Documentation

On this page:

• Documentation for users
• Factsheets
• Putting the case for eduroam
• Case Studies
• Key Service Documentation
• Technical Guides and Trouble Shooting Flowcharts
• Guide to Content for your eduroam Information Web Page
• Material for Promoting eduroam at your Organisation
• Developing your eduroam Implementation
• Technical Sheets
• Presentations - Roaming what does it mean and how can you use it?
• Presentations - Networkshop 34

Documentation for Users

• Service User Guide (Word)  (pdf) - sets out information required for a visitor to a eduroam-enabled site to make use of their guest network(s), both in terms of the preparations they need to make before their visit and actions required when on site. It also describes the service policies and responsibilities incumbent upon an eduroam user. Document removed for revision.

• Connection Guide (pdf) - digest version of the User Guide, concentrating on how to connect to the eduroam service. Document removed for revision.

Factsheets

• Guest and Public Network Access (pdf) This factsheet covers the technical and policy issues involved in providing network access to visitors who come to an organisation merely to use its facilities and not 'in connection with the organisation’s publicly funded remit'. Nb such users are not allowed to use the JANET network, but organisations may if they wish provide Internet access for such visitors by using alternative connectivity.

• Managing Safety for Children and Other Vulnerable Guests in HE (pdf) This factsheet covers policy issues and guidance for the provision of network access for non-adult and other vulnerable visitors specifically at HE institutions. Nb The rules governing access at FE and schools are defined in specific law relating to these categories of institution.

Putting the case for eduroam

• eduroam Benefits - a toolkit for making the business case (pdf) - provides JANET-connected organisations with the information and tools to assess and develop their own business case for the implementation of eduroam. Organisations will be able to use this material, with suitable adjustments to suit individual circumstances, to build and develop their own business cases for the implementation of eduroam. We encourage interested organisations to cut and paste the relevant sections to suit their particular business case.

• Executive Summary - the eduroam service on JANET in a nutshell - a concise double-sided one page summary that can be used by IT staff to inform senior management about eduroam. This document states what the service does, includes a detailed schematic and lists the key benefits are and how these map on to typical institutional high-level strategic objectives.

• Management Briefing and Business Case (pdf) - an overview of the eduroam service on JANET for IT managers at JANET connected organisations.

Case Studies

• A Case Study in Complying with the Technical Specification (pdf) - a practical description of how University of Bristol implemented and complies with the Technical Specification.

• FreeRADIUS v2.0.2 Implementation to support eduroam at the University of Sussex (pdf) - a very detailed case study showing how the University of Sussex has implemented FreeRADIUS 2.0.2 with OpenLDAP and the necessary network infrastructure, based on HP AP 530 wireless access points and Procurve 2600 switches, to support the eduroam service on JANET. How compliance with the Tech Spec has been achieved is documented, including configuration scripts for EAP, realm handling, forwarding, attribute filtering, packet and database logging and log rotation. Sections on the configuration of HP AP 530 wireless access points and Procurve 2600 switches are also included.

• Use of eduroam as the single primary ssid at Swansea University (pdf) - a detailed case study describing why and how in 2009 Swansea University reduced the complexity of their wireless network services with its multiplicity of ssids, by offering instead the simple system of a single primary network using the 'eduroam' ssid, with VLAN assignment carried out via the backend RADIUS system and a 'setup network' for new Swansea users providing instructions and access to the SU1X auto-configuration utility.

• Swansea University Case Study: Using the SU1X 802.1X Windows Deployment Tool (pdf) - a detailed case study describing why Swansea University developed their open source Windows native supplicant configuration deployment tool 'SU1X' and showcases its features and how it is used. The resulting effective increase in uptake of eduroam is highlighted.

• Automated 802.1X set-up for eduroam users at Bristol University using XpressConnect (pdf) - a detailed case study describing why and how Bristol University rolled out configuration of Windows native supplicant to its users using CloudPath XpressConnect.

