...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="26de191fec99992b-159338e2-45a34ddf-89ec92d5-b99eaf1aadef5b1e6311a02f"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Associated WLAN station 64:b9:e8:a0:2e:a4 [] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8f4ad610390ae164-9c3739e1-49244a5a-b45aa51b-c7e91244cbc5f2f68d8b4949"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] WLAN station 64:b9:e8:a0:2e:a4 [] authenticated via 802.1x [user name is certuser-2010-001@restena.lu] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5fe1e78a2de1029f-4c2c4d33-48284e4c-90beb5c5-0540a3f081ccea7779f55ec2"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Key handshake with peer 64:b9:e8:a0:2e:a4 successfully completed | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8d48403e567843a3-ec7c6d87-4223458a-b79da5a2-2135f1358a11c326d7c9b325"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Connected WLAN station 64:b9:e8:a0:2e:a4 [] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ace27f43b48a8c8c-9075700e-420746ce-adf98dab-bb9389c564031aae7ce173a7"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Determined IPv4 address for station 64:b9:e8:a0:2e:a4 []: 158.64.3.24 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="88a350d43201f6fa-a2fd8312-412246b8-a15f8b05-747000f556203d0b5faab880"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Determined IPv6 address for station 64:b9:e8:a0:2e:a4 []: 2001:0a18:0000:0403:66b9:e8ff:fea0:2ea4 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e1126908ea055726-3748bcd5-49274878-a6ff8d89-040722c8f562fdeacdb24af6"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Determined IPv6 address for station 64:b9:e8:a0:2e:a4 []: fe80:0000:0000:0000:66b9:e8ff:fea0:2ea4 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="71e5eed813dd84cd-0cbbcf22-463b4373-99b78b6d-d7579e66ad3945200c478f0d"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Disassociated WLAN station 64:b9:e8:a0:2e:a4 [] due to station request (Disassociated because sending station is leaving BSS | ]]></ac:plain-text-body></ac:structured-macro> |
...
It is required to log these notices to an external syslog server, since the syslog buffer in the device fills quickly and the information would be lost otherwise. Add your syslog server by selecting the menu item "Configuration" > "Log &Trace" > "Syslog" and make sure the box "Send information..." is checked (it is by default) (see screenshot).
Then click on "Syslog servers" and on the following page "Add".
...
The network name (SSID) for an eduroam SP is usually "eduroam", and the SSID needs to be broadcasted. Unfortunately, the network cannot be set up via the corresponding wizard, since the wizard only allows to configure WPA-Personal authentication, not eduroam's WPA-Enterprise. So, the necessary settings can only be found under "Configuration" > "Wireless LAN" > "General". (see screenshot)
First, we need to enable the MAC to IP address logging. This is done by checking the box "ARP handling". You should also make sure that you enter the correct country on this page, since the country setting makes your device conformant to national regulations for radio usage.
...
After these settings, go to the sub-menu "Logical WLAN setting – Network", see screenshot below.
The device offers eight independent networks. Choose one you want to use for eduroam (for example: WLAN-1) and click on its entry. Now set the properties of this network as follows:
...
Select "Configuration" > "Wireless LAN" > "IEEE 802.1X" > "RADIUS server" and click on "Add". (see screenshot below).
Then, fill in your RADIUS server details as negotiated with your eduroam IdP or federation operator.
In the second step, we'll apply the RADIUS server and encryption scheme to the SSID eduroam. To do that, go to the menu "Configuration" > "Wireless LAN" > "802.11i/WEP" > "WPA or Private WEP settings". Then, click on the WLAN network which you chose for the "eduroam" SSID before (see screenshot).
Set the following entries:
...
Upload them using the File Type "RADSEC ..." as in the screenshot below.
Then, go to "LCOS Menu Tree" > "Setup" > "IEEE802.1X" > "RADIUS Server" and set the Protocol option to "RADSEC", as in the screenshot below. The shared secret is not security-relevant when using RADIUS/TLS, but it must be set nevertheless. eduroam uses the fixed string "radsec" for all RADIUS/TLS shared secrets.
