Service provider instructions
Letak
U letku (PDF, 6.9MB) za davatelje usluge eduroam možete pronaći sažeti pregled informacija vezanih za pružanje usluge eduroam s stajališta davatelja usluge.
Technical Requirements
eduroam service providers users must have:
- Functioning Internet connection.
- Wireless network based on access points that support 802.1x protocol with WPA2/AES encryption and remote RADIUS authentication.
- RADIUS server with the appropriate configuration.
Configuration in compliance with eduroam standards
Access points and the RADIUS server must be configured in the following way:
- Access points need to be configured with following parameters:
SSID: eduroam Broadcast SSID: Yes Cipher: WPA2/AES EAP (802.1x): EAP with RADIUS authentication (full) Accounting: Enable authentication using your RADIUS server's IP address and port (192.168.1.1:1812 - auth, 192.168.1.1:1813 - acct) Tehničke konfiguracije za pojedine mrežne uređaje mogu se pronaći na Kako uspostaviti eduroam na Wi-Fi mreži
- Properly configured RADIUS server with Service Provider functionality. Instructions for Service Providers can be found on page: How to deploy eduroam on-site or on campus. Users of AAI@EduHr packaging system already have this preconfigured in freeradius-aai package.
-
Minimal set of open ports allowed on the network for eduroam users:
- Standard IPSec VPN: IP protocols 50 (ESP) and 51 (AH) both egress and ingress; UDP/500 (IKE) egress only
- OpenVPN 2.0: UDP/1194
- IPv6 Tunnel Broker service: IP protocol 41 ingress and egress
- IPsec NAT-Traversal UDP/4500
- Cisco IPSec VPN over UDP/TCP: UDP/TCP 10000
- PPTP VPN: IP protocol 47 (GRE) ingress and egress; TCP/1723 egress only
- SSH: TCP/22 egress only
- HTTP: TCP/80 egress only
- HTTPS: TCP/443 egress only
- IMAP2+4: TCP/143 egress only
- IMAP3: TCP/220 egress only
- IMAPS: TCP/993 egress only
- POP: TCP/110 egress only
- POP3S: TCP/995 egress only
- Passive (S)FTP: TCP/21 egress only
- SMTPS: TCP/465 egress only
- SMTP submit with STARTTLS: TCP/587 egress only
- RDP: TCP/3389 egress only
Registration of the service provider in the eduroam system
- Institution's authorized person needs to fill out an application for a new RADIUS resource in Registry of resources.
- Send the IP address of RADIUS server to eduroam coordinator at: .
- Modify the configuration of the RADIUS server in accordance with instructions received from the Srce team.
- Send confirmation message to the Srce team after successful connection to eduroam.
- Add your access locations on the map through administrator web application.
Additional instructions for home institutions participating in the AAI@EduHr system
The process of introducing eduroam service for home institutions, which are participating in the AAI@EduHr system is further simplified by using pre-configured freeradius-aai package for the Debian distribution.
Home institutions must complete one additional step when setting up eduroam: upload their RADIUS server's rootCA certificate to the eduroam installer tool. That certificate will be embeded into software and instructions generated by the installer tool, needed for simple and secure connecting to eduroam. Instructions for this are given in AAI@EduHr Developer FAQ.