eduroam

What is eduroam?

eduroam is short for "education roaming".

eduroam is a global service enabling staff and students of educational, research and related institutions to visit another eduroam participating institution and connect to the visited institution's wireless network automatically, i.e. with minimal effort for both user and visited institution.

Eduroam infrastructure provided by CAVAL and other Australian and international research and education institutions, and AARNet and other international eduroam service operators, enables visitors to CAVAL’s offices from eduroam participating institutions to access CAVAL’s wireless network via eduroam.

In essence, eduroam institution visitor's to CAVAL are granted access to CAVAL’s network by virtue of their successful remote authentication by their home institution via eduroam infrastructure.

If configured correctly, an eduroam user should be able to get a network connection at CAVAL just by opening their laptop or activating their phone or other mobile device.

More about eduroam is available from AARNet, the eduroam AU ‘roaming operator’.

eduroam Policy

Trust in eduroam authentication is under-pinned by use of a proven secure technical infrastructure and protocol, and a set of policies to which all eduroam participants are required to comply.

In participating in eduroam AU, CAVAL agrees to conform to the Global eduroam Policy and the eduroam AU policy maintained by AARNet.

What is the users' responsibility in using eduroam?

The eduroam AU policy states that users must conform to their home institution's network Acceptable Use Policy (AUP). In the case of identified network abuse, CAVAL will coordinate with the relevant home institution to identify the user and the home institution will take action against the user as if the abuse occurred on its own network.

Users are recommended to read and comply with the Acceptable Use Policy of visited institutions. Visiting eduroam users should refer to CAVAL's Acceptable Use Policy.

What about user privacy?

When using eduroam, the eduroam protocol prevents your institutional password from being revealed to any eduroam server other than your home institution’s eduroam server. So your login password is protected and remains secret between you and your home institution.

However your username is visible to the CAVAL RADIUS server and other eduroam infrastructure servers involved in getting your authentication request from your device to your home institution, and may be included in logs. Such logs are required to be protected by the institution running the RADIUS server.

CAVAL Staff using eduroam

At the current time CAVAL operates as an eduroam “service provider” only, meaning that CAVAL staff cannot access eduroam at other institutions

CAVAL’s Wireless Settings

SSID (Network Name)

eduroam

Wireless Network Connection Protocol

WPA2 Enterprise

Data Encryption Method

AES

Visitors using eduroam

Who can use eduroam at CAVAL?

eduroam is available to users from Australian and international institutions engaged in research and/or education participating in the global eduroam service as ‘identity providers’.

How do I use eduroam at CAVAL?

Note: as an eduroam user, you should have already configured access to eduroam while on your home campus, using the authentication parameters provided by your home institution local eduroam webpage.

The wireless encryption protocol used by CAVAL access points is the WiFi standard "WPA2/AES" (also called WPA2 Enterprise). Accessing eduroam successfully within CAVAL requires only that your device’s configured wireless network connection and encryption protocol is compatible. Due to near-ubiquity of "WPA2/AES" support by institutional wireless access points, it is pretty much guaranteed that your wireless connection will be configured correctly if you’ve already tested your eduroam authentication on your own campus.

Note: There is no need to change any of your authentication parameters. These are only relevant to your home institution. If you have successfully configured authentication to eduroam at your home institution, you should be able to access CAVAL's network via eduroam with no change to your setup.

Where exactly can I use eduroam within CAVAL?

CAVAL provides eduroam at the following locations:

  • CAVAL Administration Building

  • CAVAL CARM stores

Network Services Provided

CAVAL provides full outbound access with NAT’ed IP addresses. In other words, you can access any services you normally do e.g. the Internet, your institution via VPN etc.

How do I get support in using eduroam?

When you're on a CAVAL campus and connect to eduroam, due to relative complexity of wireless and eduroam infrastructures, you may experience difficulty in getting a network connection due to several reasons e.g. an issue with your device configuration such as expired institutional password, wireless networking, institutional eduroam operability or eduroam infrastructure operability.


If network access issues occur, in the first instance eduroam users should contact their home institution's IT helpdesk to seek support.

If this is not possible, or if the home institution can’t resolve the issue, visiting users may contact the CAVAL IT support (caval.support@caval.edu.au).

If required, your home institution's or CAVAL eduroam support staff will contact AARNet, the eduroam AU national roaming operator, for additional assistance.

What eduroam usage logs are kept by CAVAL and what are they used for?

The eduroam trust model (between institutions remotely authenticating their users, and other institutions providing network access, via eduroam) is supported by the ability to trace a particular network access event to an authentication of a 'real user' by their home institution.

Home institutions agree to take appropriate action on behalf of visited institutions in case a user doesn’t comply with the home institution’s network AUP.

In order to provide this traceability, remote authentication and network access transactions via eduroam are logged by CAVAL, with logs being retained for a period of six months. Access to usage logs is restricted to authorised personnel and authorities as required by the law.

Usage logs may also be used for purposes of service trouble-shooting and user support.