[ietf78-tech] EDUroam connect request

Bill Jensen wej at doit.wisc.edu
Thu Jul 8 09:50:02 PDT 2010 

Hmm.  While I can see the value of having a ubiquitous scheme of 
authentication to accommodate wifi roaming, I think it would be 
considerably more impressive (and useful) if there was no mandate to 
have wifi infrastructure specifically configured to accomplish the task. 
  :-)

-wej

On 7/8/10 11:31 AM, Paul Dekkers wrote:
> Hi,
>
> On 8 jul 2010, at 17:06, Jim Martin wrote:
>
>> On Jul 8, 2010, at 10:59 AM, Geert Jan de Groot wrote:
>>
>>> It's not my call to make, I'm not sure if the 1252's
>>> can handle the additional config (but should, yes?),
>>> and I promised I'd forward the request to the list to see what you think?
>>
>>
>> 	I'd like to put this on the "Nice to do" list....
>>
>> 	That is, if we have cycles and find that we can do it (logistically and technically), then it's a good thing to do.
>>
>> 	However, if we're slammed or it hits any snags, it will be delayed or dropped.
>>
>> 	Paul, are you ok with that?
>
> Sure, it's nice that you're considering it!
> And I'm happy to assist to make this work if you agree on having an eduroam network :-)
>
>> 	On the technical side, would we have a separate (offsite) radius server configured for that one SSID, or would we relay the request (based upon realm or something) from our radius server to theirs?
>
> You could relay all authentication from the eduroam SSID to one of our servers at SURFnet, that would keep your existing RADIUS config simple. Though the proxying from your servers (freeradius, I understand) is not very difficult to setup either.
>
> Regarding the SSID: for eduroam it's very important that the SSID is "eduroam", broadcasted, and encryption is indeed WPA(2)-Enterprise: the concept is that people already configured their clients to use the eduroam network with their (university, ...) credentials, and they just open up their laptops and it works: open access. If the SSID is different, people have to reconfigure at every hotspot they want to use: not very convenient, apart from the fact that they probably forgot what they had to configure. (And their own helpdesk could be on the other end of the globe...)
>
> I think technically it's rather trivial: one SSID "eduroam", and I assume that only people that have it configured will use it: the rest won't be bothered by it. I'm really curious how many people will indeed use it. (But I'm quite sure there will be users, if eduroam is there.)
>
> Regards,
> Paul
>
> _______________________________________________
> ietf78-tech mailing list
> ietf78-tech at daedelus.com
> http://www.daedelus.com/mailman/listinfo/ietf78-tech

-- 
Bill Jensen, Network Engineer
UW-Madison DoIT Network Services
1210 W. Dayton St., Madison, WI  53706
voice: 608-263-9325  efax: 413-208-1297
email: wej at doit.wisc.edu   cell: 608-576-8345
sms: 6085768345 at vtext.com

More information about the ietf78-tech mailing list