On Monday, February 18, we changed the IP address on one of the two main eduroam servers -- TLRS1.EDUROAM.US. We have data that shows 70% of connectors may still be misconfigured, but may not be aware of this because of the redundant eduroam servers (TLRS1 and TLRS2). If that is the case for you, your service will break when we change the IP address of TLRS2 in March. See the process for testing your configuration in the "Test Your Configuration" section below.
WE URGE YOU TO CHECK YOUR CONFIGURATION FOR TLRS1 NOW, following the instructions below. Please note: The two major sources of problems are:
- Missing definition of the new IP address on firewalls
- The need to restart the RADIUS server
Configuration for TLRS1
If you have configured the RADIUS clients with the explicit IP addresses, remove the old IP addresses for TLRS1.EDUROAM.US from your RADIUS client list and replace it with the NEW IPv4 or IPv6 address below.
If you are using DNS entries to route requests to the TLRS servers, perform your second RADIUS service restart (to ensure that your service sees the updated DNS entries). In this case, you will see a service interruption until you do the restart. You may also need to FLUSH THE DNS CACHE on your RADIUS server(s) BEFORE YOU RESTART RADIUS to prevent stale entries from being erroneously retrieved.
Here is the information you will need to make these changes on your network:
OLD IP ADDRESSES:
DNS Name - TLRS1.EDUROAM.US
Current IPv4 - 188.8.131.52
Current IPv6 -2001:468:ef01:2::74
NEW IP ADDRESSES
NEW IPv4 - 184.108.40.206
NEW IPv6 - 2001:468:1f11::2
Test Your Configuration
Steps to check that your peering is working using eduroam-US logs. Note: checking your campus RADIUS servers logs might not be sufficient.
For Service Providers: Under Search Options: Filter by Client Identifier = <peering identifier>. If you see recent accepted OR rejected requests then your peering is
working as an SP.
For Identity Providers: Under Search Options: Filter by Username = <peering identifier>. If you see recent accepted requests then your peering is working as
The peering identifier is normally your primary realm and should be easy to find in the displayed logs.
Steps to actively test that your peering is working, using a testing tool:
Service Provider: Using the Test Accounts Tool (https://www.eduroam.us/config/test_accounts), create a test account and use it on a device and try to connect to your local 'eduroam' SSID.
Identity Provider: Using the Realm Testing Tool (https://www.eduroam.us/test/realm) you can simulate one of your users roaming to another institution ('Web Site' in the logs).
Please email firstname.lastname@example.org)with questions about this process or any other aspect of eduroam.