Many public eduroam SPs are not members of the academic and research community. And they may have limited local resources which hinder their ability to meet the minimum requirements for eduroam.

In order to facilitate such organisations to become an eduroam SP, outlined below are two of the possible architectures that we support.

Scenario 1: Connectivity via an academic partner

The preferred approach is for the public eduroam SP to act in cooperation with an academic partner so that their eduroam WiFi service benefits from the typically high-capacity upstream bandwidth and security policies of an Irish academic organisation.

This requires that a private link exist between the SP and the academic partner.

eduroam SP, via an academic partner

Architecture details:
  • The public eduroam SP configures their WiFi controller(s), or local Radius service, to authenticate via the academic partner Radius service.
  • Once authenticated, eduroam user traffic is passed to the academic partner, who routes it onwards via their own Internet provider.
  • The academic partner provides the DHCP service for eduroam users.
  • eduroam user traffic is subjected to the security policies of the academic partner.

Scenario 2: Connectivity via own provider

The alternative is for the public eduroam SP to use their own provider/ISP connectivity for eduroam user traffic. User authentication is facilitated via a HEAnet Radius service.

eduroam SP, via own provider

Architecture details:
  • The public eduroam SP configures their WiFi controller(s), or local Radius service, to authenticate via the HEAnet Radius service.
  • Once authenticated, eduroam user traffic is routed via the Internet provider of the eduroam SP.
  • The eduroam SP provides the DHCP service for eduroam users.
  • eduroam user traffic is subjected to the security policies of the eduroam SP.

Requirements

A public eduroam SP must meet the requirements described under: Become an eduroam SP