Network: Eduroam Technical Specifications


 *If you haven’t set up “eduroam” as a wireless network on your device, see the links at the bottom of the page

Question

How can Duke users connect to the eduroam wireless network?

Answer

Configuring wireless devices at Duke to connect to the Duke eduroam network will allow them to connect to eduroam zones at other participating institutions.

If you plan to use eduroam at other institutions, please configure your devices for the eduroam network while at Duke and verify their configuration before you travel. Note that a VPN connection may be necessary for access to some Duke resources while traveling.

The following network protocols will work at every institution:

HTTP, HTTPS, IMAP, IMAPS, SSH, SMTP(s), IPSec VPN, OpenVPN, Cisco IPSec VPN, PPTP VPN, IPv6 Tunneling, IPSec NAT Traversal, passive FTP, and RDP.

 

Some institutions will restrict the use of other protocols; this varies from site to site.

Technical Specifications

Using eduroam involves:

  1. A connection to the wireless network.
  2. Network authentication.
  3. Certificate handling.
Configuring a connection to the wireless network:

SSID (network name): eduroam
Security type: WPA2-Enterprise
Encryption type: AES

Duke eduroam supports two authentication methods; your client may support only one of these.

Configuring a network authentication method (Method #1):

Network authentication: Tunneled TLS (TTLS)
Inner authentication: PAP
Username/identity:  netid@duke.edu (where “netid” is your NetID)
Password: Your NetID password

Configuring a network authentication method (Method #2):

Network authentication: PEAP
Inner authentication: MSCHAPv2
Username/identity: netid or netid@win.duke.edu (where “netid” is your NetID)
Password: Your NetID password
(Note: this method actually uses your password in the WIN.DUKE.EDU domain.)

Some clients using this method will also require an outer identity.
Anonymous identity (outer identity): anonymous@win.duke.edu

Certificate handling:

Our RADIUS servers will present an InCommon (Comodo) certificate
Either enable certificate validation and accept this certificate, or if this is not possible, suppress certificate validation. Note that some devices will issue warnings because we have multiple servers providing these certificates.

Specific Instructions

For setup instructions for specific operating systems, click one of the following links: