• Home |
• Products |
• Support |
• KB

Welcome to CDRouter version 3.1!

What's new since version 3.0:

  CDRouter-IKE
  ------------

  * CDRouter-IKE is now available as a separate add-on for CDRouter. 
    CDRouter-IKE adds IKEv1 based VPN testing to CDRouter for devices 
    that support IKE based VPNs. Current test coverage includes

	IKEv1 (IKEv2 under development)
	IKE Main Mode, Aggressive Mode, and Quick Mode
	Encryption: DES, 3DES, AES-128, AES-196, AES-256
	Authentication: SHA1, MD5
	Diffie-Hellman Groups: 1, 2, 5, 14-18
	Pre-shared key authentication
	Up to 4096 site-to-site tunnels
	50+ test cases

    Please visit http://www.qacafe.com/cdrouter/cdrouter-ike.htm
    for more details on CDRouter-IKE.

  
  EAP-SIM and EAP-AKA
  -------------------

  * CDRouter now supports EAP types EAP-SIM and EAP-AKA for wireless 
    interfaces. The new EAP types allow the testing of access point 802.1x
    functionality using the same EAP types found in UMA clients. CDRouter
    contains both the EAP-SIM and EAP-AKA client functionality as well
    a back-end RADIUS support for EAP-SIM and EAP-AKA.

    To configure EAP-SIM or EAP-AKA, set the testvar eapType for each
    wireless LAN interface to either eap-sim or eap-aka.
   
    Example:

       testvar eapType eap-sim


   New PPPoE test case
   -------------------

   A new test case has been added to the pppoe-c.tcl module to verify
   PPPoE client recovery when the PADS packet is never received from
   the PPPoE server due to a packet drop or potential BRAS error.

   TEST 16: PPPoE client recovers if PPPoE server drops PADR from PPPoE client
   MODULE: pppoe-c.tcl 
   NAME: cdrouter_pppoe_client_300 



   New dns.tcl module
   ------------------

   CDRouter now includes a dns.tcl for new DNS proxy test cases. It 
   currently contains tests for AAAA/IPv6 lookups and DNS failover
   based on DNS error codes. Both are explain below in more detail.


   DNS proxy support can also be configured using the testvar
   supportsDnsProxy. If the router will forward DNS queries sent 
   directly to its IPv4 address on the LAN, the testvar 
   supportsDnsProxy should be set to 'yes'. It should be set to 
   'no' otherwise. If DNS Proxy support is set to no, any tests that
   require DNS proxy functionality will be skipped. The default
   value for testvar supportsDnsProxy is 'yes'.

   Example:
     
       testvar supportsDnsProxy yes


   DNS Support for AAAA/IPv6 Lookups
   ---------------------------------

   * CDRouter contains two (2) new tests for IPv6 DNS lookups using AAAA
     records. These test cases help verify that the router does not 
     prevent IPv6-to-IPv4 failover techniques from working through the
     router. These tests will only be run if the router supports
     a DNS proxy.

     TEST 321: Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server
     MODULE: dns.tcl 
     NAME: dns_40 

     TEST 322: Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover
     MODULE: dns.tcl 
     NAME: dns_41 


   New DNS Proxy Failover
   ----------------------

   * CDRouter contains 2 new tests to verify that DNS proxy functionality 
     will fail over from a primary DNS server to a backup DNS server based
     on a non-zero error code in the DNS response. One test case looks
     a DNS responses from a non-authoratative DNS server. The other looks
     at responses from an authoratative DNS server.

     TEST 323: Verify DNS failover when non-zero error codes are received in non-authoritative DNS response
     MODULE: dns.tcl 
     NAME: dns_45 

     TEST 324: Verify DNS failover when non-zero error codes are received in authoritative DNS response
     MODULE: dns.tcl 
     NAME: dns_46 


     DNS clients based on windows and unix OSes have different failover 
     behavior for each error code. However, all of these clients
     normally failover on some non zero error codes. The specific 
     error codes that cause failover may be configured using the 
     testvar dnsFailoverAuth and dnsFailoverNonAuth. If no DNS error 
     codes will  cause failover, the dnsFailoverAuth and 
     dnsFailoverNonAuth testvar should be configured with 'none'.

        Example:

        # to match the behavior of "bind" based DNS clients
        testvar dnsFailoverAuth "2 4 5"
        testvar dnsFailoverNonAuth "2 4 5"

        # to match the behaior of windows XP
        testvar dnsFailoverAuth "1 2 4 5 6 7 8 9 10 11 12 13 14 15"
        testvar dnsFailoverNonAuth "1 2 4 5 6 7 8 9 10 11 12 13 14 15"
 
        # no failover on any DNS error
        testvar dnsFailoverAuth none
        testvar dnsFailoverNonAuth none

     NOTE: This test is only run if the router supports a DNS Proxy/Relay.
     See the new testvar supportsDnsProxy.
 

   RADIUS client testing for 802.1x
   --------------------------------

   * CDRouter 3.1 contains a new eap-radius.tcl test module for testing
     the router's RADIUS client for 802.1x sessions. The new test module 
     contains 12 new test cases. This test module verifys the RADIUS client
     behavior when the router is also acting as an 802.1x authenticator
     for WPA-RADIUS clients, dynamic WEP clients, or 802.1x clients.


     TEST 249: Verify authenticator sends EAP-Success after receiving Access-Accept
     MODULE: eap-radius.tcl 
     NAME: eapradius_1 

     TEST 250: Verify authenticator sends EAP-Failure after Access-Reject
     MODULE: eap-radius.tcl 
     NAME: eapradius_2 

     TEST 251: Validate common RADIUS attributes sent from authenticator
     MODULE: eap-radius.tcl 
     NAME: eapradius_5 

     TEST 252: Verify authentication fails if RADIUS secret is invalid
     MODULE: eap-radius.tcl 
     NAME: eapradius_6 

     TEST 253: Verify authentication fails if Message-Authenticator attribute is invalid
     MODULE: eap-radius.tcl 
     NAME: eapradius_7 

     TEST 254: Verify ID and authenticator are unique for each new Access-Request
     MODULE: eap-radius.tcl 
     NAME: eapradius_8 

     TEST 255: Verify authenticator sends EAP-Failure when no response from RADIUS in unauthenticated state
     MODULE: eap-radius.tcl 
     NAME: eapradius_9 

     TEST 256: Verify authenticator can reassemble EAP packets from many RADIUS eapMessage attributes
     MODULE: eap-radius.tcl 
     NAME: eapradius_10 

     TEST 257: Verify authenticator ignores RADIUS messages with invalid attribute list
     MODULE: eap-radius.tcl 
     NAME: eapradius_12 

     TEST 258: Verify authenticator ignores RADIUS messages without a Message-Authenticator attribute
     MODULE: eap-radius.tcl 
     NAME: eapradius_14 

     TEST 259: Verify authenticator sends canned EAP-Failure message when Access-Reject is received
     MODULE: eap-radius.tcl 
     NAME: eapradius_20 

     TEST 260: Verify authenticator sends canned EAP-Success message when Access-Accept is received
     MODULE: eap-radius.tcl 
     NAME: eapradius_21 


  BuddyWeb Updates
  ----------------

  * Log Message Controls

    BuddyWeb now gives you controls to change the logging levels used to
    create log files. From the Advanced Tab under "Log Messages" you
    can now:

         - configure the type of packet decode (none, summary, full)
         - enable or disable tracing specific protocols
         - include the protocol family in all trace messages