What's eduroam?

eduroam in METU was started in October 2007 as part of the eduroam project - being the first among Turkish universities. (eduroam is the short form of educational roaming).

eduroam is running on RADIUS based infrastrucrute and using the 802.1x security standard, aims the ease of network usage of eduroam member users at other member eduroam institutions. The users of eduroam member institutions use the user code password duo for connecting the network at other eduroam member institutions. When the user sends a connection request to connect the "eduroam" broadcast, the authentication server of the host institution forwards the request of the user to his/her home institution and determines if the user is to be authenticated or not. All these queries are accomplished inside an encrytped tunnel so the password of the user is visible only at the home institution. So the only thing that the user has to do at the host institution is to define the eduroam wireless network as a home broadcast.

eduroam structure

As of April 2008, there are 9 institutions that are a part of the eduroam network in Turkey:

  • Middle East Techncial University
  • Ankara University
  • Çanakkale March 18th University
  • Erciyes University
  • Uşak University
  • Dokuz Eylül University
  • Karadeniz Technical University
  • TÜBİTAK Main Building
  • Eskişehir Osman Gazi University

    You can get the current list of the participants from here.

    Eduroam project has a hierarchical structure and the member institutions has to be a member of the federation of their country. The universities in Turkey has come together under the umbrella of ULAKNET. Federations are also a member of confedereations as an outcome of the hieracrhial structure. There are currently two confedereations around the world, Europe and Asia-Pasific Confederations. The website of the federation in Turkey is at http://eduroam.ulakbim.gov.tr

    The institutions that want to be a part of the eduroam project in Turkey has to accept, fulfill and sign the agreement (in Turkish) that's prepared by ULAKBIM.

    The guest users are considered to accept the policies of network usage of the host institution and the federation. Below you can find the links to the network utilization policies of METU CC and ULAKNET.

  • ULAKNET Network Usage Policy (In Turkish)
  • METU Information Technology Resources Use Policy (In English)

    User activities are logged within periods determined by the law by network group, with the help of active IPS/IDS systems.

    The location of the devices that make eduroam broadcast

    The devices that give wireless network services with eduroam SSID are listed as follows:

  • Computer Center
  • All halls and floors of the Library
  • All halls of the Cultural and Convention Center
  • Computer Engineering
  • Aysel Sabuncu Life Center
  • Old Residence (backside Is Bank)
  • ODTÜKENT Residence site
  • Guest Houses
  • 2. Dormitory APs

    Webcaching Service at METU

    METU CC is offering webcaching services for faster web site access for the users that utilize its network services. The users who connect via eduroam can also utilize this service after making the necessary configurations to their web browser. The information regarding the webcaching service can be obtained from the following website:

    Webcaching service at METU

    An examination of the structure

    Here, the first aim is to setup a secure campuswide wireless network. This secure network is built up on the idea of eduroam. Thus, when a similiar configuration is applied on the whole academic networks of Turkey, a non-problematic transition can be possible.


    • Inside METU campus, two kinds of access points, Cisco and HP Procurve, are used.
    As can be understood from the drawing, the configuration that's been setup offers WPA(2) for security. Beside this security solution, for the ease of authentication of users, TTLS (PAP) had been chosen. This current configuration requires the user to have only one server certificate for EAP and user certicifate will not be used. .

    The request that comes to RADIUS server enables the set up of a mutual tunnel and the information that comes through this tunnel is revealed and sent over to LDAP to be querried. If the LDAP server verifies the username and the password, the system accepts the user.

    On the user side, for Microsoft operating systems that are widely used throughout the campus, SecureW2 software had been thought to be appropriate. For the ease of use and configuration, a setup package had been created for Windows XP operating systems. This package can be downloaded from here. The package should be installed to a directory, unzipped, and then the setup should be started. All the configuration will be done automatically on the system. The support for other operating systems are available on the mentioned web site.

    You can logon to the system without the presence of the package, using TTLS (PAP). Today, many wireless access points support this protocol.

    For Linux operatign systems wpasupplicant application can be used.
    For this, ca.metu.edu.tr.cer and wpa_supplicant.conf files should be downloaded and introduced to the system. 

    		aptitute search wpasupplicant
		
    
		aptitute install wpasupplicant
		
    
		*** or you can download the lastest version from http://hostap.epitest.fi/releases and install the application	 .
		
    
		mkdir /etc/wpa_supplicant/
		
    
		cp wpa_supplicant.conf /etc/wpa_supplicant/
		
    
		cp ca.metu.edu.tr.cer /etc/wpa_supplicant/
		
    
		*** Here personalize the wpa_supplicant.conf file for your choices.
		
    
		wpa_supplicant -w -B -Dwext -iwlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
		
    
		* Here the interface name is taken as wlan0
		
    
		or
		
    
		wpa_supplicant -ieth1 -c/etc/wpa_supplicant/wpa_supplicant.conf
		
    
		* Here the interface name is taken as eth1
		
    
		*** If you encounter any problems, apply to the wpasupplicant application user manual.
    wpa_supplicant.conf file :

    		# eduroam
    
		network={
    
    			ssid="eduroam"
    
    			scan_ssid=1
    
    			key_mgmt=WPA-EAP
    
    			eap=TTLS
    
    			phase2="auth=PAP"
    
		        anonymous_identity="anonymous@metu.edu.tr" 
    
    			identity="user_name" 
    
    			password="your_password"
    
    			ca_cert="/etc/wpa_supplicant/ca.metu.edu.tr.cer"
    
		}
    Of course, the operating systems keep changing day by day. For this reason, the procedures described above are for exemplifying the user. The methods can vary from distribution to distribution.

    Actually, the wpa_supplicant application (http://hostap.epitest.fi/wpa_supplicant/)can be used for Linux, BSD ve Windows operating systems.
    Questions and suggestions

    For the problems you may encounter or for the suggestions about the eduroam service at METU you can use the address below:

    [ccnet at metu.edu.tr]

    Links:

  • The Federation in Turkey ULAKNET (*) this paragraph is taken from this site
  • The Website of the European and Asia-Pasific Confederation