL 3031. The IP address of 189.180.10.70 cannot be pinged.



12

The STA is associated with the SSID and can ping 189.180.10.70 successfully.

Remarks


3.6 Forcible User Logout

Test Item Forcible user logout



13

Test Objective To test that the WLAN device supports forcible user logout.

Test Environment

Networking diagram:

ACSwitch

ClearPass

APSTA


Test Procedure

1. Correctly configure the AC so that the AP delivers SSID SSID-MAC, enable MAC address authentication, and set the service VLAN to VLAN 2184.


3. Associate the STA with the SSID and enter the correct user name and password. Expected result 1 is displayed.

4. Force the user to go offline on the Aruba ClearPass authentication server. Expected result 2 is displayed.

Expected Results 1. The STA can obtain an IP address on the network segment of VLAN 2182. 2. The user is forcibly offline.

Test Results

The STA is associated with the SSID and obtains the IP address on the network segment of VLAN 2182.



14

The user is forcibly offline.

Remarks

Customer Signature Manufacturer

Signature

Test Report About Interoperability Between Huawei WLAN ...

Documents

Transcript of Test Report About Interoperability Between Huawei WLAN ...