We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Categories
Uncategorized

Walled garden for on-boarding user devices to eduroam – Technical deployment guide

One of the key barriers in successful deployment of eduroam, is around ensuring that users are adequately supported. 802.1x/WPA2 Enterprise configuration on the majority of devices is a little more complex than PSK-based Wireless solutions, which users are familiar with at home. As a result there is a need for on-boarding tools to be made available to users, such as eduroam CAT.

Organisations providing eduroam will need to provide access to their chosen on-boarding tool; typically they will be available via the organisations eduroam support web page. The challenge for many organisations is that devices need Internet access to visit to the organisations eduroam support web page, this usually isn’t a problem for mobile phones which usually have access to the Internet via the mobile network.

However, there are other situations which require an Internet connection or local network access to gain access to the on-boarding tools. This includes where organisations have poor mobile coverage, but also for tablets and laptop devices, which may not have access to the mobile network.

The solution deployed by many organisations is that of a ‘Walled Garden’, this is a network connection that enables sufficient access to download on-boarding tools, gain access to support webpage and any other relevant access, but it should fall short of providing full internet access.

Our work with the Further Education sector has highlighted the need for organisations deploying eduroam to also deploy a ‘Walled Garden’ to on-board large numbers of users onto eduroam, and to enable users to ‘self-service’. The ‘Walled Garden’ is typically made available by broadcasting an open wireless SSID.

The following Walled garden for onboarding user devices to eduroam guide is aimed to help you in configuring a walled garden network. This uses the walledgarden-preview
Open-source product pfSense, which is a Firewall solution based on FreeBSD. It’s a viable solution, even for organisations which typically don’t use Unix-based operating systems, since it is almost entirely configured through a web page, is comparable to appliance-based solutions, and is relatively easy to maintain and update.

pfSense can be configured to run in a Virtual Machine, this guide covers using VMware, but it can also be deployed in a Xen environment, or on physical hardware.

 

Leave a Reply

Your email address will not be published. Required fields are marked *