What is eduroam?
eduroam wireless network transmission in METU was launched by the METU CC in October 2007 as a first within the project of eduroam
at Turkish universities ('eduroam' is short for educational roaming).
Eduroam aims at providing the users of member institutions of eduroam to be able to connect to the network at other education institutions through
RADIUS based structure, using the 802.1x
security standards. The users of eduroam member institutions can use their username password duals that they use at their own institution in order to
connect to the network at other member institutions. When the user sends a connection demand to the host eduroam transmission the host server directs
it to the guest users' home server to decide if the user is authorized or not. Since all this is conducted through a secure tunnel between the host
and the home, it prohibits the revelation of the user's username password dual except at the user's home server. All such users need to do is to
define the eduroam wireless network of his host as he was connecting to his home wireless network.
The structure of eduroam
As of April 2008 there are three institutions that have joined the eduroam project:
An updated member list can be reached here.
Eduroam project has its own structural hierarchy and member institutions become a member of the federations they are related to. The institutions
in Türkiye are gathered under ULAKNET
the Turkish federation authority. Federations, are similarly due to the structural hierarchy, a member of eduroam confederation. At the moment there
are two, the European and Asia-Pacific confederations. The web page of the federation in Türkiye is at the http://eduroam.org.tr/
Institutions wanting to participate eduroam in Türkiye are to comply with the clauses stated in the membership document and sign the agreement
prepared by Ulakbim and published at this address.
Users connected to this network are assumed to agree with the policies of use of the network and the resources of the hosting institution, and
institution acting as the federation:
User activities are monitored and recorded by means of Active IDS/IPS systems with the durations depicted by law.
Network devices conducting eduroam transmission in METU Campus
Devices that function to transmit eduroam SSID in METU Campus are located at:
- The Computer Center
- The Library-all floors and halls
- Cultural & Convention Center-All Halls
- Computer Engineering
- Aysel Sabuncu Life Center
- First Lodgings (Behind Işbank) location-all access devices
- ODTÜKENT Lodgings Location
- Guest Housings
eduroam inside METU:
Two different brands of access devices, Cisco and HP, are being used within the campus.
As can be understood from the figure the structure devised provides WPA(2) security solution. Besides this solution it was found appropriate to use
TTLS (PAP) for easy authorization. With this structure the user will need only one EAP user certificate in the current system and user certificate
will not be necessary.
The demand arriving at RADIUS will cause a mutual tunnel to be formed and the info arriving will be deciphered by RADIUS and will be directed to LDAP
via the secure network. If LDAP confirms user name and password, the system will accept the user.
eduroam outside METU or from outside METU:
The flow chart below shows how users as guests from other eduroam member universities to our university or our staff visiting another
university will make use of the wireless network once the necessary settings are done and username/password is authorized.
The preliminary condition with this chart is that both the visited and the home university network systems must be
able to support eduroam and the necessary settings of the user computer should have been adjusted. With this
facility a METU academic wishing to connect to the network of the campus she/he is visiting may do so by using <user_code>@metu.edu.tr
and her/his password and through the host university RADIUS which confirms the account from METU.
Operating System Support:
For this system to operate, for MS operating systems widely used in campus, the usage of the software SecureW2 (http://www.securew2.org) yazılımının kullanılması is anticipated. An XP installation
package named eduroam_securew2.zip has been devised for easy installation and automatic setting adjustments. The package may be downloaded from
http://eduroam.metu.edu.tr/eduroam_securew2.zip address. The downloaded files should be
unzipped in a directory and the installation be started. The system will adjust all the settings.
For Linux based systems the wpa_supplicant software, and for Mac OS network management software of the operating system -after the certificate is downloaded- is enough.
İbrahim Çalışır - Suna Yılmaz