Fast track guide to Visited-only service

Download as PDFDownload as PDF

Created 4/06/2021

Fast Track Guide to implementing an eduroam Visited-only (Wi-Fi for guest visitors) service. This document has been produced in response to the initative to encourage deployment of eduroam services alongside existing govroam services. It can nevertheless be used as guide for any organisation wishing to deliver a visitor-only service, for instance NHS Hospital Trusts, conference venues or for organisations wishing to take a first visitor-only step towards a full Home and Visited service.

Reference should be made to the Implementation Roadmap for guidance on each stage https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap  The sections relating to setting up a Home (IdP for you own users) are skipped.

  • Decide on the model for joint provision of the eduroam and existing govroam services (*) 

https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-1 section 1  

https://jisc365.sharepoint.com/:b:/s/PublicDocumentLinks/EYNd3t02k8hGhsEC8K2f338BnKEO5Nrm5b-0aJmdbWgwrw?e=Zxkneq (switch references eduroam <-> govroam

  • Install RADIUS servers/adapt existing deployment and peer the server with the eduroam(UK) national RADIUS proxy servers (NRPSs) 

https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-1 section 6 and section 8

  • Configure your firewall to permit your RADIUS servers to interoperate with the eduroam(UK) national proxy RADIUS servers

 https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-2 section 9

  • Create an eduroam network service/VLAN providing access to the internet that your visitors will be connected to once authenticated

https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-2 section 11 and 12

  • Configure your APs to broadcast the eduroam SSID, supporting WPA2 Enterprise – wherever you wish to provide the services over your estate

https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-2 section 11

  • Set up the APs/WLC to peer with your RADIUS servers to forward authentication request from devices associating with the eduroam SSID

https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-2 section 11           

  • Configure your RADIUS servers to forward requests to the NRPS (for onwards forwarding and authentication)

https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-2 section 10

  • Configure your APs/WLC to connect authenticated eduroam users to your eduroam network service/VLAN

https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-2 section 11

  • Ensure your RADIUS and DHCP logging meets specified requirements

 https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-3 section 16

  • Test and validate your service

https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-3 section 15 and 19

https://community.jisc.ac.uk/library/network-and-technology-service-docs/technical-specification-requirements-checklists

  • Assert service compliance on eduroam(UK) Support server and advertise your eduroam service (including a link to https://eduroam.org) on your web site

https://community.jisc.ac.uk/library/janet-services-documentation/content-eduroam-service-infomation-web-page-guide