eduroam at Federation Training

eduroam at Federation Training
eduroam at Federation Training
What is eduroam?
eduroam is short for ‘education roaming’.
eduroam is a global service enabling staff and students of educational, research and related institutions to
visit another eduroam participating institution and connect to the visited institution's wireless network
automatically, i.e. with minimal effort for both user and visited institution.
eduroam infrastructure provided by Federation Training, AARNet and global NRENs enables a visitor's
'home institution' to authenticate the visitor remotely. Upon successful authentication, Federation Training
grants wireless network access to visitors authenticated via eduroam. Other eduroam participating
institutions similarly grant network access to visiting staff and students from Federation Training.
If configured correctly, the eduroam user should be able to get a network connection at a visited institution
just by opening their laptop or activating their phone or tablet device.
Federation Training provides eduroam access at all campuses.
More about eduroam is available from AARNet, the eduroam AU ‘roaming operator’.
eduroam policy
Trust in eduroam authentication is underpinned by use of a proven secure technical infrastructure and
protocol, and a set of policies to which all eduroam participants are required to comply.
In participating in eduroam AU, Federation Training agrees to conform to the Global eduroam Policy and the
eduroam AU policy maintained by AARNet.
What is the users' responsibility in using eduroam?
eduroam AU policy states that users must conform to their home institution's networking Acceptable Use
Policy (AUP).
Users are recommended to read and comply with the Acceptable Use Policy of visited institutions. Visiting
eduroam users should refer to Federation Training's Acceptable Use Policy.
What about user privacy?
The eduroam protocol prevents your institutional password from being revealed to any eduroam server other
than your home institution’s eduroam server. So your login password is protected and remains secret
between you and your home institution. However your username is visible to the Federation Training
authentication server and other eduroam infrastructure servers involved in getting your authentication
request from your device to your home institution, and may be included in logs. Such logs are required to be
protected by the institution running the authentication server.
Federation Training’s wireless settings
SSID (network name)
eduroam (case sensitive)
Wireless Network Connection Protocol
WPA2 Enterprise
Data Encryption Method
AES
Federation Training users using eduroam
Federation Training users should configure eduroam locally (i.e. while on Federation Training campus) for
authentication to Federation Training before travelling to other eduroam participating institutions.
Authentication and device configuration
The following authentication parameters apply for authentication of Federation Training staff and students via
eduroam:
Security
WPA2-Enterprise
Encryption
AES
EAP Method
PEAP
Inner Method
MSCHAPV2
Identity
<username>@federationtraining.edu.au (staff first
initial surname e.g. jsmith)
<studentid>@student.federationtraining.edu.au
Anonymous Identity
<username>@federationtraining.edu.au (staff first
initial surname e.g. jsmith)
<studentid>@student.federationtraining.edu.au
CA Certificate
Will auto-detect
Windows 10 manual configuration
•
Right-click the Network Connection icon in the taskbar.
•
Click Open Network and Sharing Center.
•
Click Set up a new connection or network.
•
Click Manually connect to a wireless network, then click next.
•
Enter eduroam (case sensitive) for the Network name.
•
Select WPA2-Enterprise from the Security type drop-down-list.
•
Select AES from the Encryption type drop-down-list.
•
Check to select Start this connection automatically.
•
Click Next.
•
Click Change connection settings.
•
Click the Security tab.
•
Click Settings.
•
Tick the Validate server certificate check-box.
•
Scroll down and tick Digicert High Assurance EV Root CA under Trusted Root Certification Authorities.
•
Click Configure.
•
Un-tick the Automatically use my Windows logon name and password check-box and click OK.
•
Click OK to close Protected EAP Properties.
•
Click Advanced Settings.
•
Check Specify Authentication mode and choose User Authentication from the drop-down list.
•
Click OK and then Click OK again to close wireless network properties.
•
Click Close to complete the setup.
•
A network dialog box will appear, enter your Federation Training username and password and click OK.
•
Staff username format: [email protected] (first initial surname e.g. jsmith)
•
Student username format: [email protected]
Windows 7 manual configuration
•
Right-click the Network Connection icon in the taskbar.
•
Click Open Network and Sharing Center.
•
Click Set up a new connection or network.
•
Click Manually connect to a wireless network, then click next.
•
Enter eduroam (case sensitive) for the Network name.
•
Select WPA2-Enterprise from the Security type drop-down-list.
