Main Nav

I know this comes up frequently, so forgive me. We’re at a different place than we were at last inquiry…
 
Syracuse University has become an Eduroam school, and as we speak we have happy Eduroamers around the world. Woo Woo!
 
At the same time, we have yet to roll out Eduroam on our own campus and are getting ready to in accordance to the Eduroam agreement. We’re trying to figure out the best model:
 
  1. Retire our own beloved 802.1x SSID, and use Eduroam in its place. This has no favor with any of us, including our senior IT managers and so is not gonna happen. (Though I value the opinions of others, not wanting to get into a debate on this point J )
 
  1. Do a targeted rollout of Eduroam, in places where it is likely to be used by visitors- academic  buildings, etc. (So far, I can’t find evidence of anyone coming to SU and asking for it). This model requires building a new WLAN group or two and pushing it out to probably 20ish buildings out of our 200+ buildings.
 
  1. Go the easy path, and push it the Eduroam SSID everywhere, as an additional WLAN, and live with the fact that it won’t get a lot of use in most places and puts management traffic in the air that isn’t generally going to be used.
 
I can’t be the only one who has stood at this juncture and looked at the situation the same way. Wondering what others have done between #2 and #3, and what your level of satisfaction has been for whatever path you took.
 
 
Regards,
 
Lee Badman
Syracuse University
 
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

We have opted for door number 3, Lee. -- Daniel Eklund Network Planning Manager ITS Communications Systems and Data Centers University of Michigan 734.763.6389
Oh, and to answer your other question, this only just went into production, so I can't say how satisfied we are with it yet. -- Daniel Eklund Network Planning Manager ITS Communications Systems and Data Centers University of Michigan 734.763.6389

A very warm welcome to the club Lee.  :D

 

From now on there can be only one.  (SSID)

 

 

 

Cheers and a great weekend to all of you out there.

Anders Nilsson

Umeå university

SUNET Sweden

 

PS In Sweden we have eduroam on all major Airports. J

 

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För Lee H Badman
Skickat: den 1 november 2013 17:35
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: [WIRELESS-LAN] Eduroam rollout- one more time

 

I know this comes up frequently, so forgive me. We’re at a different place than we were at last inquiry…

 

Syracuse University has become an Eduroam school, and as we speak we have happy Eduroamers around the world. Woo Woo!

 

At the same time, we have yet to roll out Eduroam on our own campus and are getting ready to in accordance to the Eduroam agreement. We’re trying to figure out the best model:

 

1.       Retire our own beloved 802.1x SSID, and use Eduroam in its place. This has no favor with any of us, including our senior IT managers and so is not gonna happen. (Though I value the opinions of others, not wanting to get into a debate on this point J )

 

2.       Do a targeted rollout of Eduroam, in places where it is likely to be used by visitors- academic  buildings, etc. (So far, I can’t find evidence of anyone coming to SU and asking for it). This model requires building a new WLAN group or two and pushing it out to probably 20ish buildings out of our 200+ buildings.

 

3.       Go the easy path, and push it the Eduroam SSID everywhere, as an additional WLAN, and live with the fact that it won’t get a lot of use in most places and puts management traffic in the air that isn’t generally going to be used.

 

I can’t be the only one who has stood at this juncture and looked at the situation the same way. Wondering what others have done between #2 and #3, and what your level of satisfaction has been for whatever path you took.

 

 

Regards,

 

Lee Badman

Syracuse University

 

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Happy with #3
-Scott

-Scott

On Nov 1, 2013 12:34 PM, "Lee H Badman" <lhbadman@syr.edu> wrote:
I know this comes up frequently, so forgive me. We’re at a different place than we were at last inquiry…
 
Syracuse University has become an Eduroam school, and as we speak we have happy Eduroamers around the world. Woo Woo!
 
At the same time, we have yet to roll out Eduroam on our own campus and are getting ready to in accordance to the Eduroam agreement. We’re trying to figure out the best model:
 
  1. Retire our own beloved 802.1x SSID, and use Eduroam in its place. This has no favor with any of us, including our senior IT managers and so is not gonna happen. (Though I value the opinions of others, not wanting to get into a debate on this point J )
 
  1. Do a targeted rollout of Eduroam, in places where it is likely to be used by visitors- academic  buildings, etc. (So far, I can’t find evidence of anyone coming to SU and asking for it). This model requires building a new WLAN group or two and pushing it out to probably 20ish buildings out of our 200+ buildings.
 
