What is eduroam?

eduroam wireless network transmission in METU was launched by the METU CC in October 2007 as a first within the project of eduroam at Turkish universities ('eduroam' is short for educational roaming).

Eduroam aims at providing the users of member institutions of eduroam to be able to connect to the network at other education institutions through RADIUS based structure, using the 802.1x security standards. The users of eduroam member institutions can use their username password duals that they use at their own institution in order to connect to the network at other member institutions. When the user sends a connection demand to the host eduroam transmission the host server directs it to the guest users' home server to decide if the user is authorized or not. Since all this is conducted through a secure tunnel between the host and the home, it prohibits the revelation of the user's username password dual except at the user's home server. All such users need to do is to define the eduroam wireless network of his host as he was connecting to his home wireless network.

The structure of eduroam

As of April 2008 there are three institutions that have joined the eduroam project:

• Middle East Technical University
• Ankara University
• Çanakkale 18 Mart University

An updated member list can be reached here.

Eduroam project has its own structural hierarchy and member institutions become a member of the federations they are related to. The institutions in Türkiye are gathered under ULAKNET the Turkish federation authority. Federations, are similarly due to the structural hierarchy, a member of eduroam confederation. At the moment there are two, the European and Asia-Pacific confederations. The web page of the federation in Türkiye is at the http://eduroam.org.tr/ address.

Institutions wanting to participate eduroam in Türkiye are to comply with the clauses stated in the membership document and sign the agreement prepared by Ulakbim and published at this address. Users connected to this network are assumed to agree with the policies of use of the network and the resources of the hosting institution, and the institution acting as the federation:

• ULAKNET Usage Policies
• METU Informatics Resources Usage policies

User activities are monitored and recorded by means of Active IDS/IPS systems with the durations depicted by law.

Network devices conducting eduroam transmission in METU Campus

Devices that function to transmit eduroam SSID in METU Campus are located at:

• The Computer Center
• The Library-all floors and halls
• Cultural & Convention Center-All Halls
• Computer Engineering
• Aysel Sabuncu Life Center
• First Lodgings (Behind Işbank) location-all access devices
• ODTÜKENT Lodgings Location
• Guest Housings

eduroam inside METU:

Two different brands of access devices, Cisco and HP, are being used within the campus.

As can be understood from the figure the structure devised provides WPA(2) security solution. Besides this solution it was found appropriate to use TTLS (PAP) for easy authorization. With this structure the user will need only one EAP user certificate in the current system and user certificate will not be necessary.

The demand arriving at RADIUS will cause a mutual tunnel to be formed and the info arriving will be deciphered by RADIUS and will be directed to LDAP via the secure network. If LDAP confirms user name and password, the system will accept the user.

eduroam outside METU or from outside METU: The flow chart below shows how users as guests from other eduroam member universities to our university or our staff visiting another eduroam member university will make use of the wireless network once the necessary settings are done and username/password is authorized.

The preliminary condition with this chart is that both the visited and the home university network systems must be able to support eduroam and the necessary settings of the user computer should have been adjusted. With this facility a METU academic wishing to connect to the network of the campus she/he is visiting may do so by using <user_code>@metu.edu.tr and her/his password and through the host university RADIUS which confirms the account from METU.

Operating System Support:

For this system to operate, for MS operating systems widely used in campus, the usage of the software SecureW2 (http://www.securew2.org) yazılımının kullanılması is anticipated. An XP installation package named eduroam_securew2.zip has been devised for easy installation and automatic setting adjustments. The package may be downloaded from http://eduroam.metu.edu.tr/eduroam_securew2.zip address. The downloaded files should be unzipped in a directory and the installation be started. The system will adjust all the settings. For Linux based systems the wpa_supplicant software, and for Mac OS network management software of the operating system -after the certificate is downloaded- is enough.

Resources:
http://www.eduroam.org
http://eduroam.metu.edu.tr
http://eduroam.org.tr/

İbrahim Çalışır - Suna Yılmaz