•
Select AES from the Encryption type drop-down-list.
•
Click Next.
•
Click Change connection settings.
•
Click the Security tab.
•
Click Settings.
•
Tick the Validate server certificate check-box.
•
Scroll down and tick Digicert High Assurance EV Root CA under Trusted Root Certification Authorities.
•
Click Configure.
•
Un-tick the Automatically use my Windows logon name and password check-box and click OK.
•
Click OK to close Protected EAP Properties.
•
Click Advanced Settings.
•
Check Specify Authentication mode and choose User Authentication from the drop-down list.
•
Click OK and then Click OK again to close wireless network properties.
•
Click Close to complete the setup.
•
When the message balloon appears in the taskbar asking you to enter additional information, click on the
message balloon and then select Enter/select additional logon information.
•
Enter your Federation Training username and password and click OK.
•
Staff username format: [email protected] (first initial surname e.g. jsmith)
•
Student username format: [email protected]
Windows 8 manual configuration
•
Move your mouse to the top-right corner of your screen to display the Charm Bar and click Settings.
•
Click the Wireless Network icon.
•
Click eduroam.
•
Click Connect.
•
Enter your Federation Training username and password and click OK.
•
Staff username format: [email protected] (first initial surname e.g. jsmith)
•
Student username format: [email protected]
•
Click Connect.
iPad, iPhone manual configuration
•
Tap Settings.
•
Tap Wi-Fi.
•
Tap eduroam.
•
Enter your Federation Training username in the Identity field.
•
Staff username format: [email protected] (first initial surname e.g. jsmith)
•
Student username format: [email protected]
•
Enter your password and tap Join.
•
Tap accept or trust (version specific).
Android manual configuration
•
Tap Apps.
•
Locate and tap Settings.
•
Tap Wi-Fi.
•
Tap eduroam.
•
Ensure that EAP method is set to PEAP.
•
Set the Phase 2 authentication to MSCHAPV2.
•
Enter your username in the Identity field.
•
Staff username format: [email protected] (first initial surname e.g. jsmith)
•
Student username format: [email protected]
•
Enter your password in the Password field and tap Connect.
Visitors using eduroam at Federation Training
Who can use eduroam at Federation Training?
eduroam is available to general staff, academics, researchers and students from eduroam participating
educational, research and related institutions globally.
How do I use eduroam at Federation Training?
Note: as an eduroam user, you should have already configured access to eduroam while on your home
campus, using the authentication parameters provided by your home institution local eduroam webpage.
Accessing eduroam successfully within Federation Training requires only that your configured wireless
network connection and encryption protocol is compatible. The wireless encryption protocol used by
Federation Training access points is the WiFi standard "WPA2/AES" (also called WPA2 Enterprise).
Note: There is no need to change any of your authentication parameters. These are only relevant to your
home institution. If you have successfully configured authentication to eduroam at your home institution, you
should be able to access the Federation Training network via eduroam with no change to your setup.
Where exactly can I use eduroam within Federation Training?
Federation Training provides eduroam access at all campuses.
Network services provided
Federation Training provides full outbound access with NAT’ed IP addresses (i.e. any servers on those
machines will not be accessible externally while connected to the Federation Training network).
How do I get support in using eduroam?
When you're on a Federation Training campus and connect to eduroam, you may experience difficulty in
getting a network connection due to several reasons e.g.an issue with your device configuration, wireless
networking, institutional eduroam operability or eduroam infrastructure operability.
If network access issues occur, in the first instance eduroam users should contact their home institution's
IT helpdesk to seek support.
If this is not feasible, or if the home institution can’t resolve the issue, users may contact Federation Training
ICT Services by emailing [email protected]
If required, your home institution's or Federation Training eduroam support staff will contact AARNet, the
eduroam AU national roaming operator, for additional assistance.
What usage logs are kept by Federation Training and what are they
used for?
eduroam trust between Federation Training and users’ home institutions (those authenticating their users) is
supported by the ability to trace a particular network access event to an authentication of a 'real user' by their
home institution.
Home institutions agree to take appropriate action on behalf of Federation Training in case a user doesn’t
comply with Federation Training’s network Acceptable Use Policy.
In order to provide this traceability, network access transactions via eduroam are logged by Federation
Training, with logs being retained for a period of six months. Access to usage logs is restricted to authorised
personnel and authorities as required by the law.
Usage logs may also be used for purposes of service trouble-shooting and user support.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement