View Source

Over the past few months Internet2 has sent regular communications regarding a readdressing of the two top level RADIUS servers for the eduroam service, TLRS1.EDUROAM.US and TLRS2.EDUROAM.US. If your institution began experiencing service issues with eduroam at or around Monday, March 25th at 9pm ET, it's probable that you have not correctly updated your RADIUS or other local configuration. See the process for testing your configuration in the "Test Your Configuration" section below.

WE URGE YOU TO CHECK YOUR CONFIGURATION FOR TLRS1 and TLRS2 NOW, following the instructions below. Please note: The two major sources of problems are:

Missing definition of the new IP address on firewalls
The need to restart the RADIUS server

Configuration for TLRS1 and TLRS2

If you have configured the RADIUS clients with the explicit IP addresses, remove the old IP addresses for TLRS1.EDUROAM.US and TLRS2.EDUROAM.US from your RADIUS client list and replace it with the NEW IPv4 or IPv6 addresses below.

If you are using DNS entries to route requests to the TLRS servers, perform your second RADIUS service restart (to ensure that your service sees the updated DNS entries). In this case, you will see a service interruption until you do the restart. You may also need to FLUSH THE DNS CACHE on your RADIUS server(s) BEFORE YOU RESTART RADIUS to prevent stale entries from being erroneously retrieved.

Here is the information you will need to make these changes on your network:

TLRS1 OLD IP ADDRESSES:

DNS Name - TLRS1.EDUROAM.US
Current IPv4 - 64.57.22.74
Current IPv6 -2001:468:ef01:2::74

TLRS1 NEW IP ADDRESSES

DNS Name - TLRS1.EDUROAM.US
NEW IPv4 - 163.253.31.2
NEW IPv6 - 2001:468:1f11::2

TLRS2 OLD IP ADDRESSES:

DNS Name - TLRS2.EDUROAM.US
Current IPv4 - 64.57.22.78
Current IPv6 - 2001:468:ef01:3::78

TLRS2 NEW IP ADDRESSES

DNS Name - TLRS2.EDUROAM.US
NEW IPv4 - 163.253.30.2
NEW IPv6 - 2001:468:1f10::2

Test Your Configuration

Steps to check that your peering is working using eduroam-US logs. Note: checking your campus RADIUS servers logs might not be sufficient.

Go to https://www.eduroam.us/admin-login and log in.
Navigate to https://www.eduroam.us/log/viewer)

For Service Providers: Under Search Options: Filter by Client Identifier = <peering identifier>. If you see recent accepted OR rejected requests then your peering is working as an SP.

For Identity Providers: Under Search Options: Filter by Username = <peering identifier>. If you see recent accepted requests then your peering is working as an IdP.

The peering identifier is normally your primary realm and should be easy to find in the displayed logs.

Steps to actively test that your peering is working, using a testing tool:

Service Provider: Using the Test Accounts Tool (https://www.eduroam.us/config/test_accounts), create a test account and use it on a device and try to connect to your local 'eduroam' SSID.

Identity Provider: Using the Realm Testing Tool (https://www.eduroam.us/test/realm) you can simulate one of your users roaming to another institution ('Web Site' in the logs).

Additional Support? Or Not Receiving our emails?

Please email help@incommon.org with questions about this process or any other aspect of eduroam. If you have not received email reminders and think you should, please email help@incommon.org