Service Providers – Self-implementation
If you have chosen to offer eduroam to students, teachers, researchers and employees in the research and education sectors through your own IT resources, find out how to do so below.
Step 1 – Set up a local WiFi infrastructure
In order to enable authentication of eduroam users, you must first install one or more access points (hotspots) on your own network, if not already installed, and second configure the WiFi equipment so that it meets the following requirements.
- Support for the IEE 802.1x ‘Higher Layer LAN Protocols Working Group’ protocol.
- Broadcasting an eduroam SSID (Service Set Identifier).
- Use of WPA2/AES encryption.
- Enable automatic Internet access for authenticated users.
Step 2 – Set up a RADIUS server
Communication to the eduroam network is based on the RADIUS protocol.
- Connect your hotspot(s) to a RADIUS authentication server.
- Open the firewalls for traffic from the WLAN equipment (AP/Controller) to Restena’s servers on UDP port 1812 and UDP port 1813
→ For more information on the configuration, please visit the eduroam SP webpage of the GEANT Association wiki.
Advice!
FreeRADIUS is the most commonly used RADIUS server in eduroam Luxembourg. It is very versatile and available for free under the GPL license.
→ For more information, visit https://freeradius.org
Step 3 – Read and sign the eduroam policy
To definitely validate your access to eduroam, your institution must accept the ‘eduroam Luxembourg policy’.
The duly completed and signed document is to be sent by email to feedback@eduroam.lu or by post to the Restena Foundation.
It is now up to you to manage your users in your own infrastructure.
Welcome to the international eduroam community!