AGRF’s eduroam network

What is eduroam?

Eduroam logo

eduroam is short for "education roaming".
eduroam is a global service enabling staff and students of educational, research and related institutions to visit another eduroam participating institution and connect to the visited institution's wireless network automatically, i.e. with minimal effort for both user and visited institution.

Eduroam infrastructure provided by Australian Genome Research Facility, AARNet and global NRENs enables a visitor's 'home institution' to authenticate the visitor remotely. Upon successful authentication, Australian Genome Research Facility grants wireless network access to visitors authenticated via eduroam.

If configured correctly, an eduroam user should be able to get a network connection at Australian Genome Research Facility just by opening their laptop or activating their phone or tablet device.

AGRF’s physical locations providing eduroam access to their networks are:

AGRF Perth
Level 6, MRF building
Royal Perth Hospital
Rear 50 Murray St
Perth, WA 6000

More about eduroam is available from AARNet, the eduroam AU ‘national roaming operator’.

eduroam policy

Trust in eduroam authentication is underpinned by use of a proven secure technical infrastructure and protocol, and a set of policies to which all eduroam participants are required to comply.

In participating in eduroam AU, AGRF agrees to conform to the Global eduroam Policy and the eduroam AU policy maintained by AARNet.

What is the users' responsibility in using eduroam?

The eduroam AU policy states that users must conform to their home institution's network Acceptable Use Policy. (AUP).
However visitors are recommended to read and comply with the Acceptable Use Policy of visited institutions. Visiting eduroam users should refer to Australian Genome Research Facility's AUP.

What about user privacy?

When using eduroam, the eduroam protocol prevents your institutional password from being revealed to any eduroam server other than your home institution’s eduroam server. Your login password is protected and remains secret between your connecting device and your home institution.

AGRF’s wireless settings

Table outlining AGRF's wireless settings
 

However, your username is visible to the AGRF’s RADIUS server and other eduroam infrastructure servers involved in routing your authentication request from your device to your home institution, and will be captured in RADIUS logs. Such logs are protected by AGRF and other eduroam AU national infrastructure from unauthorised access.


Using eudoroam at AGRF

Who can use eduroam at AGRF?

eduroam access to the AGRF network is available to visitors who are configured to be remotely authenticated by their home institution via the eduroam global infrastructure.

Users are strongly advised to have confirmed their eduroam authentication at their home institution, prior to visiting AGRF.

How do I use eduroam at AGRF?

Note: As an eduroam user, you should have already configured access to eduroam while on your home campus, using the authentication parameters provided by your home institution local eduroam webpage.

The wireless encryption protocol required by eduroam, as used by Australian Genome Research Facility access points, is WPA2/AES (also called WPA2 Enterprise). Accessing eduroam successfully within AGRF requires that your device’s configured wireless network connection and encryption protocol is WPA2/AES. Global eduroam policy requires use of WPA2/AES, hence your wireless connection will work correctly if you’ve already tested your eduroam authentication on your own campus.

Note: There is no need to change any of your authentication parameters. These are only relevant to your home institution. If you have successfully configured authentication to eduroam at your home institution, you should be able to access AGRF's network via eduroam with no change to your setup.

Where can I use eduroam within AGRF?

AGRF provides network access via eduroam at the following locations:

AGRF Perth
Level 6, MRF building
Royal Perth Hospital
Rear 50 Murray St
Perth, WA 6000

Network Services Provided

AGRF provides full outbound access with NAT’ed IP addresses. In other words, you can access any services you normally do e.g. the Internet, your institution via VPN etc. However, any servers running on your devices will not be accessible externally while connected to the AGRF network.


How do I get support in using eduroam?

When you're on an AGRF site and connect to eduroam, due to relative complexity of wireless and eduroam infrastructures, you may have issues in getting a network connection due to several reasons e.g. recent change of password, changed device configuration, overlapping eduroam wireless network, AGRF eduroam infrastructure operability or national/global eduroam infrastructure operability.

If network access issues occur, in the first instance eduroam users should contact their home institution's IT helpdesk to seek support.

If this is not possible, or if the home institution can’t resolve the issue, visiting users may contact the Australian Genome Research Facility IT support (phone, email).

If required, your home institution's or AGRF eduroam support staff will contact AARNet, the eduroam AU national roaming operator, for additional assistance.

What usage Logs are kept by AGRF and what are they used for?

The eduroam trust model (between institutions remotely authenticating their users, and other institutions providing network access, via eduroam) is supported by the ability to trace a particular network access event to an authentication of the user by their home institution.

Home institutions must take appropriate action on behalf of visited institutions in case a user doesn’t comply with the home institution’s network AUP.

In order to provide this traceability, remote authentication and network access transactions via eduroam are logged by AGRF, with logs being retained for a period of six months. Access to usage logs is restricted to authorised personnel and authorities as required by the law.

Usage logs may also be used for purposes of service trouble-shooting and user support.