eduroam - InCommon

eduroam - InCommon
Reading Time:
< 1
minute
eduroam
The global roaming wireless access service
eduroam (
read as Edu-roam
) is a secure, worldwide wireless service developed for and by the international research and education community.
Subscribe to eduroam
eduroam keeps you connected when you roam.
eduroam allows students, researchers, and staff to roam and find connectivity at more than 3,300 locations in the US, and more than 38,000 worldwide.
Map of eduroam connectors in the U.S.
eduroam for K-12, Libraries, and Museums
A way for regional and state-wide organizations to provide eduroam for their K-12, library, and museum constituents.
Community Standard WiFi
Connect anywhere you roam. Using eduroam, community members access secure WiFi at any participating institution or location. Since the home organization does the authentication, the user is securely connected. This benefits visiting students, faculty, and staff traveling near or far – whether to the next county for a swim meet, or another continent to attend a conference.
Have general questions?
Read our FAQ:
Our institution already has great wireless. Why do I need eduroam?
eduroam is your wireless network that enables you to connect with your organization. It makes your campus wireless available to credentialled community users, eliminating the need to run any other WiFi network. When you enable eduroam at your location, you get these benefits:
Welcome eduroam-enabled users with strong authentication and an improved access experience, and enable your home users to instantly connect to eduroam-enabled locations around the world.
Use community-vetted configurations and standard deployment guides to ensure your wireless is performing well.
Ensure all your users use secure WiFi connections, on and off campus.
What technology do I need to run eduroam?
eduroam uses industry standard 802.1x WiFi authentication with the following EAP types for encryption:
EAP-PEAP
EAP-TLS
EAP-TTLS
A RADIUS server is also needed to authenticate users.
Do I need to join InCommon or Internet2 to subscribe to eduroam?
No! eduroam is a separate service offered by Internet2 and InCommon. You can subscribe to the service regardless of your Internet2 member or InCommon Participation status.
Why 802.1X (WPA2-enterprise/WPA3-enterprise)? How is 802.1X better than other network access control systems?
Think about your experiences trying to join a traditional, web-based, visitor wireless network.
First, you have to determine the correct SSID. Then you might encounter a captive portal that requires opening a web browser that might not load, a tedious user agreement, or providing form-of-contact information.
This process is either weakly encrypted or unencrypted. A network with a password is easier to join, but an attacker can easily decrypt your traffic with the widely available password. Each visited institution has a slightly different method, and connecting to the network—the first stage of work for visiting students, faculty, researchers, and staff—becomes a burden.
eduroam simplifies device configuration. Joining the consistently named eduroam SSID becomes automatic.. The device profile securely presents the user’s identity and enables enterprise-level encryption on Wi-Fi. Captive portals are banned!
How long does it take to connect my institution to eduroam?
There are two different aspects of the eduroam service:
Setting up the SSID for users to connect at your organization and
adding your users to the eduroam service so they can connect at other locations.
Making your institution into an eduroam hotspot requires broadcasting the network name across campus and can typically be configured over a weekend.
Configuring a RADIUS server and connecting it to the national infrastructure can take a few days. This step will allow your users to roam to other eduroam locations.
Third, you also need to configure your users’ devices with eduroam profiles and market the new benefits!
Internet2 provides several guides to help you get started, and there is a great community waiting to help answer your questions.
How does a user roaming with eduroam get support?
Users should make sure eduroam is working before they leave their home location. Once on the road, users should contact their home helpdesk for support. Their helpdesk can use the tools Internet2 provides to troubleshoot issues.
How are abuse complaints handled?
For DMCA complaints, the request can be forwarded directly to the user’s home organization. The users’ realm name (@
example.edu
) can be found in the location’s RADIUS logs.
Who can set up eduroam?
Any U.S.-based research organization or higher-education institution is eligible to use eduroam.
ANY organization or company can host an eduroam location for FREE!
How does Internet2 engage with the eduroam community?
To support engagement with the eduroam community, Internet2 sought knowledgeable, motivated volunteers to form the eduroam Advisory Committee. The eduroam-US Advisory Committee (“eAC”) is an advisory body to the InCommon Steering Committee. Its role is to help formulate strategies and practices for US and global research and education roaming networks, report any findings, and make recommendations to InCommon Steering and Internet2.
The eAC meets regularly and creates working groups as needed. You can view the committee’s charter, learn more about its mission, and view publicly available meeting minutes on its wiki page.
Secure Connections
Securely connecting to Wi-Fi is as simple as roaming to an eduroam location. If configured, users’ devices will automatically connect to eduroam. Users  are first remotely authenticated, and then locally authorized to access eduroam.
Is it a security risk that RADIUS relies on a shared secret?
This is one of the biggest benefits of eduroam operating as a federation. Internet2 and InCommon enforce that RADIUS secrets are no shorter than a designated length. eduroam locations must specify their IP addresses to ensure traffic is coming from a well-known location. eduroam also requires users to use an EAP method to encrypt their authentication.
What tools are in place to address local security incidents on the eduroam network?
Internet2 and InCommon provide a set of testing and logging tools to help you manage your eduroam users. You can also use all of your standard WiFi and RADIUS investigative tools to troubleshoot and review issues further.
Is there an overview of eduroam’s security practices?
Yes. All eduroam locations are required to follow the
eduroam Compliance Statement
. Internet2, as the National Roaming Operator (NRO) of eduroam in the US, is required to ensure compliance by any organization that connects through Internet2 to the larger eduroam federation.
Quick Links
US eduroam subscriber information
eduroam Federation Manager Portal
Policies & Practices
eduroam Wiki and Knowledge Base
Get Started with eduroam