Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Under the 'Settings' (the gear icon), go to 'Profiles', then select 'RADIUS'. 
  2. Click 'New'. Provide a name. For the eduroam Europe proxy, you could use 'eduroam OpenRoaming Proxy'. 
  3. Are you going to use Radsec? If so, select 'TLS'. You'll notice things change to add several more settings. 
  4. Provide the IP address for the proxy. If you use Radsec, use port 2083 with secret 'radsec'. Click 'Add' to add it.
     - You can contact the eduroam Ops Team for the eduroam Europe OpenRoaming proxy by emailing Paul Dekkers, who manages the proxy, and ask for the OR proxy details. The European eduroam OR proxy accepts both RADIUS (over UDP/1812) and RadSec (with eduPKI certificates, over TCP/2083).
     - You can also contact eduroam UK for the UK proxy by emailing eduroamuk at jisc.ac.uk  and asking for the OR proxy details. Like the eduroam Europe proxy, the UK proxy accepts both RADIUS and RadSec (with eduPKI certificates) traffic.
  5. If you use Radsec, provide the 'Client Certificate', 'Private Key', 'Private Key Password' and 'CA Certificate' values. The 'Private Key Password' option is optional. You can use your eduPKI certificates here for the hosts in Step 4. 
  6. Tick the option 'Accounting'. As an OpenRoaming visited site (ANP) you are required to send accounting packets.
  7. Click 'Apply Changes' to save the RADIUS server. 

...

  1. Under the 'Settings' (the gear icon), go to the 'WiFi' menu. Click 'Create New' to create a new network. 
  2. Provide your SSID. Ignore the 'Password' option. Select the right 'Network' option to provide your VLAN you'll use.
  3. Select 'Manual' in the 'Advanced' option. Select 'Passpoint' in the 'Hotspot 2.0' option, there'll be new options available.
  4. The 'Venue Name', 'Venue Type', 'Network Type' and 'IP Address Type Availability' options are yours to select.
  5. Under 'NAI Realm', click 'Add' and fill in the 'Name' (the actual realm) and 'EAP Method' options. Under 'Sub-Methods', add the appropriate inner methods you can use. Click 'Save' to save the NAI realm.
    Important: You will not have PEAP as an authentication type in 'EAP Method'.
  6. In the 'Roaming Consortium List' option, add your appropriate RCOIs
    - For example, use 'Settlement Free' (or something similar) as 'Name' and '5A03BA0000' in the 'Organization ID' field for the baseline 'Any identity' RCOI
  7. In the '3GPP Cellular Network' options, you can add mobile networks that will be able to use OpenRoaming on your network. 
    - Under 'Country Name', enter the appropriate country and mobile network description, e.g. 'AT&T United States'.
    - Under 'Country Code', enter the international dialcode (although this is not necessary).
    - Under MCC and MNC, provide the necessary values for the network specified.
    Important: Please note that currently, only a very limited number of mobile carriers on the planet support this option. AT&T for example has two pairs, '310 280' and '310 410', while T-Mobile USA has one: '310 260'. The values can usually be derived from the '@wlan.mncXXX.mccYYY.3gppnetwork.org' username you see on a network, any 0 prefix can be dropped. To date we are aware that AT&T and T-Mobile configure their SIMs to use OpenRoaming if their MCC/MNC pair is advertised, but we're also aware that Swisscom should support read the mobile network wireless offload topic for more information on this. 
  8. In the 'Domain List', add your realm name, click 'Add' to add it.
  9. In the 'Operator Friendly Name', provide your company name. This setting is not your Operator-Name attribute value. There is no ability to set this for the network.
  10. Set all the other various options for the network. 
  11. Under 'Security Protocol', choose the appropriate WPA Enterprise level (it should preselect 'WPA2 Enterprise').
  12. In the 'RADIUS Profile', select your RADIUS server you set up at the top. 
  13. Choose the right value for the NAS ID.
  14. Click 'Add WiFi Network' to create the network. 

...