End-to-End WLAN Roaming Test Cases 3.1 October 2004

Similar documents
WLAN Roaming Guidelines (also known as Inter-Operator Handbook)

DRAFT - QoS Sensitive Roaming Principles 1.0 August 2004

Eligibility for Associate Membership

3GPP TS V7.0.0 ( )

REFERENCE OFFER FOR DIRECT WHOLESALE ROAMING ACCESS

3GPP TS V6.4.0 ( )

ETSI TS V6.1.0 ( )

TS-3GA (R99)v Operator Determined Call Barring

Code of Practice. Mobile Spam. 1.0 February Official Document PPC.01. Security Classification Category (see next page)

Network Policy Controller UAM/RADIUS Guide

Configuring RADIUS Servers

Message Networking 5.2 Administration print guide

Services, Ease of Use, and Operator Considerations in Interworked WLAN-Cellular Systems

Application Note. Using RADIUS with G6 Devices

JP-3GA (R99) Technical realisation of Operator Determined Barring (ODB)

Configuring Security on the GGSN

ETSI TS V4.1.0 ( )

Network Working Group. Category: Standards Track <draft-aboba-radius-iana-03.txt> 30 March 2003 Updates: RFC IANA Considerations for RADIUS

ETSI TS V3.3.1 ( )

3GPP TS V ( )

REMOTE AUTHENTICATION DIAL IN USER SERVICE

Configuring IEEE 802.1x Port-Based Authentication

Standardized Connectivity Management Objects 3GPP Circuit-Switched Data Bearer Parameters For use with OMA Device Management

Application Notes for Configuring SIP Trunking between the Comdasys Mobile Convergence Solution and an Avaya IP Office Telephony Solution Issue 1.

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT

Direct Wholesale Roaming Access Reference Offer of Latvijas Mobilais Telefons SIA

3GPP TS V ( )

Configuring IEEE 802.1x Port-Based Authentication

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide. Figure 9-1 Port Security Global Settings window

Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0

Enabler Test Specification for RCS Conformance

ETSI TS V ( )

ETSI TS V ( )

ETSI TS V6.1.0 ( )

Standardized Connectivity Management Objects HTTP Proxy Parameters For use with OMA Device Management

Reference Release Definition for Parlay/OSA(Open Service Access) In OMA Service Environment (PIOSE)

Oracle Utilities Opower Solution Extension Partner SSO

3GPP TS V6.6.0 ( )

LDAP Servers for AAA

Overview. RADIUS Protocol CHAPTER

3GPP TS V9.2.0 ( )

ForeScout CounterACT. Configuration Guide. Version 4.1

ETSI TS V6.2.0 ( )

User Administration. User Administration Help

Managing WCS User Accounts

802.1x Configuration. FSOS 802.1X Configuration

RADIUS - QUICK GUIDE AAA AND NAS?

Configuring IEEE 802.1x Port-Based Authentication

User Guide IP Connect CSD

Elastic Charging Engine 11.3 RADIUS Gateway Protocol Implementation Conformance Statement Release 7.5

Managing WCS User Accounts

TopGlobal MB8000 Hotspots Solution

3GPP TS V7.0.0 ( )

Online Reporting and Information Management System (ORIMS) Manage Financial Returns User Guide for Banks & Trust Companies

Pulse Policy Secure. Guest Access Solution Configuration Guide. Product Release 5.2. Document Revision 1.0 Published:

Configuring Security for the ML-Series Card

Configuring RADIUS and TACACS+ Servers

Operation Manual Security. Table of Contents

All-IP Core Network Multimedia Domain IP Multimedia Subsystem Charging Architecture

GGSN Configuration Example

AT&T Global Network Client for Mac User s Guide Version 1.7.3

Web and MAC Authentication

Operation Manual 802.1x. Table of Contents

Configuring RADIUS. Information About RADIUS. RADIUS Network Environments. Send document comments to

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

3GPP TS V6.1.0 ( )

MCSA Guide to Networking with Windows Server 2016, Exam

Table of Contents 1 AAA Overview AAA Configuration 2-1

Forescout. Configuration Guide. Version 4.2

3GPP TS V7.2.0 ( )

Vodafone Malta Limited Wholesale Roaming Direct Access Reference Offer

Identity Firewall. About the Identity Firewall

Data Structure Mapping

Data Structure Mapping

Data Structure Mapping

Applying for Funding in Fluxx. Quick Start Instructions

ETSI TS V ( )

All-IP Core Network Multimedia Domain

Reference Offer of T-Mobile Polska S.A., Poland for Access Seekers of Direct Wholesale Roaming Access

3GPP TS V9.0.0 ( )

SoupBinTCP for Nasdaq Nordic. Version August 21, 2015

Configuring DHCP Services for Accounting and Security

TS V6.0.0 ( )

WL-5420AP. User s Guide

Contents. Configuring SSH 1

Enabler Release Definition for Parlay Service Access

Sparta Systems TrackWise Digital Solution

Internet copy. DSRC Key Management. Annex 2.5 to Joint Venture Agreement Toll Service Provider Agreement

Banner-Requestor_Approver Training Manual

3GPP TS V9.2.0 ( )

With 802.1X port-based authentication, the devices in the network have specific roles.

