This page contains support information about eduroam. For a general overview of eduroam please go to our services section.
How do I set up Eduroam?
In order to set up eduroam on your campus you must be a REANNZ member. If you are currently a REANNZ member and do not have eduroam enabled on your campus, please contact our engagement team to get this service up and running.
In order to give your users access to eduroam on your campus, you will need the following:
- An Identity Management System (IdMs), where your users' electronic identities are stored.
- A RADIUS server, which needs to be connected to your IdMs.
- Configure your wireless LAN according to the eduroam requirements.
How does Eduroam work?
Any user from an eduroam-participating institution can get network access at any other institution connected to eduroam. Depending on local policies at the visited institutions, eduroam participants may also have additional resources at their disposal.
The role of the RADIUS hierarchy is to forward user credentials to the user's home institution, where they can be verified and validated.
When a user requests authentication, the user's realm determines where the request is routed to. The realm is the suffix of the user-name, delimited with '@', and is derived from the organisation's domain name.
eduroam-enabled institutions connect their institutional RADIUS server to the federation level RADIUS (FLR) server of the country where the institution is located.
The FLR in New Zealand is operated by REANNZ. These federation-level servers have a complete list of the participating eduroam institutions in that country. This is sufficient to guarantee roaming operations.
For international roaming, a regional top-level RADIUS server is needed in order to roam the users request to the right territory. Currently there are two top-level RADIUS servers deployed in Europe.
What technology does Eduroam use?
A hierarchical system of RADIUS servers is used to transport the authentication requests of users from the visited institution to their home institution, and the authentication response back.
Communication between the access point and the user's home institution is based on IEEE 802.1X standard. 802.1X encompasses the use of EAP (extensible authentication protocol) which allows for different authentication methods.
Depending on the type of EAP method used, a secure tunnel will be established from the user’s computer to his home institution through which the actual authentication information (username/password etc.) will be carried (EAP-TTLS or PEAP). Alternatively, mutual authentication by public X.509 certificates will be used, which is not vulnerable to eavesdropping (EAP-TLS).
I am a student/researcher/professor, can I use Eduroam?
As end-user you will only be able to use eduroam if your institution participates in eduroam and provides electronic identity (e.g. an account for network access).
In order to set up an eduroam account you will need to contact your institution's network administrator. You (or your network administrator) will have to configure your computer to enable eduroam access.
More details can be found on your institution's website:
Who do I contact to set up Eduroam in a public place?
eduroam can be set up in collaboration with public wifi providers. If your business is interested in supporting an eduroam connection in the a public place, please contact our engagement team to discuss further.
The REANNZ eduroam Policy sets out guidelines that cover the control of the supply and receipt of internet access for educational and research purposes, as well as outlining the roles and responsibilities of REANNZ and users of eduroam.