Key Service Documentation

Technical Specification (Word)  (pdf)   - Technical Specification for organisations participating in eduroam. It is intended to comply with the requirements and best practices mandated at the time of writing by the eduroam Federation and in particular by TF-Mobility. JANET Roaming Policy (pdf) - outlines the minimum requirements placed upon all Roaming participants - organisations and users - to ensure that all parties can be relied upon to play their part in ensuring the service works effectively and securely. eduroam relies on trust between participants for it to function properly. To maintain this trust, it is essential that all participants adhere to this policy. Clarification of JRS Policy and Tech Spec Wording relating to Logging of Visitor Activity (pdf) - explains in detail the requirements on the Visited organisation relating to logging eduroam visitor network access authentication and activity. JANET Advisory: eduroam SSID broadcast Policy announcement (July 2010) - notification of Wi-Fi Alliance plans to phase out WEP and TKIP from Wi-Fi products and relaxation of JRS Tier 2 to permit WPA2-only eduroam networks in Tier 2. JANET Advisory: WPA/TKIP Obsolescence and Change to JRS Tier 2 Requirements (Sept 2010) - notification of Wi-Fi Alliance plans to phase out WEP and TKIP from Wi-Fi products and relaxation of JRS Tier 2 to permit WPA2-only eduroam networks in Tier 2. JANET Advisory: MS IAS and NPS Operator-Name RADIUS attribute issue (Nov 2010) - notification of critical issue affecting participants that have implemented Microsoft IAS and NPS ORPS - urgent action required. JANET Advisory: Measures to Improve the Stability of eduroam in the UK - includes a number of important recommendations; published guidance material to ensure conformance to the JRS Technical Specification and best practice; Q.A. testing; resilience of ORPS/implementation of a dual ORPS system; and employment of own-service operation monitoring systems. JANET Advisory: Injection of Operator-Name RADIUS Attribute (Aug 2011) - recommendation to carry out simple configuration tweaks to implement injection of Operator-Name at all sites running FreeRADIUS and Radiator ORPS.

 

Technical Guides and Trouble Shooting Flowcharts

• Campus Deployment Guide - guides the deployment process of an organisation joining eduroam, from a 'high altitude' overview of the service down into the finer detail of application configuration.

• IEEE 802.1X Implementation at JANET-Connected Organisations (pdf)

• Overview of eduroam (http) - provides a high level technical overview of how the service works and what organisations and users must do in order to implement and use the service.

• JANET Roaming Pamphlet - introduces eduroam, what is it, benefits, what is required to use and deploy, how it works, further information links.

• Security Measures Factsheet (pdf) - describes the security measures designed into the eduroam on JANET and how organisations should make use of them to ensure the security of their visitors' computers and their own networks.

• Inter-NREN Roaming Infrastructure & Service Support Cookbook (pdf) This is the third edition of the comprehensive guide to eduroam technology and infrastructure. It includes practical examples of RADIUS server software configuration. Produced and published by GEANT2.

• JANET Technical Guide: Network Access for Guests (pdf) This guide has been written with the aim of helping organisations wishing to provide access to JANET for their guests to do so safely. Since it is not possible to provide a standard recipe that will be suitable for everyone, the guide first reviews the objectives that must be met, then considers a range of tools that can be used to achieve those objectives, and finally presents case studies from a number of JANET-connected organisation.

• SU1X 802.1X Windows Configuration Deployment Tool - to complete your eduroam network, the use of the SU1X Windows 802.1X configuration deployment tool will be invaluable in ensuring accurate, trouble-free configuration of users' Windows devices for Wi-Fi, EAP and certificate settings.

• JRS eduroam Administrators trouble shooting flowchart (best printed at A3 size) (pdf) - troubleshooting flowchart to help JRS Administrators solve eduroam implementation problems. This is not a step-by-step guide to the whole implementation process, instead it aims to point system administrators trying to implement eduroam towards common RADIUS-centric issues and to help the administator in troubleshooting their eduroam infrastructure to resolve difficulties. Print this at A3 size for best results.

• eduroam IT Support staff trouble shooting flowchart (best printed at A3 size) (pdf) - troubleshooting flowchart to help IT Support staff solve user connection and authentication problems. This is not a step-by-step guide to the setup of all available supplicants, instead it aims to point support staff towards common user-centred issues and to guide staff in troubleshooting their eduroam infrastructure to resolve difficulties for both own organisation users when roaming and visitors to the organisation. Print this at A3 size for best results.

• Joiners Documentation Pack (pdf) - essential documentation pack for eduroam technical administrators at organisations that are new to eduroam.

Guide to Content for your eduroam Information Web Page

An eduroam information page or section on your organisation's web site is a key element in encouraging uptake of the service by your students, staff and visitors. The web information should contain the key points to enable use of the eduroam service at your site. This is mandatory requirement of the eduroam Tech Specification.

