Linchuan, There is a big drawback to no letting your users join the local eduroam SSID. They won't be able to setup their devices while on campus before traveling. Having the concordia.ca<http://concordia.ca> users joining the eduroam SSID on campus will help them with two aspects of the connectivity: -Learn to use the REALM (user@reaml, in your case realm=concordia.ca<http://concordia.ca>) -Learn to load the proper RADIUS infrastructure certificate on their machine before traveling somewhere else
These two things alone could reduce your help desk calls quite a bit. If you do so, make sure to enforce the REALM requirement from your own users in your RADIUS config (we used to not enforce that at University of Tennessee and ended up with users not being able to use eduroam when traveling) What you can do (as explained by Steve and Julian) is to filter the concordia.ca<http://concordia.ca> users and put them in special VLANs. For instance: University of Tennessee, Knoxville assigns users with @utk.edu<http://utk.edu> credentials to the same VLAN pool weather they join the eduroam SSID or the ut-wpa2 SSID. The only difference between the two is that users joining eduroam have to use "[email protected]<mailto:[email protected]>" and users on ut-wpa2 can only use "netid" if they want. Have a good Weekend, Best, Philippe Hanset www.eduroamus.org<http://www.eduroamus.org> On Feb 15, 2013, at 3:24 PM, Linchuan Yang <[email protected]<mailto:[email protected]>> wrote: Dear All Do you use different radius servers for your local SSID and eduroam SSID? Currently, we are using the same radius servers for both of SSID, and we found that some of our local users login with eduroam SSID inside our campus. We want to block our local users (both [email protected]<mailto:[email protected]> and user123)to login with eduroam SSID, could you please explain how to modify the proxy.conf or other configuration files on Freeradius (Linux version)? Furthermore, we want to block [email protected]<mailto:[email protected]> to login with our local SSID, and let user123 login with our local SSID. Thank you, and have a nice weekend. Yours, Linchuan Yang (Antony) Wireless Networking Analyst Network Assessment and Integration, IITS-Concordia University Tel: (514)848-2424 ext. 7664 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
