- Advisory services
- Consultations
- Network and technology policies
- Network and technology service docs
- Using Jisc community
- Network and technology service docs
- Domain name registration
- How to sign up
- Janet Support Manual
- Janet CSIRT
- Back-up services
- eduroam
- Backup Web Hosting
- Certificate Service
- Connection timeline
- Eligibility
- Janet 3G Buyer's Guide
- Janet 3G eduroam interoperablity authentication methods
- Janet Mail Services
- Janet Network Charges
- Janet Reach
- Janet Videoconferencing Feedback results
- Primary connections
- Supporting Business Continuity
- Business and Community Engagement (BCE) using Janet
- Cost
- Interconnect connections
- Connecting student accommodation
- Customer-owned routing equipment
- Obtaining a Janet IP Address Range
- Terms for the Provision of the Janet Service
- Upgrading your existing bandwidth and Janet router
- Fault reporting
- IP address assignment
- Janet Aurora
- Janet Netsight
- Janet txt
- Routers
- Network set-up
- Guest access
- Network time service
- Training
- Contact
- Primary Nameserver Service
- Secondary Nameserver Service
- Vscene
- eduroam
- eduroam(UK) Policy
- Advisories
- FAQs
- Information for users
- eduroam Visitor Access service (eVA)
- eduroam Web Sites Accessibility Documents
- Information for tech admins
- Information for management and general enquirers
- Joining eduroam and terms of membership
- Technical Reference Docs
- Technical Reference Docs
- eduroam Deployment Guide
- eduroam(UK) Technical Specification
- eduroam(UK) Technical Specification Appendices
- Technical Specification Requirements Checklists
- Advanced eduroam Service Engineering Components (pre-introduction to Tech Spec)
- eduroam CAT (Configuration Assistance Tool)
- Content for eduroam service information web page guide
- Deploying Govroam alongside eduroam
- Clarification of eduroam(UK) Policy and Tech Spec Wording - Visitor Activity Logging
- The eduroam Architecture for Network Roaming RFC 7593
- A case study in complying with the technical specification
- Automated 802.1X set-up for eduroam users at Bristol University using XpressConnect
- Chargeable User Identity for eduroam: with FreeRADIUS implementation guide
- Comparison of supplicants
- Dealing with complaints about visiting eduroam users
- Filtering of Invalid Realms
- FreeRADIUS 2 eduroam Deployment - Univ of Sussex
- FreeRADIUS Guides
- Issues arising from use of multiple BBSIDs on wireless APs
- MS IAS and NPS Operator-Name RADIUS attribute issue
- Microsoft NPS - Improving reliability of as an authentication provider for eduroam
- Microsoft NPS 2008R2 config to avoid bad usernames flooding NRPS
- Microsoft NPS Configuration Guide
- ORPS role designation features on eduroam(UK) Support Server
- RADIUS attribute filtering with Microsoft IAS and NPS
- Troubleshooting flowcharts for eduroam administrators
- Using certificates issued by the Janet Certificate Service with MS IAS
- eduroam Security Measures
- 802.1X supplicant configuration for Windows XP
- Cisco ACS/ISE Configuration for eduroam
Cisco ACS/ISE Configuration for eduroam
Download as PDFCollection of How-to Guides for the Cisco ACS/ISE Family
Configuring Cisco ISE
We do not have any specific documentation on configuring ISE for eduroam use, but Cisco's own general configuration doc appears to be fairly comprehensive:
https://communities.cisco.com/docs/DOC-71299 - eduroam-specific instructions
and
Sending operator name with ISE 2.0
Cisco ISE servers do not have the correct attribute set up for insertion of the Operator-Name attribute. However, the steps to achieve this are straight forward in the GUI. The following article describes how:
https://community.jisc.ac.uk/groups/eduroam/document/operator-name-cisco-ise-2
Configuring Cisco ACS 5.3 for a Visited (SP) eduroam Service
For details of how to configure Cisco ACS 5.3 for Visited site eduroam see:
Sending Operator Name with ACS 5.4
Cisco ACS 5.4 provides the ability to inject and/or overwrite RADIUS attributes while proxying. This means that attribute 126 Operator Name can be injected for eduroam Visited sites (as per our recommendations).
Operator Name injection while proxying to NRPS
In the Visitor Access Policy (JRS in the example below) first remove any existing Operator Name attributes (which may have been added by the NAS) and add the Service Provide Operator Name.
1. Go to “Access Policies > Access Services” and click on the Visitor Access Policy (JRS)
2.Click on the “RADIUS Attibutes” drop down (Below “External Proxy Servers”)
3. Select “RADIUS-IETF” as the “Dictionary Type:”
4.Click the ‘Select’ button for “RADIUS Attribute”
5.In the ‘RADIUS Dictionary popup window select ‘ID’ in the “Filter:” field
6. In the ‘RADIUS Dictionary popup window select ‘Equals’ in the “Match If:” field
7. In the ‘RADIUS Dictionary popup window in the text box after the “Match If:” field enter 126 and click the ‘Go’ button
8. Then tick the radio button for ‘Operator-Name’ and click ‘OK’ at the bottom
9. In the “Operation:” field chose ‘DELETE’ and then click the ‘Add ^’ button
10. Repeat steps 3 to 8
11. In the “Operation:” field chose ‘ADD’
12. In the “Attribute New Value:” text box enter the your sites realm prepended with 1 e.g. ‘1camford.ac.uk’
13. Click the ‘Add ^’ button
14. Click the ‘Submit’ button
Author: Scott Armitage
Configuring Cisco ACS 5.3 for a Home (IdP) eduroam Service
For details of how to configure Cisco ACS 5.3 for Home site eduroam see:
https://community.jisc.ac.uk/blogs/scotts-eduroam-blog/article/eduroam-h...
Note to Cisco ACS 4.2 Users
In ACS 4.2 you can use a feature called "Domain Stripping" in the Home user authentication process. However it is strongly recommended that you upgrade to the latest version of ACS or employ Cisco ISE since 4.2 is no longer supported by Cisco and doesn't support newer versions of AD, injection of Operator-Name etc.
