What is eduroam?
eduroam is short for “education roaming”
eduroam is a global service enabling staff and students of educational, research and related institutions to visit another eduroam participating institution and connect to the visited institution’s wireless network automatically with minimal effort for both user and visited institution.
eduroam infrastructure provided by AFTRS, AARNet and global participants enables an AFTRS visitor’s ‘home institution’ to authenticate the visitor remotely. Upon successful authentication, AFTRS grants wireless network access to the visitor. Other participating institutions similarly grant network access to visiting users from AFTRS.
If configured correctly, eduroam users should be able to get a network connection at a visited institution just by opening their laptop or activating their phone or tablet device.
More information is available from AARNet, the eduroam AU ‘roaming operator’.
Trust in eduroam authentication is underpinned by use of a proven secure technical infrastructure and protocol, and a set of policies to which all participants are required to comply.
In participating in eduroam AU, AFTRS agrees to conform to the Global eduroam Policy and the eduroam AU policy maintained by AARNet.
What is the user’s responsibility?
The eduroam AU policy states that users must conform to their home institution’s network Acceptable Use Policy (AUP).
Users are recommended to read and comply with the Acceptable Use Policy of visited institutions. Visiting users should refer to AFTRS Acceptable Use Policy.
What about user privacy?
When using eduroam, the protocol prevents your institutional password from being revealed to any eduroam server other than that of your home institution. Your login password is protected and remains private between you and your home institution.
However your username is visible to the AFTRS RADIUS server and other eduroam infrastructure servers involved in getting your authentication request from your device to your home institution, and may be included in logs. Such logs are required to be protected by the institution running the RADIUS server.
AFTRS Wireless Settings
SSID (Network Name): eduroam (case-sensitive)
Wireless Network Connection Protocol: WPA2 Enterprise
Data Encryption Method: AES
Eduroam for AFTRS Users
AFTRS users should configure authentication locally (i.e. while on AFTRS campus) and confirm successful authentication by AFTRS eduroam infrastructure before travelling to other eduroam participating institutions.
The following authentication parameters apply for authentication of AFTRS staff via eduroam:
EAP Method: PEAP
Inner Method: MSCHAPV2
Identity (staff): <username>@aftrs.edu.au
Identity (students): <username>@student.aftrs.edu.au
Anonymous Identity: Do not configure an anonymous identity
CA Certificate: Will auto-detect
Visitors using eduroam at AFTRS
Who can use it?
Eduroam is available to general staff, academics, researchers and students from eduroam participating educational, research and related institutions globally.
How do I use it?
Note: as an eduroam user, you should have already configured access to eduroam while on your home campus, using the authentication parameters provided by your home institution local eduroam webpage.
The wireless encryption protocol used by AFTRS access points is the Wi-Fi standard “WPA2/AES” (also called WPA2 Enterprise). Accessing eduroam successfully within AFTRS requires only that your device’s configured wireless network connection and encryption protocol is compatible. Due to near-ubiquity of “WPA2/AES” support by institutional wireless access points, it is pretty much guaranteed that your wireless connection will be configured correctly if you’ve already tested your authentication on your own campus.
Note: There is no need to change any of your authentication parameters. These are only relevant to your home institution. If you have successfully configured authentication to eduroam at your home institution, you should be able to access AFTRS campus’ network via eduroam with no change to your setup.
Where exactly can I use eduroam within AFTRS?
AFTRS provides eduroam throughout the entire Moore Park campus and most of heritage park in front of the building.
Network Services Provided
AFTRS provides outbound access with NAT’ed IP addresses. In other words, you can access any services you normally do e.g. the Internet, email providers, your institution via VPN etc. However any servers running on your devices will not be accessible externally while connected to the AFTRS network.
How do I get support in using eduroam?
When you’re on an AFTRS campus and connect to eduroam, due to relative complexity of wireless and eduroam infrastructures, you may experience difficulty in getting a network connection due to several reasons e.g. an issue with your device configuration, wireless networking, institutional eduroam operability or eduroam infrastructure operability.
If network access issues occur, in the first instance users should contact their home institution’s IT helpdesk to seek support.
If this is not possible, or if the home institution can’t resolve the issue, visiting users may contact the AFTRS Technology Service Desk via phone or support portal:
- 02 9805 6456
If required, your home institution’s or AFTRS eduroam support staff will contact AARNet, the eduroam AU national roaming operator, for additional assistance.
What Usage Logs are kept by AFTRS and what are they used for?
The eduroam trust model (between institutions remotely authenticating their users, and other institutions providing network access, via eduroam) is supported by the ability to trace a particular network access event to an authentication of a ‘real user’ by their home institution.
Home institutions agree to take appropriate action on behalf of visited institutions in case a user doesn’t comply with the home institution’s network AUP.
In order to provide this traceability, remote authentication and network access transactions via eduroam are logged by AFTRS, with logs being retained for a period of six months. Access to usage logs is restricted to authorised personnel and authorities as required by the law.
Usage logs may also be used for purposes of service troubleshooting and user support.