We are just now starting down the eduroam path. We are a Cisco shop and currently have our controllers pointed towards xpressconnect to onboard/authenticate our students.
We currently have many interfaces on our controllers per building/SSID. We were thinking of collapsing many of those interfaces and have larger subnets and vlan tag the clients based on access we want to allow using the single "eduroam" ssid. So, for example, our local users will be placed in vlan 1 and eduroam users from different colleges would be placed in vlan 2 with internet only access. We have brought this up to our SE and VAR engineers and they are a little hesitant on this approach as they say the the subnets will be too large. But, as I understand it, the broadcast messages are suppressed at the controller. Xpressconnect only supports 1 vlan tag so we were looking at using free radius and create different realms and vlan tag the clients based on end of the username(ex: @xxxx.edu). We still have ACS at our disposal as we were using it very heavily before using xpressconnect, so we thought it may be an option to bring that back into the picture and use it to tag the clients. The answers I am looking to gain from this are: Do you have eduroam deployed as your primary SSID or in addition to your SSID's? Do you separate/tag your eduraom users? If so, how(acs/ISE/free radius, etc)? How big are your wireless subnets? Any opinions/suggestion/questions are welcome. Thanks again in advance. -- Tim Burns Junior Network Administrator 1 University Heights Asheville, NC 28804 828-232-5013 [email protected] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
