Matt, To add to what people have already mentioned on the list: If you already have a working 802.1X implementation, the work on the RADIUS server to become eduroam enabled is really basic. (instructions are located on the website www.eduroam.us<http://www.eduroam.us> for various RADIUS flavors. Those instructions are community driven.) Some schools were eduroam enabled on the IdP (Identity Provider) side in less than 2 hours.
On the network side (enabling the SSID to become a SP, Service Provider) it's all about picking subnets, making firewall rules, and advertise the SSID. One school did a really quick shortcut in network configurations (I forgot who it was) by routing all institution's eduroam users to its current secure SSID network, and all of its eduroam visitors to its current visitor SSID network (VLAN assignments in the controller). They had to bypass the need for the web portal on the visitor side and make sure that local clients joining eduroam use the full REALM (user@domain) to be ready when they travel (a RADIUS config change). Best, Philippe Philippe Hanset www.eduroam.us<http://www.eduroam.us> On Nov 4, 2013, at 8:56 AM, Matt Williams <[email protected]<mailto:[email protected]>> wrote: Thanks for all of the input. I appreciate it. From what I'm hearing it seems like it is no more time intensive than any other service. I'll be sure to pass all of this along. Thanks, again. Respectfully, Matthew "Will" Williams Assistant Director, Networking Bucknell University 570.577.1491 On Mon, Nov 4, 2013 at 7:31 AM, Tim Cappalli <[email protected]<mailto:[email protected]>> wrote: Same here at 'Deis. A Brandeis user connecting to eduroam is treated exactly the same as they would be if they were connecting to our legacy branded secure network. We are using a lot of role-based magic from AD and enterprise LDAP. Also, there are some tweaks you can do in RADIUS to allow non-user devices to connect to eduroam with an "@fqdn" account (as long as they aren't expected to leave campus: Cisco wireless phones, wireless printers, ticket readers, etc) Tim Cappalli, Network Engineer LTS | Brandeis University x67149 | (617) 701-7149<tel:%28617%29%20701-7149> [email protected]<mailto:[email protected]> -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Julian Y Koh Sent: Sunday, November 03, 2013 9:58 PM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] Eduroam rollout- one more time On Nov 1, 2013, at 11:34 , Lee H Badman <[email protected]<mailto:[email protected]>> wrote: > > Go the easy path, and push it the Eduroam SSID everywhere, as an additional WLAN, and live with the fact that it won’t get a lot of use in most places and puts management traffic in the air that isn’t generally going to be used. This is what we did at NU. We do some role-based stuff on the back end such that if an NU person connects to eduroam, they get the same IP addressing and setup as if they use our regular 802.1X SSID. -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780<tel:847-467-5780> NUIT Web Site: <http://www.it.northwestern.edu/> PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
