Rita, We wrote about this very concern in our FAQ You can find it at https://www.incommon.org/eduroam/faq.html#q1
We are actually missing a very important aspect in our FAQ the was highlighted by Hunter, Chuck, and others. If you only run eduroam as Identity Provider (IDP) your users have no way to configure devices before they travel. On the help desk side of things, if you do not run eduroam as an Service Provider (SP) on your campus you will most likely end up with many help desk calls from your own users trying to figure out how to configure various devices. Many of them may be in different time zones which will generate a lot of frustration for all. If you turn eduroam as a Service Provider your help desk should get many hits since eduroam requires users to first contact their home institution first in case of problem. Best, Philippe Philippe Hanset, CEO www.anyroam.net www.eduroam.us +1 (865) 236-0770 GPG key id: 0xF2636F9C > On Apr 19, 2018, at 11:13 AM, Chuck Anderson <[email protected]> wrote: > > We onboard both eduroam and WPI-Wireless with EAP-TLS certs via CloudPath. > It doesn't matter which one our own clients connect to, since they provide > the same access to our own users. Guests get a different VLAN when they > connect to our local eduroam SP. > > We haven't yet gone down the path of retiring our "vanity" SSID. > > On Thu, Apr 19, 2018 at 09:18:11AM -0400, Christina Klam wrote: >> Like many of you, we started with three campus wide SSIDs: a vanity/branded >> WPA2-Enterprise, a branded open guest, and eduroam. At the end of the first >> year, we reduced to just eduroam and our guest. By using the domain portion >> in the username ([email protected]), radius assigns users to specific VLANs. >> If they are not from @ias.edu, they get assigned to a "guest permission >> leveled" VLAN which only has access to the Internet and some specific campus >> devices (like projectors). If they are from @ias.edu, they are given >> greater privileges on campus like access to library resources. >> >> >> In terms of help desk calls, we received fewer once we de-cluttered our SSID >> space. If we were to do this again, we would just start with just eduroam >> and guest. >> >> BTW: Everyone should use the same spelling of eduroam. There are no >> capital letters in the SSID. >> >> --Christina Klam >> >> ----- Original Message ----- >> From: "Alexandre Adao" <[email protected]> >> To: [email protected] >> Sent: Wednesday, April 18, 2018 11:42:04 PM >> Subject: Re: [WIRELESS-LAN] Eduroam - 3 questions >> >> 1- Currently, we have SSID's MSU-Secure, Guest-Users and EduRoam. We may >> move forward to one or two SSID's later one. Our Radius are not configured >> as connector. >> >> 2. The EduRoam deployment is not that difficulty. It depends what type of >> Radius Server you are using. >> >> 3. To minimize the Help Desk calls, ensure that the student/Faculty >> authenticate EduRoam with their full e-mail address (account >> [email protected]), locally. Because it will be the same credentials >> format when they are visiting other educational entities. >> >> --Alex Adao >> >> >> >> On Wed, Apr 18, 2018 at 9:19 PM, Davis, Kevin <[email protected]> wrote: >> >>> I just wanted to say “ditto” to what Chuck said, but with an underscore: I >>> would recommend you consider the value of making eduroam your primary >>> campus SSID. Just having it on campus doesn’t ensure anyone will use it or >>> understand what it means. (“If I have DavidsonSecure or eduroam, why would >>> I ever want ‘roaming’ if I could be on the Davidson network?”). OTOH, if >>> it’s the network they use daily, they’re always ready to use it. >>> >>> A number of colleges have moved away from vanity-named SSIDs to having >>> eduroam as their main or only wifi network on campus. Davidson is moving in >>> that direction this summer, retiring our legacy SSID, and we are by no >>> means an early mover on this. >>> >>> Kevin >>> >>> -- >>> Kevin Davis >>> Deputy CIO & Director, Core Services >>> Davidson College Technology & Innovation (T&I) >>> >>> >>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv < >>> [email protected]> on behalf of "Enfield III, Charles >>> Albert" <[email protected]> >>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv < >>> [email protected]> >>> Date: Wednesday, April 18, 2018 at 7:25 PM >>> To: "[email protected]" <WIRELESS-LAN@LISTSERV. >>> EDUCAUSE.EDU> >>> >>> Subject: Re: [WIRELESS-LAN] Eduroam - 3 questions >>> >>> Hi Rita, >>> >>> >>> I too would encourage you to provide the eduroam SSID at your institution, >>> but I'll give you a selfish reason to do it. Supporting your users once >>> they're already at another campus ranges from difficult to impossible. If >>> you want eduroam to be easy to support, then you want your users to test it >>> before they travel. If it works when they're on your campus you're >>> basically home free. >>> >>> >>> Chuck >>> >>> >>> ------------------------------ >>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv < >>> [email protected]> on behalf of Hunter Fuller < >>> [email protected]> >>> *Sent:* Wednesday, April 18, 2018 7:05 PM >>> *To:* [email protected] >>> *Subject:* Re: [WIRELESS-LAN] Eduroam - 3 questions >>> >>> 1. I'm not sure if this is permitted by their policy, but if so, could I >>> convince you not to do it? I'd love it if my constituents' connections >>> worked with no setup at your institution, just like your constituents' >>> connections will do at mine, once you join eduroam as an IdP. >>> Also, there's another gotcha. If you don't have eduroam as an SP locally, >>> your users have no way to test before they travel. >>> >>> 2. Yes. For sure. >>> >>> 3. It would be great if one of your tiers of troubleshooting knew how to >>> access the eduroam portal to make sure authentications are reaching your >>> institution when your constituents travel. If they are, you just >>> troubleshoot it like any other RADIUS auth. >>> You also need to know to direct your campus visitors to their home >>> institution for assistance, assuming their auth is making it out of your >>> campus already. >>> >>> Mostly it's just RADIUS, but with that extra bonus functionality of >>> roaming thrown in. >>> >>> On Wed, Apr 18, 2018 at 17:37 Rita Schnepp <[email protected]> >>> wrote: >>> >>> Anyone using EDUROAM? We are thinking about deploying it at our Pepperdine >>> Malibu Campus in particular for our students/faculty travelling in >>> Europe...and all over the US. We have 3 questions from an "admin's" >>> perspective: >>> >>> 1) Can we make our main, authenticating campus which houses the RADIUS >>> server just a Connector (and not an SP). The reason we want this is that >>> we don't want to be an SP at our main Malibu Campus because we already have >>> WIFI guest access via another method. Has anyone done this? >>> >>> 2) From our WiFi and Radius tech's perspective, was it as easy to deploy >>> as Internet2/Eduroam says it is on their website? >>> >>> 3) How shall we prepare our Help Desk for EDUROAM? What kinds of calls >>> will they get? >>> >>> Thanks. >>> >>> Rita >>> >>> -- >>> *Rita Schnepp, PMP, Director, IT Project Management Office* >>> Pepperdine University > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
