Trouble configuring eduroam

  • 1
  • Question
  • Updated 1 month ago
Hello.
I am having trouble getting an eduroam network to work in the research institution I work for. We use a ZoneDirector 1200 with Smart Redundancy.
ZoneDirector had two AAA Servers for Active Directory authentication. To work eduroam, I set up two more AAA Servers:
RADIUS, no encryption, Auth method PAP, Backup RADIUS disabled, port 1812, request timeout 3, max number of retries 2;
RADIUS Accounting, no encryption, backup RADIUS, port 1813, request timeout 3, max number of retries 2. 
Guests and staff can access wifi without problems. Eduroam users can't.
ZoneDirector authentication / accounting tests for the RADIUS server results in Failed: invalid username or password (I used a valid password to test). RADIUS Accounting test results in Success! This accounting server is available.

Other information:
1 - DHCP server is not ZoneDirector.
2 - A NAT firewall exists between ZoneDirector and the RADIUS and RADIUS Accounting servers. Then the ZoneDIrector IP is translated to an IP on the same network as the RADIUS and RADIUS Accounting servers.
3 - When I try to connect to the eduroam network using my password, it gets endlessly getting IP address.

Can someone help me?

Photo of Antonio Albuquerque

Antonio Albuquerque

  • 5 Posts
  • 0 Reply Likes

Posted 1 month ago

  • 1
Photo of Antonio Albuquerque

Antonio Albuquerque

  • 5 Posts
  • 0 Reply Likes
More information: 
I already had two WLANs: one for guests (vouchers) and one for employees. I created a WLAN called eduroam with the following configuration:
General Options
Name / ESSID *: Eduroam
ESSID: eduroam
Description: Eduroam

WLAN Usages
Type: Standard Usage

Authentication Options
Method: 802.1x EAP
Fast BSS Transition: disabled

Encryption Options
Method: None

Options
Authentication Server: RADIUS
Wireless Client Isolation: Isolate wireless client traffic from other clients on the same AP
(no Isolate wireless client traffic from all hosts ..., and no whitelist)
Zero-IT Activation: disabled
Priority: High

Advanced Options
Only the following options are selected:
Accounting Server: RADIUS Accounting - Send interim-update every 5 minutes
Access Control: No ACLs, Device Policy None, Precedence Policy Default
Rate Limiting: Uplink disabled, Downlink disabled
VLAN Pooling: None
Access VLAN: 1 (disabled Dynamic VLAN)
Load Balancing: Do not perform client load balancing for this WLAN service
Band Balancing: Do not perform Band Balancing on this WLAN Service
Max Clients: Only allow up to 100 clients per AP radio to associate with this WLAN
802.11d: Support for 802.11d selected
Client Fingerprinting: Enable Client Fingerprinting
Service Schedule: Always on
Auto-Proxy: Enable Auto-Proxy Configuration
External Server: xxx.xxx.48.1
Inactivity Timeout: terminate idle user session after 5 minutes of inactivity
Photo of Michael Brado

Michael Brado, Official Rep

  • 3047 Posts
  • 435 Reply Likes
I only find one previous ticket on "eduroam", and they used with Cloudpath Enrollment System.
Otherwise, I cannot find any other info on what it takes to use "eduroam" with AAA for 802.1x, sorry.