Would someone on the list please send me their freeRadius config for the realm based eduroam authentication? It will save me a lot of time. We are planning on spinning up eduroam in the near future and having unc.edu<http://unc.edu> tunnel to a staff vlan and non unc.edu<http://unc.edu> go to others. If you have some Aruba config snapshots that would be super duper as well :)
Ryan Turner Senior Network Engineer, ITS The University of North Carolina at Chapel Hill +1 919 274 7926 Mobile +1 919 445 0113 Office On Mar 10, 2014, at 12:43 PM, "Hanset, Philippe C" <[email protected]<mailto:[email protected]>> wrote: Linchuan, Patrick, If you use the solution from Frank Sweetser or Danny Eaton, you really don't care which SSID your own users are latched on your campus. Regardless of the SSID, make sure that your own users are being assigned to the same VLANs that they would be have been assigned had they joined the regular secure SSID from your University. When we talk to institutions about eduroam we tell them that there is really no need to create additional subnets if there is already a secure network and a visitor network on campus (unless some specific designs require so). You can assign users with @local-school to the secure subnets/VLANs and assign user with @everything-else to your visitor subnets/VLANs. And if you have a privileged relation with another neighboring campus you can also assign the secure VLANs to that REALM (@theneighboringcampuswithwhomwehaveaprivilegedrelation) of that campus. This method tends to make it easy on Firewall rules and subnet/VLAN creation. You have to mess around with your Wi-Fi management system (e.g. controller etc...) and your RADIUS though! This said...always make sure that you require the eduroam SSID to force the usage of the REALM (a condition that you can enforce in RADIUS), regardless if local or not! (we forgot to do that initially at UTK, and we ended up with travelers not having a great eduroam experience) Philippe Philippe Hanset www.eduroam.us<http://www.eduroam.us> On Mar 10, 2014, at 12:00 PM, Knee, Patrick <[email protected]<mailto:[email protected]>> wrote: We have the same issue, because our “main” SSID comes after eduroam (alphabetically, our main ssid begins with a “f”). From what we found, anyone that has both eduroam and the “main” SSID configured on a iPhone, or iPad, will latch to eduroam, and requires manual interaction to switch. >From my understanding, the best way to “correct” the issue is to re-name the >ssid so that it comes before eduroam. There may be other methods, but from what I recall, none are 100% certain of working. Patrick Knee Network Administrator Computing & Communications Memorial University www.mun.ca/cc<http://www.mun.ca/cc> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Linchuan Yang Sent: Monday, March 10, 2014 1:22 PM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] Question about the connection of iphone users (eduroam) Dear All Good morning. We noticed that most our iphone clients connect to the “eduroam” SSID automatically when they step into the campus (not our normal SSID for students, faculty, and staff). And the encryption and security settings are same between these two SSIDs. These clients have to manually change the wireless configuration on the iphones, and they can connect to our normal SSID. We are using Cisco WLCs, and other devices (e.g. laptops, Android, etc.) do not have this problem. Do you have the similar issue with your wireless network? Is there any connection strategies of iphone? Thank you, and have a nice day. Yours, Linchuan Yang (Antony) Wireless Networking Analyst Network Assessment and Integration, IITS-Concordia University Tel: (514)848-2424 ext. 7664 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