AT&T Global Network Client for Mac User s Guide Version 2.0.0

CIPURSE Certification Program

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

Enabler Release Definition for LPP Extensions (LPPe)

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Joint Initiative on a PSD2 Compliant XS2A Interface NextGenPSD2 XS2A Framework Operational Rules

Managing NCS User Accounts

System Architecture Model Version 1.1 WV Tracking Number: WV-020

Diameter, Meet Your Future

Transcription:

End-to-End WLAN Roaming Test Cases 3.1 October 2004 This is a non-binding permanent reference document of the GSM Association. Security Classification Category: Unrestricted This document is subject to copyright protection. The GSM Association ( Association ) makes no representation, warranty or undertaking (express or implied) with respect to and does not accept any responsibility for, and hereby disclaims liability for the accuracy or completeness or timeliness of the information contained in this document. The information contained in this document may be subject to change without prior notice. Access to and distribution of this document by the Association is made pursuant to the Regulations of the Association. Copyright of the GSM Association 2004 Version 3.1 Page 1 of 15

Document History Revision Brief 0.1 10 01 03 First draft of WLAN Roaming Test Cases document 0.2 24 01 03 Draft of End-to-End WLAN Roaming Test Cases document after 16.1. Düsseldorf Ad-hoc 0.3 27 01 03 Operator Det. Barring Test included 1.0 13 03 03 Sent for IREG approval 2.0.0 20 03 03 IREG approved document. 3.0.0 13 06 03 Approved by EMC 3.0.1 24 03 04 Incorporated IREG Doc 46_071 3.1 26 10 04 Incorporated IREG Doc 019_012 Summary The following document outlines test cases for RADIUS-based username-password authenticated WLAN roaming. The roaming environment is defined in PRD IR.61 WLAN Roaming Guidelines. Version 3.1 Page 2 of 15

Table of Contents 1 Introduction...4 1.1 Scope of document...4 1.2 Strategy for Testing...4 1.3 Pre-requisites...4 2 Test Cases...5 2.1 Access Tests...5 2.1.1 Valid Roaming Authentication...5 2.1.2 Valid Username, Invalid Password...5 2.1.3 Invalid Username...5 2.1.4 Operator Determined Barring...5 2.1.5 Operator Determined Barring While Session Open...5 2.2 Accounting Tests...6 2.2.1 RADIUS Accounting Data Generation (Session Time)...6 2.2.2 RADIUS Accounting Data Generation (Data Transferred)...6 2.2.3 Verifying RADIUS Accounting Logs...6 2.3 Service Failure Tests...7 2.3.1 Implicit Logout...7 2.3.2 Inactivity Logout...7 2.4 User Experience Tests...7 2.4.1 Login Page...7 2.4.2 Help Page...7 2.4.3 Start Page...7 2.4.4 Unsuccessful Login...7 2.4.5 Successful Login...8 2.4.6 Logout Confirmation...8 3 Test Evaluation...9 APPENDIX A...10 Test Results...11 Access Tests...11 Valid Roaming Authentication...11 Valid Username, Invalid Password...11 Invalid Username...11 Operator Determined Barring...11 Operator Determined Barring While Session Open...12 Accounting Tests...12 RADIUS Accounting Data Generation (Session Time)...12 RADIUS Accounting Data Generation (Data Transferred)...12 Verifying RADIUS Accounting Logs...13 Service Failure Tests...13 Implicit Logout...13 Inactivity Logout...13 User Experience Tests...14 Login Page...14 Help Page...14 Start Page...14 Unsuccessful Login...14 Successful Login...14 Logout Confirmation...15 Version 3.1 Page 3 of 15

