JRS Home | About JRS/how JRS works | Map - where you can use JRS eduroam
Using JRS | Documentation | Technology/FAQs | Technical Support | How to Join
About JANET Roaming
On this page:
- About JANET Roaming
- How Roaming Works
- An Overview of the JANET Roaming Service
- Using JANET Roaming
- Implementing JANET Roaming
JANET Roaming
JANET Roaming is part of the eduroam federation (www.eduroam.org) in which the UK, 22 other European countries, Australia and Taiwan have collaborated to provide international RADIUS proxy authentication facilities.
How Roaming Works
- 802.1X
http://www.terena.nl/activities/tf-mobility/deliverables/delD/DelD_v1.2-f.pdf
Web Redirect
http://www.terena.nl/activities/tf-mobility/deliverables/delF/DelF-f.pdf
An Overview of the JANET Roaming Service
Introduction
The JANET Roaming Service allows visitors from any participating organisation to use credentials provided by their Home organisation to gain network access at a Visited organisation. It facilitates a range of network access scenarios, ranging from casual visits and meetings to large conferences and classroom sharing. This document provides an overview of the most important participation requirements.
A participating organisation may act as either a Home organisation or as a Visited organisation or both, at their discretion.
General Requirements for both Home and Visited Organisations
- Deploy an Organisational RADIUS proxy server (ORPS)
Each participant must deploy an ORPS. The ORPS is a RADIUS server that provides the interface between participants' RADIUS systems and the National RADIUS proxy servers (NRPS) operated by JANET(UK). Two or more ORPS may be deployed to improve service resilience.
Home Organisation Requirements
- Configure the RADIUS server to authenticate their own users with the PAP and EAP protocols
Home organisations must deploy a RADIUS server to authenticate their own users using PAP and any suitable EAP method (such as TLS, TTLS or PEAP). The RADIUS authentication server may also act as the ORPS.
Visited Organisation Requirements
- Configure the RADIUS server and implement authentication mechanism for visitors
JANET Roaming specifies three service tiers: JRS1, JRS2 and JRS3. Participants that choose to be a Visited organisations must implement one of these tiers, at their discretion. The differences between the tiers are shown in Table 1 below.
| Service tier | Authentication method | NAT | IPv6 | WEP | WPA | WPA2 | SSIDs |
| JRS1 | Web redirect | May | May | Not applicable | eduroam | ||
| JRS2 | IEEE 802.1x | May | May | Must (either WEP or WPA) | May | eduroam or eduroam-wep | |
| JRS3 | IEEE 802.1x | Must not | Must | Must not | May | Must | eduroam |
Table 1 - Tier requirements for Visited organisations
- Permit the forwarding of certain IP protocols
Visited organisations must permit egress and established forwarding of the protocols listed in Table 2 below.
| Description | Protocols | Description | Protocols | Description | Protocols |
| IPv6 tunnel broker | UDP/3653 & TCP/3653 | HTTPS | TCP/443 | POP3S | TCP/993 |
| IPSec NAT traversal | UDP/4500 | LDAP | TCP/389 | Passive (S)FTP | TCP/21 |
| Cisco IPSec NAT traversal | TCP/10000 | IMSP | TCP/406 | SMTPS | TCP/465 |
| PPTP | IP 47 & TCP/1723 | IMAP4 | TCP/143 | Submit | TCP/587 |
| OpenVPN | TCP/5000 | IMAP3 | TCP/220 | RDP | TCP/3389 |
| SSH | TCP/22 | IMAPS | TCP/993 | VNC | TCP/5000 |
| HTTP | TCP/80 | POP | TCP/110 | Citrix | TCP/1495 |
Table 2 - Minimum requirements for egress and established forwarding of protocols
Using JANET Roaming
JANET Roaming can be used from users' own laptops over wireless networks or via hardwired desktop PCs and MACs (for example in IT suites or libraries) that have been suitably configured. JANET Roaming can be used at Visited organisations and in many cases at Home organisations too.
End-users at customer organisations which have deployed JANET Roaming should consult their IT Support dept. for one-off setup of their laptops prior to travelling to Visited sites providing the JANET Roaming service. They will also be able to learn what facilities at the Home Organisation site are offered for remote access from Visited Organisations, (eg. e-mail, VPN). This information should be available on the JANET Roaming pages of the Home Organisation web site, which can be found on the Participating Organisations Map by hovering over your city blob.
Users MUST also check the Participating Organisations Map to check that their laptop setup is compatible with the authentication method offered by the Visited Organisation and to learn the SSID which they must input into their laptop.
Once at Visited JANET Roaming sites, end-users will be able to log on to the guest network by using their unique credentials (the same for all sites they might visit) - these are their own home organisation username and the organisation realm name in the form: username@foo.ac.uk. (Nb. this is NOT necessarily the user's e-mail address). Users will be able to do this at JANET Roaming enabled hotspots at the Visited sites, which should be marked "JANET Roaming", "JRS" or "eduroam".
Users experiencing any technical problems with the Roaming service or with remote access facilities provided by their Home Organisation, should in the first instance consult their Home Organisation IT Support dept.
Also see JANET Roaming Service User Guide and JANET Roaming Service Connection Guide.
UNINETT website "How to connect to an eduroam site" - useful configuration guide and technical information for users
Implementing JANET Roaming
Follow link for a step-by-step guide to implementing JANET Roaming - Implementing JANET Roaming Roadmap.
Any problems, comments or suggestions regarding this page, please e-mail the JANET Roaming service manager.