Fast track guide to Visited-only service
Created 4/06/2021
Fast Track Guide to implementing an eduroam Visited-only (Wi-Fi for guest visitors) service. This document was originally produced in response to the initative to encourage deployment of eduroam services alongside existing govroam services by local authorities. It can nevertheless be used as guide for any organisation wishing to participate in eduroam as a 'Service Provider' and deliver a visitor-only Wi-Fi service, for instance NHS Hospital Trusts, conference venues or organisations wishing to take a first visitor-only step towards a full Home and Visited service.
Reference should be made to the Implementation Roadmap for guidance on each stage https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap The sections relating to setting up a Home (IdP for you own users) are skipped. There are links below for each step of the prococess, but please ensure that at each step your deployment complies with the Technical Specification https://community.jisc.ac.uk/library/janet-services-documentation/eduroamuk-technical-specification
- If you are planning a joint eduroam and govroam service, decide on the model for your implementation https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-1 section 1 https://jisc365.sharepoint.com/:b:/s/PublicDocumentLinks/EYNd3t02k8hGhsEC8K2f338BnKEO5Nrm5b-0aJmdbWgwrw?e=Zxkneq (Nb switch references eduroam <-> govroam!) - if you are only going to provide eduroam, decide where on your network/cloud to host your RADIUS service
- Join the eduroam(UK) federation (free of charge) – provides access to the eduroam(UK) Support portal for system config/diagnostics https://community.jisc.ac.uk/library/janet-services-documentation/how-does-organisation-join-service
- Install RADIUS servers/adapt existing deployment, provision fixed public IP address, FQDN and DNS A record and peer the server with the eduroam(UK) national RADIUS proxy servers (NRPSs) https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-1 section 6 and https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-2 section 9
- Configure your firewall to permit your RADIUS servers to interoperate with the eduroam(UK) national proxy RADIUS servers https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-2 section 8 and https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-3 section 13
- Create an eduroam network service/VLAN providing access to the internet that your visitors will be connected to once authenticated https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-3 section 12
- Configure your APs to broadcast the eduroam SSID, supporting WPA2 Enterprise – wherever you wish to provide the services over your estate https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-3 section 12
- Set up the APs/WLC to peer with your RADIUS servers to forward authentication requests from devices associating with the eduroam SSID https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-3 section 12
- Configure your RADIUS servers to forward requests to the NRPS (for onwards forwarding and authentication) https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-2 section 10
- Configure your APs/WLC to connect authenticated eduroam users to your eduroam network service/VLAN https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-3 section 12
- Ensure your RADIUS and DHCP logging meets specified requirements https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-3 section 17
- Test and validate your service https://community.jisc.ac.uk/library/janet-services-documentation/implementing-eduroam-roadmap-part-3 section 16 and https://community.jisc.ac.uk/library/network-and-technology-service-docs/implementing-eduroam-roadmap-part-4 section 20 and https://community.jisc.ac.uk/library/network-and-technology-service-docs/technical-specification-requirements-checklists
- Assert service compliance on eduroam(UK) Support server and advertise your eduroam service (including a link to https://eduroam.org) on your web site https://community.jisc.ac.uk/library/janet-services-documentation/content-eduroam-service-infomation-web-page-guide