  1. Go the easy path, and push it the Eduroam SSID everywhere, as an additional WLAN, and live with the fact that it won’t get a lot of use in most places and puts management traffic in the air that isn’t generally going to be used.
 
I can’t be the only one who has stood at this juncture and looked at the situation the same way. Wondering what others have done between #2 and #3, and what your level of satisfaction has been for whatever path you took.
 
 
Regards,
 
Lee Badman
Syracuse University
 
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Message from iam@st-andrews.ac.uk

We did #1, but we didn’t have .1x before that. My understanding is that most places that did went for #3.

 

Our biggest benefit of #1 is that eduroam “just works” for users who go away to other institutions, without them ever having to plan it, as it’s already set up.

 

--

ian

 

Message from caseb@purdue.edu

We were in the same spot with #1 and still are (since our main SSID has been .1x for a while). #2 was considered for the briefest of seconds but was quickly surpassed by #3 which was the quickest to implement. We’ve been happy with the rollout and it’s working well.

 

-Brandon

 

Message from dannyeaton@rice.edu

We’re in the same boat, Lee.  We’re essentially looking at the #3 option, as we’re moving to 2 pair of WiSM-2 in an HA cluster, which would be too complicated to squelch the SSID in certain buildings.  We like the branded SSID, so won’t be changing that.  We have an open-visitor SSID, as well for non-802.1x devices.  We have a mobility anchor partnership with a neighboring partner institution (that would maybe go away with eduroam).

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

We opted for #1, and created a web-auth open network with the option for xpressconnect from cloudpath to do the configuration pieces for clients. We've had eduroam deployed for going on 3 years now, and its taken a while to get to the adoption level we've expected. It's taken a valient effort between our group and our desktop group to include the eduroam provisioning process as work orders come in for machines.

I think the higher-ups expected a higher adoption rate, but it was certainly slow at first especially since we didn't have XpressConnect right out of the gates. It's taken this long to finally get to the spot where more clients are associating to eduroam than our webauth SSID.



Britton Anderson |  Senior Network Communications Specialist |  Office of Information Technology |  907.450.8250



We opted for #1 for the sake of less confusion.

 

 

Tim Cappalli, Network Engineer
LTS | Brandeis University
x67149 | (617) 701-7149
cappalli@brandeis.edu

 

Just rolled it out here about a week ago.  We did number 3 on your list, but still considering number 2 because of extra overhead of an additional SSID everywhere.  Number 1, well, not for now.

 

Marcelo Lew

Wireless Network Architect & Engineer

University Technology Services

University of Denver

Desk: (303) 871-6523

Cell: (303) 669-4217

Fax:  (303) 871-5900

Email: mlew@du.edu

 

Thanks, Marcelo. We’re likely following with #3, but the extra overhead thing does gnaw at me a bit (but probably not enough that I can’t pretend it’s not gnawing at me).

 

Thanks everyone, for the responses.

 

-Lee

 

Lee,

To answer 2 and 3, I have seen many schools that were amazed at how many eduroam users they had from all over the world and in many locations
(visiting scientists in labs, students from abroad in greenhouses!,...you name it) 

Here is a graph from University of Chicago (yes, they are known for having a big International presence...but that was just in the first 3 months,
and it was back in 2010!!!)



Good stuff- I hope we get some users after rolling it out. I did poll our distributed support folks, and as of yet can’t find any hidden demand.  At the same time, we don’t know what we don’t know, ya know?

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
Sent: Friday, November 01, 2013 1:31 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eduroam rollout- one more time

 

Lee,

 

To answer 2 and 3, I have seen many schools that were amazed at how many eduroam users they had from all over the world and in many locations

(visiting scientists in labs, students from abroad in greenhouses!,...you name it) 

 

Here is a graph from University of Chicago (yes, they are known for having a big International presence...but that was just in the first 3 months,

and it was back in 2010!!!)

 

 

 

By the way...

For schools that go with #1 (use eduroam as your own SSID), there is a free installer that can make the rollout of 802.1X
quite easy! Not a bad saving!


Best,

Philippe Hanset

We have not even had it rolled out a full week and here is what I have seen.  May not be exact, but is pretty suprising.

238 unique users from 106 unique domains.

This is the breakout of country codes
      1 ie
      1 nz
      2 at
      2 dk
      2 it
      2 pt
      3 fi
      4 es
      4 fr
      5 au
      5 cz
      5 hk
      5 se
      6 za
     12 nl
     14 ch
     19 ca
     37 uk
     46 de
     64 edu

I also had 30 unique users from my campus use it somewhere else.




