eduroam at AARNet
Information for AARNet staff on configuring eduroam authentication is provided on the AARNet internal wiki.
The following information is targeted at both AARNet staff and visitors to AARNet.
Accessing AARNet's wireless network via eduroam
eduroam infrastructure provided by AARNet and global NRENs enables visitors from eduroam participating institutions to access AARNet's wireless network by virtue of remote authentication at their home institution.
The prerequisites for visitors accessing AARNet's wireless network via eduroam are:
1. You've already configured your device to successfully connect to the "eduroam" SSID automatically at your home institution, using authentication configuration parameters advised by your institution. That is, you've already confirmed that you authenticate successfully via eduroam.
2. Your device is configured to use the "WPA2 Enterprise" wireless protocol (the standard protocol aka WPA2/AES).
Note: as an eduroam user, you should have already configured access to eduroam while on your home campus, using the authentication parameters provided by your home institution local eduroam webpage.
Note: There is no need to change your authentication parameters. These are only relevant to your home institution. If you have successfully configured authentication to eduroam at your home institution, and if you've configured the wireless connection as WPA2 Enterprise (the standard), you should be able to access AARNet's wireless network via eduroam with no change to your setup.
Where can I use eduroam at AARNet?
AARNet provides eduroam at each of its offices: Sydney, Melbourne, Brisbane, Adelaide, Perth and Canberra.
Network services provided to visitors connecting via eduroam
AARNet provides full outbound access with NAT’ed IP addresses (i.e. any servers on those machines will not be accessible externally while connected to the AARnet network).
In allowing network access via eduroam, AARNet agrees to conform to the eduroam AU Policy and with the Global eduroam Policy - Appendix B: Administrative and technology compliance for eduroam Service Providers.
What is my responsibility in using eduroam?
eduroam policy requires that users must conform to their home institution's networking Acceptable Use Policy (AUP) You will likely have formally agreed to this when you joined your home institution.
eduroam policy recommends that users read and comply with the Acceptable Use Policy of visited institutions. Visitors accessing AARNet's wireless network via eduroam should refer to AARNet's Acceptable Use Policy.
If you do not conform to AARNet's AUP, AARNet may contact your home institution to report your activity and request action if your behaviour is non-compliant with your home institution AUP (see information on usage logs below).
How do I get support in using eduroam?
When you're on AARNet's premises and connect to eduroam, you may experience difficulty in getting a network connection due to several reasons e.g. an issue with your device configuration, wireless networking, institutional eduroam operability or eduroam infrastructure operability.
Your home institution's eduroam support staff will contact AARNet Pty Ltd for additional assistance.
If network access issues occur, in the first instance eduroam users should contact their home institution's IT helpdesk to seek support.
If this is not feasible, or if the home institution can’t resolve the issue, users may contact AARNet's eduroam support staff (phone, email).
For visitors who have previously configured authentication via eduroam and are experiencing issues connecting to eduroam at AARNet offices, please contact:
What about my privacy?
The eduroam protocol prevents your institutional password from being revealed to any eduroam server other than your home institution eduroam server. So your login password is protected and only known by you and your home institution.
Your username is revealed to the AARNet RADIUS server and other eduroam infrastructure servers involved in proxying your authentication request from your device to your home institution.
What Usage Logs are kept by AARNet and what are they used for?
Eduroam trust between AARNet and users’ home institutions (those authenticating their users) is supported by the ability to trace a particular network access event to an authentication of a 'real user' by their home institution.
Home institutions agree to take appropriate action on behalf of AARNet in case a user doesn’t comply with AARNet's network Acceptable Use Policy.
In order to provide this traceability, eduroam authentication events and network access transactions via eduroam are logged by AARNet, with logs being retained for a period of six months. Access to usage logs is restricted to authorised personnel and authorities as required by the law.
Usage logs may also be used for purposes of eduroam service trouble-shooting and user support.