Fortinet black logo

Eduroam Cookbook

Home FortiNAC-F 7.4.0 Eduroam Cookbook
7.4.0
7.4.0

Eduroam Feature Testing

Eduroam Feature Testing

Overview

Eduroam stands for Education Roaming. It allows students to access the internet across different academic institutions. This guide will help you set up an Eduroam environment.

An Eduroam environment with FortiNAC will allow you to create an authentication process for visitors from different institutions.

Suppose a Harvard student is visiting the MIT campus. He signs into his computer accessing MIT servers. The FortiNAC Eduroam process will kick in, forwarding the Harvard student’s request to Harvard, the institution he belongs to; Harvard will approve the request; finally, MIT will grant guest access to the Harvard student.

Eduroam works as follows:

  • A user from another institution is visiting

  • The Federation Level RADIUS Server (FLR) will forward the request to the proper institution

  • The proper institution will allow guest access

The authentication process will have the following flow:

  1. User joins the WI-FI network of the visiting institution and begins an authentication request.

  2. Authentication Server (FortiNAC) of the institution, which is called Service Provider, receives the authentication request from the user with different domain information.

  3. The Service Provider forwards the request to a Eduroam Federation Level RADIUS Server (FLR).

  4. FLR will forward the request to the institution to which the user belongs.

  5. This institution is the Identity Provider (IdP), which will authenticate the user.

  6. IdP send respond back to the FLR.

  7. FLR will forward accept response back to SP.

  8. SP will then place the user into roaming VLAN and allow the user with internet access.

Previous
Next

Eduroam Feature Testing

Overview

Eduroam stands for Education Roaming. It allows students to access the internet across different academic institutions. This guide will help you set up an Eduroam environment.

An Eduroam environment with FortiNAC will allow you to create an authentication process for visitors from different institutions.

Suppose a Harvard student is visiting the MIT campus. He signs into his computer accessing MIT servers. The FortiNAC Eduroam process will kick in, forwarding the Harvard student’s request to Harvard, the institution he belongs to; Harvard will approve the request; finally, MIT will grant guest access to the Harvard student.

Eduroam works as follows:

  • A user from another institution is visiting

  • The Federation Level RADIUS Server (FLR) will forward the request to the proper institution

  • The proper institution will allow guest access

The authentication process will have the following flow:

  1. User joins the WI-FI network of the visiting institution and begins an authentication request.

  2. Authentication Server (FortiNAC) of the institution, which is called Service Provider, receives the authentication request from the user with different domain information.

  3. The Service Provider forwards the request to a Eduroam Federation Level RADIUS Server (FLR).

  4. FLR will forward the request to the institution to which the user belongs.

  5. This institution is the Identity Provider (IdP), which will authenticate the user.

  6. IdP send respond back to the FLR.

  7. FLR will forward accept response back to SP.

  8. SP will then place the user into roaming VLAN and allow the user with internet access.

Previous
Next