Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Reference Campus Setup

Introduction

Campus networks vary widely in such things as topology, equipment used, software, and so on. In order to assist a campus administrator in setting up eduroam on their campus, this section presents the implementation of a typical setup. It is hoped that this will allow users of different topologies and/or equipment to understand the necessary steps to take. Furthermore, in the appendices the same setup will be expanded for a number of other common types of equipment and software. Lastly, we are planning to provide these and future example configurations on the website http://www.eduroam.org.

...

The network topology is as follows:

Figure 3.1: Network Topology (NEED TO RE_CREATE DIAGRAM PAGE 23??)

In this setup, wireless users are separated in different VLANs: VLAN906 for administrative users and VLAN909 for normal eduroam users. The next table describes each VLAN used in this document:

VLAN ID

Propose

901

VLAN for internet access – access to core routers

902

The Administrative VLAN of the hotspot (AP's; RADIUS; etc.)

903

VLAN with open SSID for giving information about the institute

906

VLAN reserved for administrative users

909

VLAN reserved for 'normal' eduroam users

Table 3.1: VLAN description

The next table describes the IP configuration for the router sub-interfaces and what networks are configured for each VLAN:

Interface

802.1Q Tag

Interface IP Address

DHCP Pool

What is accessible in this network

FE0.901

901

Some public IP address

N/A

 


FE0.902

902

192.168.10.254

N/A

AP's; RADIUS Server

FE0.906

906

10.9.6.254

10.9.6.0/24

administrators

FE0.909

909

10.9.9.254

10.9.9.0/24

eduroam clients

Table 3.2: Router Configuration

Configuring the Ethernet switch for eduroam

In order to gain access to the Internet the configuration of the Ethernet switch needs to be changed. You must create a VLAN in which the Access Points will be placed, and provide it with the correct IP-address and gateway information. This can be done with the commands described below.

The next table describes the VLAN associated with each Port of the switch and what equipment will be connected to that specific port.

Port

VLAN configuration
(T – Tagged; U – Untagged)

What is connected to it

1

U (902)

RADIUS Server

2-47

U (902) T (909)

Access Points

48

U (901) T (902; 909)

Central Ethernet Switch

Table 3.3: Ethernet Switch Configuration

First configure the port where the RADIUS Server will be connected and put it on the Administrative VLAN:

...