------------------------
Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438


Sorry, bad filtering.  Here is the correct data.

199 Unique users from 90 different domains.
This is a list of how many unique users from the country codes in the domains

      1 at
      1 dk
      1 ie
      1 nz
      2 it
      2 pt
      3 fi
      4 au
      4 es
      4 fr
      5 cz
      5 hk
      5 se
      6 za
     10 nl
     14 ca
     14 ch
     32 uk
     40 edu (US based)
     45 de

20 local users have used it off campus. 


------------------------
Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438


That's pretty cool, thanks Walter.

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Walter Reynolds [waltr@UMICH.EDU]
Sent: Friday, November 01, 2013 2:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eduroam rollout- one more time

Sorry, bad filtering.  Here is the correct data.

199 Unique users from 90 different domains.
This is a list of how many unique users from the country codes in the domains

      1 at
      1 dk
      1 ie
      1 nz
      2 it
      2 pt
      3 fi
      4 au
      4 es
      4 fr
      5 cz
      5 hk
      5 se
      6 za
     10 nl
     14 ca
     14 ch
     32 uk
     40 edu (US based)
     45 de

20 local users have used it off campus. 


------------------------
Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438


How did you get those stats, Walter?

 

Bruce Boardman - Syracuse University Network Engineer - 315 889-1667 -----------------------------------

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, November 01, 2013 2:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eduroam rollout- one more time

 

That's pretty cool, thanks Walter.

 

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Walter Reynolds [waltr@UMICH.EDU]
Sent: Friday, November 01, 2013 2:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eduroam rollout- one more time

Sorry, bad filtering.  Here is the correct data.

 

199 Unique users from 90 different domains.

This is a list of how many unique users from the country codes in the domains

 

      1 at

      1 dk

      1 ie

      1 nz

      2 it

      2 pt

      3 fi

      4 au

      4 es

      4 fr

      5 cz

      5 hk

      5 se

      6 za

     10 nl

     14 ca

     14 ch

     32 uk

     40 edu (US based)

     45 de

 

20 local users have used it off campus. 


 

------------------------

Walter Reynolds

Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438

 

Lee, Option#3 We are just about to broadcast eduroam throughout our campus too. For now, we are going with our own branded WPA-2K SSID and eduroam. With the cat.eduroam.org's tool, we are able to create a single WPA2K supplicant profile on all but the Android devices. So, there should be little of an inconvenience for our users. And, as we will only have 3 SSIDs broadcasted in most areas, I am less concerned about management traffic. -- Christina Klam Network Engineer Institute for Advanced Study Email: cklam@ias.edu Einstein Drive Telephone: 609-734-8154 Princeton, NJ 08540 Fax: 609-951-4418 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

We originally adopted the #3 option, but we are planning to retire our 802.1X SSID soon and just have everyone use eduroam. It just makes sense. What we have seen is that when on campus, we push our users to use our main SSID, but then when they go to participating universities, they sometimes have issues connecting to eduroam because they are not familiar with it. We figured that we are part of a global effort and we will never be 100% involved in it unless we get push our own users to use it as their main SSID when at home. That way when they go to other participating institutions, it will be seemless! Just the way it is supposed to work

 

Hector Rios

Louisiana State University

 

I got the data by pulling the radius login data and filtering it based on username.


------------------------
Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438


I hear you, and appreciate it it a point. At the same time, I don't buy into losing our identity to be part of something global, especially when measured in terms of 16K+ users on our branded campus WLAN at daily peaks, and a few dozen Eduroamers expected. 

In other words, why change something that statistically everybody is used to for the sake of statistically nobody? Not trying to quibble, just explaining where we come from. 

I actually think Eduroam should be more accommodating to individual SSIDs, but get why it can't work that way now. Hopefully Hotspot 2.0 lives up to it's billing as the cure-all for this sort of thing. 

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003
Lee,

I hate to bust your identity pride ;-) but...
In my experience the only people that care about the SSID names are the IT Crowd and some of the University administrators.
(when will we have TV series on University Administrators?)

Users just want something that works...they don't even look at SSIDs these days.

Now, if like Birthday Cards, we start having singing SSIDs...that might be a different story!

