Jump to: 


The eduroam-US Knowledge Base provides answers to common questions, guides for getting started with eduroam, and details on how to contact the team for help.

Getting Started

eduroam Admins use the eduroam Federation Manager (eFM) portal to manage their eduroam deployments. After signing up, use your InCommon or Google credentials to log in and begin setting up your IdPs (the way your users log in), SPs (the way your hotspots send traffic to other subscribers), and service locations (where eduroam can be found in the physical world).


What to do next

Our colleagues at GÉANT have documentation on configuring your RADIUS servers for eduroam. The Additional documentation section below may contain a guide more tailored to your specific environment.

eduroam is a global service, and you may see terms such as "national roaming operator", "national proxy server", or similar in various documentation. During organization-side configuration use tlrs1.eduroam.us and tlrs2.eduroam.us as your upstream RADIUS server addresses.

Additional documentation

Below you'll find general help guides, eduroam best practices, and technical documentation for configuring eduroam on specific varieties of wireless controllers and RADIUS servers.

General guides

Document TitleAuthor(s)Revised
eduroam-US Best Practices Guideeduroam Advisory Committee (eAC)see document header
Preserving end user privacy in eduroamInternet2see document header
How to deploy eduroam on campusGÉANTsee document header
CAT (Configuration Assistant Tool) GuideGÉANTsee document header
Help desk best practicesGÉANTsee document header
Primer on EAP typesGÉANTsee document header
EAP Server Certificate considerationsGÉANTsee document header

Dealing with packet fragmentation with EAP-TLS

Some approaches if you're experiencing the following:

  • Your end-users report that authentication is failing, but you can't see anything in your logs.

  • Your firewalls are reporting potential packet fragmentation attacks from RADIUS servers.
  • You're using EAP-TLS.

Jisc Govroamsee document header

eduroam Transitional Technologies Updates

  • Information on changes to 802.1x technologies that impact eduroam and guidance on implemention
eduroam Advisory Committee (eAC)see document header

RADIUS Attribute Guide

Josh Howlett, Federated Solutions10/5/2023

Configuration Guides

Specific guides for wireless controllers, RADIUS servers, and other network devices

Document TitleAuthor(s)Revised
Aruba Clearpass 6.7 service template for eduroam Aruba NetworksLinked to 7/18/19
Aruba Clearpass 6.8 service template for eduroam Aruba NetworksLinked to 7/18/19
Aruba and NPS configuration for eduroamGerrard Shaw, Havering College of Further and Higher Education 3/6/2019

Cisco ISE (and other IdPs with L7 load balancing support) load balancing best practice

  • Please review before deploying any version of ISE.
Josh Howlett10/5/2023
Cisco ISE 3.1 configuration for eduroamCisco Networkssee document header

Cisco ISE 2.2 and 2.3 configurations for eduroam

Cisco Networkssee document header
Cisco ISE 2.1 configuration for eduroamCisco Networkssee document header
FortiNAC 9.2.0 and lower configurations for eduroamFortinetLinked to 12/12/21
FreeRADIUS configuration for eduroamGÉANTsee document header
FreeRADIUS configuration on Windows10IPv6rssee document header
Meraki APs configuration for eduroamCisco/Merakisee document header

NPS configuration for eduroam

  • "NRPS" is referenced throughout this guide. US deployments should instead use the eduroam-US TLRS (tlrs1, tlrs2).
JiscLinked to 3/22/22

WatchGuard configuration for eduroam

WatchGuardLinked to 1/18/23

UETN's AP configuration guide

  • Aerohive/Extreme
  • Cradlepoint
  • Fortinet
  • Ruckus
  • Ubiquiti
  • Juniper Mist
UETNLinked to 12/13/22

Resources

Let us know

  • Have questions or suggestions to improve this service? Contact us.