Getting involved in eduroam

In order to get your institution connected to eduroam you need to agree with our policy and make your LAN 802.1X enabled. Follow the steps below to join

1. Build your infrastructure 802.11 and broadcast ” eduroam” SSID on your home campus;

2. You need a RADIUS server to provide authentication services 802.1X. Popular choices are :

      > FreeRADIUS

      > Radiator

      > Cisco ACS

3. Choose an authentication type

To encrypt your user name and password, your home institution may choose either the open standard EAP/TTLS or Microsofts' solution EAP/PEAP or you can use the EAP/TLS with certificate.

The differences between this authentication types are listed in the following sheet :

EAP-Type Inner Password Notes
PEAP MSCHAPv2 MSCHAPV2 can only be implemented with clear-text password stored in the database. It can be implemented on Microsoft Windows clients without a party supplicant.
TTLS PAP,CHAP,MSCHAPv2 Works with MacOS X and Linux natively. MS Windows users can use the SecureW2 Supplicant.
TLS Certificate Only Use certificates for both user and server.

You are not necessarily limited to use only one authentication type if your RADIUS service can support multiple types simultaneously.

4. Contact team.

Send us an email at

5. Test the connectivity with the help of the team;

6. Finally, sign the  policy.