Philippe

Philippe Hanset

I have been debating the eduroam idea for a while and how we'd phase it in.  The desire to get away from having a bunch of SSIDs and having realm based roles under a single SSID is really appealing.  Our main issue is that we have just pushed people off an old unsecured SSID onto a new SSID, and I don't relish having to explain (again) why we are changing once more.  So we'll likely roll out eduroam and our secure SSID separately and slowly fold people into eduroam (through Cloudpath magic)

I think the eduroam has the cool factor that allows universities to extend cooperation in a way that is normally only available at the political layers (not the networking layers).  UNC, NC State and Duke are all less than 30 miles from one another and have over 150k wireless devices between the three, and I am sure significant roaming occurs.  I think that in many locations, it will become a valued service.

Plus, I rather be ahead of the curve, and not behind for something like this.  Considering all the other things we have to do, this is quite easy.

Ryan Turner
Senior Network Engineer
UNC Chapel Hill

Sent from Windows Mail

From: Hanset, Philippe C
Sent: ‎Friday‎, ‎November‎ ‎1‎, ‎2013 ‎3‎:‎40‎ ‎PM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv

Lee,

I hate to bust your identity pride ;-) but...
In my experience the only people that care about the SSID names are the IT Crowd and some of the University administrators.
(when will we have TV series on University Administrators?)

Users just want something that works...they don't even look at SSIDs these days.

Now, if like Birthday Cards, we start having singing SSIDs...that might be a different story!

Philippe

Philippe Hanset

Nothing busted, but also not buying it.

 

Every environment is different, every organization’s IT offerings are marketed a different way,  and I’m not accepting analysis from afar that there is no value in our branding.  I’d caution against such a blanket dismissal of how every institution that values their own network name is somehow wrong. You may have multiple SSIDs with names that not only mean something singularly, but also in relation to each other. And to “simply” change, at least for us, means a lot of user education, document changing, and a move to something that quite honestly feels kinda sterile.

 

I am a bit amused by what borders on what seems to me to be an almost cult-like mentality that sometimes enters into these Eduroam discussions, or the willingness to accept that because it’s what is driven by European institutions that no one here should question the philosophy. It’s all just good discussion, and why there has to be a right or wrong to  it (Go to Eduroam SSID makes you right, or don’t and be wrong) is beyond me.

 

We’re living up to our end of the Eduroam agreement, but also aren’t looking for a religion lesson.

 

Respectfully-

 

Lee Badman

 

 

 

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
Sent: Friday, November 01, 2013 3:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eduroam rollout- one more time

 

Lee,

 

I hate to bust your identity pride ;-) but...

In my experience the only people that care about the SSID names are the IT Crowd and some of the University administrators.

(when will we have TV series on University Administrators?)

 

Users just want something that works...they don't even look at SSIDs these days.

 

Now, if like Birthday Cards, we start having singing SSIDs...that might be a different story!

 

Philippe

 

Philippe Hanset

 

I don't want to hijack this discussion, and I'll apologize now for it, but I do have an eduroam question.  How resource intensive is it to implement and maintain an eduroam deployment?  We are a smaller institution, but we've had a handful of requests from faculty members to adopt eduroam.  There is some hesitation because we don't want to invest a whole lot of time to maintain a service that may get used by 2 or 3 people per semester.

Respectfully,

Matthew "Will" Williams
Assistant Director, Networking
Bucknell University
570.577.1491


Having just done it, I can say that for your own users that want to leverage Eduroam while you travel, it’s quite easy once you federate your RADIUS servers with Eduroam’s, and that Philippe’s team is phenomenal to work with in that regard. Then there is educating your travelers to use the while xxx@yourschool.edu if you don’t already (is required for eduroam).

 

For getting it going on your own campus, is no more difficult than rolling out another SSID (but as you can see, that is as much philosophical as it is technical at times).

 

Not resource intensive- great folks on Eduroam end to help, and nice feather in your school’s cap.

 

-Lee

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Matt Williams
Sent: Friday, November 01, 2013 4:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eduroam rollout- one more time

 

I don't want to hijack this discussion, and I'll apologize now for it, but I do have an eduroam question.  How resource intensive is it to implement and maintain an eduroam deployment?  We are a smaller institution, but we've had a handful of requests from faculty members to adopt eduroam.  There is some hesitation because we don't want to invest a whole lot of time to maintain a service that may get used by 2 or 3 people per semester.