1 Introduction 1.1 Scope of document This document specifies a set of test cases for WLAN roaming service to confirm that it complies with PRD IR.61 WLAN Roaming Guidelines. RADIUS shall be the protocol to be used for passing authentication, authorization and accounting data (AAA). Whilst it is expected that WLAN-roaming will be a bilateral activity between two WOs, please note that this document is written in a unidirectional context. Hence Roaming is taking place by a Mobile Terminal MT(a) to Visited WLAN(b) only. There is no reference to a Mobile Terminal MT(b) visiting Home WLAN(a). To complete End-to-end WLAN Roaming tests for bilateral roaming, it is necessary to perform the tests in this document twice: the second time the real identities of WLAN (a) and WLAN (b) are swapped. NOTE: Billing cycle will not be part of these tests. However, the production of valid RADIUS accounting data that is used in the billing cycle is tested in similar fashion as the generation of CDRs described in IR.35 End to End Functional Capability Test Specification for Inter- PLMN GPRS Roaming. The WLAN roaming environment shall be as described in PRD IR.61. 1.2 Strategy for Testing To complete the test cases efficiently, the amount of simultaneous joint activity between Home WO (a) and Visited WO (b) should be minimized. To this effect, testing program forms three separate components: 1. Home WO (a) issues Test User Accounts and programmes Authentication Servers accordingly 2. Visited WO (b) performs tests 3. Visited WO (b) and Home WO (a) exchange data and discuss results 1.3 Pre-requisites A GSMA WLAN Roaming Guidelines (PRD IR.61) compliant WLAN roaming test environment implemented. RADIUS configuration information shared (Realms, IP addresses of proxies, etc. via IR.21, RADIUS Shared Secret via secure means). List of active/valid test accounts made available by the Home WO (a) to Visited WO (b) for testing purposes. 3 accounts to each roaming partner. One barred user account provided to Visited WO (b) for the tests. Relevant system logs identified. The Visited WO (b) has to collect RADIUS messages going to Home WO (a) network server for to be able to validate RADIUS accounting data. Version 3.1 Page 4 of 15

2 Test Cases The test cases are divided into four groups: 1. Access tests Login procedure and authentication, routing to correct server, Realm functionality in each proxy 2. Accounting tests Validating that RADIUS accounting logs match. 3. Service Failure tests 4. User Experience tests 2.1 Access Tests 2.1.1 Valid Roaming Authentication Enter a valid Home WO (a) username and a valid password using the Visited WO (b) network. Home WO user should be granted access and get full network capabilities. 2.1.2 Valid Username, Invalid Password Enter a valid Home WO (a) username and an invalid password using the Visited WO (b) network. 2.1.3 Invalid Username Home WO user should be denied access. Enter an invalid username and password using the Visited WO (b) network. User should be denied access. 2.1.4 Operator Determined Barring Background: The HPLMN decides which ODB s should stop the customer from using WLAN (e.g. Barring of GPRS, Barring of Roaming, Barring of outgoing calls, or other kind / way of barring). Enter a valid but barred Home WO (a) Username and a valid Password using the Visited WO(b) network. User access should be denied by the home WO(a). 2.1.5 Operator Determined Barring While Session Open Background: Observe the reaction of an open session when the customer gets barred. HPLMN bars the customer while roaming on WO(b) while he has an open session. Comments: The session is closed and cannot be reestablished. The RADIUS protocol defined in RFC 2865 does not support unsolicited messages sent from the Home WO (a) s RADIUS Version 3.1 Page 5 of 15

server to the Visited WO (b) s NAS. This means that there is no standardized mechanism as such for active disconnect from the Home WO (a) network in the RADIUS specifications. However, there are various vendor specific ways to implement such a mechanism. The methods for active disconnect demand specific functionality from the Home WO (a)s and Visited WO (b)s networks. For example the following methods can be utilized to disconnect an active session: o By using the Session-Timeout attribute in the RADIUS Access- Accept messages the user can be forced to re-authenticate periodically. If the user account gets barred, the next authentication attempt will be a failure. o The Session-Timeout and Termination-Action attribute pair can be used to make the re-authentication transparent to the end-user. If the Termination-Action is set to RADIUS-Request, the NAS MAY send a new Access-Request to the RADIUS server. The NAS has to be able to distinguish between re-authentication after Session-Timeout period and user initiated session termination. o Some vendors have implemented support for additional unsolicited RADIUS messages in their RADIUS and NAS implementations. This enables dynamic authorization changes, e.g. active disconnect. Some methods are described in more detail in RFC 2882 and IETF Internet Draft <draft-chiba-radius-dynamicauthorization-07.txt>.) 2.2 Accounting Tests 2.2.1 RADIUS Accounting Data Generation (Session Time) Login with a valid Home WO(a) username in Visited WO(b) network, logout after set time. RADIUS accounting log should reflect the set time. Comments: If Interim RADIUS accounting messages are used, the set time should be longer than the interim interval and interim message(s) should be generated during this test. 2.2.2 RADIUS Accounting Data Generation (Data Transferred) Login with a valid Home WO(a) username in Visited WO(b) network, download a test file of known size, upload a test file of known size, and logout. RADIUS accounting log Bytes-In and Bytes-Out fields should reflect the transferred file size and some network overhead. Comments: If Interim RADIUS accounting messages are used, the transferred file should be big enough that interim message(s) are generated during this test. 2.2.3 Verifying RADIUS Accounting Logs Exchange RADIUS session logs of the accounting tests between Home WO(a) and Visited WO(b) Version 3.1 Page 6 of 15

