Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This section provides general advice regarding eduroam deployment on a wireless LAN. It does not include information on general WLAN network planning and setup, it only covers topics essential to deploying eduroam on an already setup wireless LAN. 

...

Obligations of eduroam SPs

The basic requirement for and eduroam SP is that the underlaying WLAN must be able to support IEEE 802.1X authentications, WPA2/AES support and, if you also want other networks, multi-SSID support. This is usually the case with today's network equipment. If you want to distinguish traffic beloning to the eduroam network from other traffic, you also need to deploy VLANs in your network.

For eduroam, you need to add information of the RADIUS server that you will be using to your WLAN controller (or stand-alone access point). As a pure eduroam SP, the RADIUS server in question is likely the one of your national federation. If you are both an eduroam IdP and an eduroam SP, the RADIUS is your own RADIUS server. You will need to add the IP address of the RADIUS server as well as the shared secret, which is basically a string of characters that has been agreed on by you and the operator of the RADIUS server. You may also have to add information about the ports to use, which are 1812 for authentication and 1813 for accounting.

...

In order to check which ports should be open for the eduroam end users, please check out the eduroam Policy Service Definition document, particularly Chapter 6.3.3.

Set up of WiFi hotspots

All of the solutions presented below support the basic requirements for an eduroam SP: support for IEEE 802.1X authentications, WPA2/AES support. When deploying eduroam, deployers often want to make use of additional features such as multi-SSID support, dynamic VLAN assignment and others. Every section contains a table with a short overview of their support of such additional useful features.

Cisco (controller-based solutions)

...

Feature

...

supported?

...

multi-SSID

...

yes

...

VLANs

...

yes

...

dynamic VLAN assignment

...

partial; not with IPv6

...

Cisco (stand-alone APs with IOS)

...

Feature

...

supported?

...

multi-SSID

...

yes

...

VLANs

...

yes

...

dynamic VLAN assignment

...

yes

Include Page3.2.63.2.6

Aruba

...

Trapeze (Juniper)

...

Fortinet (Formerly Meru)

...

Feature

...

supported?

...

multi-SSID

...

yes

...

VLANs

...

yes

...

dynamic VLAN assignment

...

yes

...

Lancom

...

Feature

...

supported?

...

multi-SSID

...

yes

...

VLANs

...

yes

...

dynamic VLAN assignment

...

yes

...

Apple AirPort Express

...

Feature

...

supported?

...

multi-SSID

...

no

...

VLANs

...

no

...

dynamic VLAN assignment

...

Set up of networking equipment in the network core

...