Respectfully,

 

Matthew "Will" Williams
Assistant Director, Networking
Bucknell University
570.577.1491

 

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/01/2013 04:13 PM, Matt Williams wrote: > I don't want to hijack this discussion, and I'll apologize now for it, but I do have an eduroam question. How > resource intensive is it to implement and maintain an eduroam deployment? We are a smaller institution, but we've > had a handful of requests from faculty members to adopt eduroam. There is some hesitation because we don't want to > invest a whole lot of time to maintain a service that may get used by 2 or 3 people per semester. > > Respectfully, > > Matthew "Will" Williams Assistant Director, Networking Bucknell University 570.577.1491 > > Hello, We're quite a small institution (fewer than 400 residential students) and we're very happy with the value/effort ratio eduroam gives us. We also only have a very few folks traveling to other eduroam campuses, but those few have been very appreciative of the service when they connect somewhere else without any trouble/reconfiguration. It was a little bit of extra work for some of our technical folks to succeed at our testing & deployment but very much a pleasant challenge that I think we all enjoyed (very little frustration as compared to other projects we've undertaken). As far as "hijacking" the discussion, thank you for that. :-] I was tempted to reply earlier in this thread, and seeing the way it's played out, I think I made the right choice in not trying to send (or further edit) the draft I'd composed. ~c -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBCAAGBQJSdBL6AAoJELuLPXMxqTZ/vb8QAIx1bpJ1YINczRFhoPCAjexF CBdy0I9mGKNZvkEMOfmcFgDox6ysyArTMioDreivnQ/mlPQeoIwo4b2VrGBT1JhO LnaQI2g8K7nVp54bYOmEjMojB4FimQZhB+mUTORgO6Z50wKfs8gSEhBX1pSjGTbs oVioeJJOCye0NFbtBbQGcOZlk5mRpQJe/stcCntj/9wxZDxuXJ1bGZ35XldN2xmJ hWN7JuQTOjTNgEM9R34r1KQKdSu1bVmF669UrQLnE3tdIXdwUmGkNsIsJNzwG8l9 VfMXFLbdkepokiN/mYAhfCZ8BuJj9tfnuq7yxiCfw2A/uqmUBXKY3cOOSQMo+oNP s1WYRjmqyQh3REb0asRlGFhCfzoGiDIyC9yms7y8hncH5yeTL2D0Uw41ak5jl03x Dmy2uXrKEhL+4yb/8+x7DKc5Ob4S8Qw20nGjCgGTGcYGlfzfu7IKgeODg39GUel7 YRVuNeBrF0XRWuSO93J/wEQwOckxiR1d2+RJCXmmZjs82ZSaqPwsl/evK9FG63Wc q4VdkhQ9XFNAcviXUHZxqZdsmXWJW2FBlsc+sztL5PZ62CwDj2EwydCcONVDsa3Z oFphf11ES61kzXTryQGg7YV1OZCtXBMgH34eSoLkNs00phfT26Djkdmgzkc77RpK GAIXNrREnSIzcliP197M =2qNn -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
So for it's been a one time setup for us. I would guess including testing it took about 16 hours. |Bruce Boardman, Network Engineer, Syracuse University - 315 889-1667 ________________________________________
On Nov 1, 2013, at 11:34 , Lee H Badman wrote: > > Go the easy path, and push it the Eduroam SSID everywhere, as an additional WLAN, and live with the fact that it won’t get a lot of use in most places and puts management traffic in the air that isn’t generally going to be used. This is what we did at NU. We do some role-based stuff on the back end such that if an NU person connects to eduroam, they get the same IP addressing and setup as if they use our regular 802.1X SSID. -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: PGP Public Key: ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Same here at 'Deis. A Brandeis user connecting to eduroam is treated exactly the same as they would be if they were connecting to our legacy branded secure network. We are using a lot of role-based magic from AD and enterprise LDAP. Also, there are some tweaks you can do in RADIUS to allow non-user devices to connect to eduroam with an "@fqdn" account (as long as they aren't expected to leave campus: Cisco wireless phones, wireless printers, ticket readers, etc) Tim Cappalli, Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 cappalli@brandeis.edu
Thanks for all of the input.  I appreciate it.  From what I'm hearing it seems like it is no more time intensive than any other service.  I'll be sure to pass all of this along.  Thanks, again.

Respectfully,

Matthew "Will" Williams
Assistant Director, Networking
Bucknell University
570.577.1491


Matt,

To add to what people have already mentioned on the list:
If you already have a working 802.1X implementation, the work on the RADIUS server to become eduroam enabled is really basic.
(instructions are located on the website www.eduroam.us for various RADIUS flavors. Those instructions are community driven.)
Some schools were eduroam enabled on the IdP (Identity Provider) side in less than 2 hours.