Both accounting logs should have the same values in correct fields for the accounting tests. Also verify that proxy-state attributes are logged and that the values are correct. 2.3 Service Failure Tests 2.3.1 Implicit Logout Comments: 2.3.2 Inactivity Logout Comments: Login with a valid Home WO (a) username in Visited WO (b) network, disconnect the WLAN card or switch off the Mobile Terminal (a). Wait for set time, re-insert card or switch on the Mobile Terminal (a). Access should be denied to the user without a new login and accounting session should be closed. The wait time depends on the access controller configuration. Login with a valid Home WO (a) username in Visited WO (b) network and leave the Mobile Terminal (a) idle. An automatic logout should happen after a pre-determined time. The idle-timeout time depends on the used system. Normal accounting data should be generated after an automatic logout. 2.4 User Experience Tests While conducting Access and Accounting tests, some user experience related issues should also be checked. 2.4.1 Login Page Visited WO (b) s login page is displayed after association with Visited WLAN. 2.4.2 Help Page 2.4.3 Start Page 2.4.4 Unsuccessful Login Yes/No. Visited WO (b) s help page is available on the login page and is displayed before login. Yes/No. Visited WO (b) s start page and/or session status window are displayed after a successful login. Yes/No. An error message is displayed after an unsuccessful login. Yes/No. Version 3.1 Page 7 of 15

2.4.5 Successful Login Logout method is clearly displayed after a successful login. Yes/No. 2.4.6 Logout Confirmation Logout confirmation is displayed after explicit and inactivity logouts. Yes/No. Version 3.1 Page 8 of 15

3 Test Evaluation 1. Accounting logs to be prepared to check that they match between all participants 2. Analyse failures 3. Produce Test Report: Completed Test cases Experiences Problems Solutions Proposals Version 3.1 Page 9 of 15

APPENDIX A Item Information WLAN Operator Name: 1 WLAN Operator Country (Abbreviated according to ISO 3166): Testing Personnel s Name: Test Execution : 1 Maximum 22 letters - This field is only used for administrative purposes, however, it must always be filled in in order to identify the operator. Version 3.1 Page 10 of 15

Test Results Access Tests Valid Roaming Authentication Valid Username, Invalid Password Enter valid roaming username and password Username should be in the proper format. User should be granted access and have full network capabilities. Enter valid roaming username and invalid password Access denied. No network access. Invalid Username Enter invalid roaming username and password Username should be in the proper format. User should be denied access and have no network capabilities. Operator Determined Barring Version 3.1 Page 11 of 15

Enter a valid roaming username and password of an account that has been barred by Home WO(a) Access denied. No network access. Operator Determined Barring While Session Open Enter a valid roaming username and password. When the session is open, the WO(a) should assign a barring to this subscriber. The session should be cancelled automatically a pair of seconds later (quasi-online). Accounting Tests RADIUS Accounting Data Generation (Session Time) Test Verification Result 2 Login, Logoff after a set time Accounting logs should reflect the connection time. RADIUS Accounting Data Generation (Data Transferred) 2 Test Verification Result field is used for verifying test result against HPLMN RADIUS messages. HPLMN Testing Personnel should check that RADIUS logs correspond to values mentioned in this testing document. Version 3.1 Page 12 of 15

Volume (Amount of transferred data) Test Verification Result 2 Login, download test file, upload test file and Logoff Bytes-In and Bytes-Out in Accounting Logs should be values which are approximately the size of the test file + some network overhead. Verifying RADIUS Accounting Logs Volume (Amount of transferred data) Test Verification Result 2 Verify that both accounting logs have the same results for all of the accounting tests. Specially, verify that proxy-state attributes are logged and that values are correct. Session logs to be exchanged along with a copy of the test plan used (for username/time resolution per test). Service Failure Tests Implicit Logout Test Verification Result 2 Disconnect Wireless LAN card or turn off computer while connected. Wait a set time. Re-insert card or turn on computer. Accounting should show a closed session and user should have no network access. Inactivity Logout Test Verification Result 2 Version 3.1 Page 13 of 15

The WLAN connection is left idle, an automatic log-off should happen after a pre-determined time. Absence time-out. User Experience Tests Login Page Test Result (Yes/No) Help Page Test Result (Yes/No) Start Page Test Result (Yes/No) User s welcome page is displayed after association to network. Help-page displayed by clicking on link at Login page. Local Start-page and session window are displayed after successful login Unsuccessful Login Test Result (Yes/No) Error message shown after unsuccessful login. Successful Login Test Result (Yes/No) Logout method is clearly displayed after successful login. Version 3.1 Page 14 of 15

Logout Confirmation Test Result (Yes/No) Logout confirmation is displayed after explicit and inactivity logouts. Version 3.1 Page 15 of 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback