Fast track guide to Visited-only service

Download as PDFDownload as PDF

Created 4/06/2021

Fast Track Guide to implementing an eduroam Visited-only (Wi-Fi for guest visitors) service. This document has been produced in response to the initative to encourage deployment of eduroam services alongside existing govroam services. It can nevertheless be used as guide for any organisation wishing to deliver a visitor-only service, for instance NHS Hospital Trusts, conference venues or for organisations wishing to take a first visitor-only step towards a full Home and Visited service.

Reference should be made to the Implementation Roadmap for guidance on each stage  The sections relating to setting up a Home (IdP for you own users) are skipped. There are links below for each step of the prococess, but please ensure that at each step your deployment complies with the Technical Specification

  • If you are planning a joint eduroam and govroam service, decide on the model for your implementation section 1 (Nb switch references eduroam <-> govroam!)

  • Install RADIUS servers/adapt existing deployment and peer the server with the eduroam(UK) national RADIUS proxy servers (NRPSs) section 6 and section 8

  • Configure your firewall to permit your RADIUS servers to interoperate with the eduroam(UK) national proxy RADIUS servers section 9

  • Create an eduroam network service/VLAN providing access to the internet that your visitors will be connected to once authenticated section 11 and 12

  • Configure your APs to broadcast the eduroam SSID, supporting WPA2 Enterprise – wherever you wish to provide the services over your estate section 11

  • Set up the APs/WLC to peer with your RADIUS servers to forward authentication request from devices associating with the eduroam SSID section 11           

  • Configure your RADIUS servers to forward requests to the NRPS (for onwards forwarding and authentication) section 10

  • Configure your APs/WLC to connect authenticated eduroam users to your eduroam network service/VLAN section 11

  • Ensure your RADIUS and DHCP logging meets specified requirements section 16

  • Test and validate your service section 15 and 19

  • Assert service compliance on eduroam(UK) Support server and advertise your eduroam service (including a link to on your web site