• eduroam Information web page content guide (pdf) [Word version].

Promotional Material for Participating Organisations

Promotional material is freely available to help effectively promote eduroam within participating organisations and to advertise where eduroam is available within the organisation. Material is available to assist with the following:

• General advertisement of the service on campus and for inclusion on your eduroam information web pages

• Advertisement of the specific locations at which eduroam service is available on site

• Education of staff and student userbase about the benefits and usage of the service

 

Developing your eduroam Implementation

• Project Initiation Document template: Moving to a single service SSID: eduroam (pdf) [Word version] - template for PID to support move to a single 'eduroam' SSID production network.

• Executive Summary: Moving to a single primary SSID 'eduroam' for the main service network (pdf) [Word version] - template for the Business Case / Executive Summary to support the move to a single primary SSID 'eduroam' for the production network.

• Using eduroam as the single primary ssid (pdf) - a detailed case study describing why and how Swansea University reduced the multiple ssid complexity of their wireless network services by offering instead the simple system of a single primary network using the eduroam ssid, with VLAN assignment carried out via the backend RADIUS system and a 'setup network' for new Swamsea users providing instructions and access to the SU1X auto-configuration utility.

Technical Sheets

• NEW! Monitoring FreeRADIUS ORPS Using Monit (pdf) - this document describes how to utilise the open source Monit software to monitor the radiusd daemon on your FreeRADIUS ORPS, and shows how it can provide an effective monitoring, alerting and management service at little cost. Monitoring the ORPS is a key component of an effective eduroam service deployment since it is essential that the ORPS is up and running at all times. Not only will your own users be affected if the server dies, but the ORPS is an integral part of the fabric of the federated eduroam service and an off-line server can have an adverse affect on the whole UK service.

• Filtering RADIUS Attribtues with Microsoft IAS and NPS - a general introduction to RADIUS attribute usage in relation to VLAN assignment, the problems that can arise when users visit non-home sites when attribute filtering is not in place, the specific difficulties presented by Microsoft's approach to attribute handling in IAS and NPS and how to effectively implement attribute filtering with MS IAS/NPS.
• Using Certificates Issued by the JANET SCS with MS IAS (Word) - nine page technical documentation detailing how to use JANET SCS-issued certificates with MS Internet Authentication Service. Generation of certificates, configuring of MMC, importing certificates and configuration of IAS remote access policies are covered.

• IEEE 802.1x - three page JANET technical sheet on 802.1x outlining how it works , descibes message exchange making use of diagrams and listing currently available supplicants together with their main features and applicability.

• Extensible Authentication Protocol (EAP) - three page JANET technical sheet on EAP, describing how it works, EAP types and implementation considerations.

Presentations

All presentations below are in pdf format.

Networkshop 38 Manchester March 2010

• JANET Roaming Futures - Dr. Alan Buxey

Presentation to MRC London March 2010

• Introduction to eduroam - what it is, how it works, what are the benefits

UCISA Event: Roaming - what does it really mean and how can you use it?

Trinity House London November 15 2006

• Introduction Ian Griffiths, UCISA-NG Chair

• Implementing eduroam, Josh Howlett, University of Bristol

• 802.1x - What is it and why do you want it? Phil Mayers, Imperial College

• 2nd Generation Wireless Justin Rowling, Cisco

• Security of JANET Roaming mobile devices, Andrew Brimson, Khipu Networks

• Case Study 1 of eduroam Implementation, Martin Crook, University of Plymouth

• Case Study 2 - Implementing the roaming service as a consortium, Alan Buxey, Loughborough University

• Eduroam: The Good, The Bad and The Ugly, Brian Gilmore, University of Edinburgh

Got anything to say or debate following on from the above? Why not post your comment on the JISCmail eduroam list?

Post to list - JANET-Roaming post to list

Join list - JANET-Roaming join list

eduroam Participants technical only - JANET-Roaming-Support

 

JISC Federation Showcase July 2006

• Introduction to the eduroam service

 

Networkshop 34 April 2006

• 802.1X Workshop

• Enabling eduroam at your Organisation

• Deploying 802.1X for eduroam

 

 

 

Any problems, comments or suggestions regarding this page, please e-mail the e-mail the eduroam service manager.