On the network side (enabling the SSID to become a SP, Service Provider) it's all about picking subnets, making firewall rules, and advertise the SSID.

One school did a really quick shortcut in network configurations (I forgot who it was) by routing all institution's eduroam users to its current secure SSID network,
and all of its eduroam visitors to its current visitor SSID network (VLAN assignments in the controller). They had to bypass the need for the web portal
on the visitor side and make sure that local clients joining eduroam use the full REALM (user@domain) to be ready when they travel (a RADIUS config change).

Best,

Philippe

Philippe Hanset



On Nov 4, 2013, at 8:56 AM, Matt Williams <mcw015@BUCKNELL.EDU>
 wrote:

Thanks for all of the input.  I appreciate it.  From what I'm hearing it seems like it is no more time intensive than any other service.  I'll be sure to pass all of this along.  Thanks, again.

Respectfully,

Matthew "Will" Williams
Assistant Director, Networking
Bucknell University
570.577.1491


Message from jethro.binks@strath.ac.uk

I think what it is interesting to consider is that eduroam developed in Europe more or less in parallel with 802.1X, so at the point where it all came together to be workable and understood, many European sites were fairly new to having an 802.1X deployment and just jumped straight to providing a single 'eduroam' SSID for all users, or had manageable numbers of users to migrate from a locally branded 802.1X deployment. In the case of US, eduroam has come along some time after you had established 802.1X provision, so you are already quite some way down one road and trying to find easy ways to backup or build a bridge to another road, something not necessarily very easily. I don't envy you. Jethro. On Mon, 4 Nov 2013, Hanset, Philippe C wrote: > Matt, > > To add to what people have already mentioned on the list: > If you already have a working 802.1X implementation, the work on the RADIUS server to become eduroam enabled is really basic. > (instructions are located on the website www.eduroam.us for various RADIUS flavors. Those instructions are community driven.) > Some schools were eduroam enabled on the IdP (Identity Provider) side in less than 2 hours. > > On the network side (enabling the SSID to become a SP, Service Provider) > it's all about picking subnets, making firewall rules, and advertise the > SSID. > > One school did a really quick shortcut in network configurations (I > forgot who it was) by routing all institution's eduroam users to its > current secure SSID network, and all of its eduroam visitors to its > current visitor SSID network (VLAN assignments in the controller). They > had to bypass the need for the web portal on the visitor side and make > sure that local clients joining eduroam use the full REALM (user@domain) > to be ready when they travel (a RADIUS config change). > > Best, > > Philippe > > Philippe Hanset > www.eduroam.us > > > > On Nov 4, 2013, at 8:56 AM, Matt Williams > > wrote: > > Thanks for all of the input. I appreciate it. From what I'm hearing it seems like it is no more time intensive than any other service. I'll be sure to pass all of this along. Thanks, again. > > Respectfully, > > Matthew "Will" Williams > Assistant Director, Networking > Bucknell University > 570.577.1491 > > >

WE have both eduroam and our primary SSID to all locations. We went live with both at the same time in 2007, the same reasons we went that direction are still relevant today so won’t be changing. However that is just what works for us, and it’s reviewed every couple of years.

 

Discussions went on about using eduroam only, however we border with other eduroam organisations and this can cause trouble with network overlap. The other reason is there is a definite preference to have a branded name in the air for when visitors and prospective students are around.

 

Both networks work the same way, our users can use either network on-campus and like-wise an eduroam visitor can use either network. Some users do just use eduroam only, while eduroam visitors can also use our primary SSID if overlap with another institution has an issue.

 

Enjoy the designing J

 

--

Jason Cook

Technology Services

The University of Adelaide, AUSTRALIA 5005

Ph    : +61 8 8313 4800

 

We rolled out Eduroam last April and have had no issues and lots of praise. Both our Eduroam and our existing .1x ssid are identical (EAP-TTLS/PAP) except of course for ssid name. We leverage XpressConnect to config both ssids at the same time (except for iOS, which requires running XC twice). While we initially tried to keep local users on our local ssid it was a losing battle and in the end doesn't matter much. Local community users are placed into the same "local" role regardless of which ssid they come in on. Visiting Eduroamers are placed into a separate role. Theoretically, visiting Eduroamers could connect using our native .1x ssid but we require local NetID authorization to access XpressConnect (via shib) so non-community members would not have the opportunity to configure for that ssid. Keeping things separate at the role level makes the most sense for us. Mike Michael Dickson Network Analyst Office of Information Technologies University of Massachusetts Amherst Voice 413.545.9639
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.