using Eduroam at TRI
What is eduroam?
eduroam is short for "education roaming".
eduroam is a global service enabling staff and students of educational, research and related institutions to visit another eduroam participating institution and connect to the visited institution's wireless network (SSID “eduroam”) automatically, i.e. with minimal effort for both user and visited institution.
Eduroam infrastructure provided by TRI, AARNet and global participants enables an TRI visitor's 'home institution' to authenticate the visitor remotely. Upon successful authentication, TRI grants wireless network access to the visitor. Other eduroam participating institutions similarly grant network access to visiting users from TRI.
If configured for automatic connection to the eduroam SSID, eduroam users should be able to get a network connection at a visited institution just by opening their laptop or activating their phone or tablet device.
AARNet is the eduroam AU ‘national roaming operator’ (NRO), hosting the national eduroam infrastructure enabling AU institutions to participate in eduroam nationally and globally.
eduroam Policy
Trust in eduroam authentication is underpinned by use of a secure technical infrastructure and protocol (ensuring user credentials are kept secret between users and their home institution), and a set of policies to which all eduroam participants are required to comply.
In participating in eduroam AU, TRI agrees to conform to the Global eduroam Policy and the eduroam AU policy (maintained by AARNet as the NRO).
What is the users' responsibility in using eduroam?
The eduroam AU policy states that users must conform to their home institution's network Acceptable Use Policy (AUP).
As the community of users of eduroam consists of users from institutions engaged in research and/or education, an assumption underpinning eduroam trust is that those institutions will have roughly equivalent network acceptable use policies, including restrictions on activities which may be performed on the network.
TRI reserves the right to monitor use of its eduroam network, and if TRI’s institutional network acceptable use policy is contravened by an eduroam user, TRI reserves the right to prevent that user’s access to the TRI eduroam network and report the action to the user’s home institution. An eduroam user’s home institution is expected to respond as if the incident had occurred on the home institution’s own network.
What about user privacy?
When using eduroam, the eduroam protocol prevents your institutional password from being revealed to any eduroam server other than your home institution’s eduroam server. So your login password is protected and remains secret between you and your home institution.
However your username is visible to the TRI institutional RADIUS server and national and global eduroam infrastructure servers involved in routing your authentication request from your device to your home institution, and may be included in logs. Such logs are required to be protected by the institution running the RADIUS server.
TRI's Wireless Settings
| SSID (Network Name) | eduroam (case sensitive) |
| Wireless Network Connection Protocol | WPA2 Enterprise |
| Data Encryption Method | AES |
TRI Users using Eduroam
Device configuration scripts are provided by the “eduroam Configuration Assistant Tool”.
Visit https://cat.eduroam.org/
Click on the large button with text:
eduroam user: download your eduroam installer.
Choose "Translational Research Institute" from the list of Home institutions.
Click on All platforms to see which scripts are available.
Note: In case you need to perform your eduroam authentication configuration manuallyon your device, configure the following authentication parameters:
| Security | WPA2-Enterprise |
| Encryption | AES |
| EAP Method | PEAP |
| Inner Method | MSCHAPV2 |
| Identity | <TRI_username>@tri.edu.au |
| Anonymous Identity | Do not configure an anonymous identity |
| CA Certificate | Select <TRI RADIUS server certificate CA name> |
Click on the information (i) button for instructions on how to use the network configuration executable/script.
Visitors Using eduroam at TRI
Who can use eduroam at TRI?
eduroam is available to general staff, academics, researchers and students from eduroam participating educational, research and related institutions globally.
How do I use eduroam at TRI?
Note: as an eduroam user, you should have already configured access to eduroam while on your home campus, using the authentication parameters provided by your home institution local eduroam webpage.
The wireless encryption protocol used by TRI access points is the WiFi standard "WPA2/AES" (also called WPA2 Enterprise). Accessing eduroam successfully within TRI requires only that your device’s configured wireless network connection and encryption protocol is compatible. Due to near-ubiquity of "WPA2/AES" support by institutional wireless access points, it is pretty much guaranteed that your wireless connection will be configured correctly if you’ve already tested your eduroam authentication on your own campus.
Note: There is no need to change any of your authentication parameters. These are only relevant to your home institution. If you have successfully configured authentication to eduroam at your home institution, you should be able to access TRI campus's network via eduroam with no change to your setup.
Where exactly can I use eduroam within TRI?
TRI provides eduroam at its following office (addresses are listed at https://www.tri.edu.au/contact-us):
- list of campuses/locations
Network Services Provided
TRI provides full outbound access with public IP addreTRIs. In other words, you can access any services you normally do e.g. the Internet, your institution via VPN etc. Inbound access is restricted, however, hence services running on your devices may not be accessible externally while connected to the TRI network.
How do I get support in using eduroam?
When you're on a TRI campus and connect to eduroam, due to relative complexity of wireless and eduroam infrastructures, you may experience difficulty in getting a network connection due to several reasons e.g. an issue with your device configuration, wireless networking, institutional eduroam operability or eduroam infrastructure operability.
If network access issues occur, in the first instance eduroam users should contact their home institution's IT helpdesk to seek support.
If this is not possible, or if the home institution can’t resolve the issue, visiting users may contact the TRI IT support (phone, email).
If required, your home institution's or TRI eduroam support staff will contact AARNet’s eduroam AU national roaming operator technical staff for additional assistance.
What Usage Logs are kept by TRI and what are they used for?
The eduroam trust model (between institutions remotely authenticating their users, and other institutions providing network access, via eduroam) is supported by the ability to trace a particular network access event to an authentication of a 'real user' by their home institution.
Home institutions are expected to take appropriate action on behalf of visited institutions in case a user doesn’t comply with the visited institution’s network AUP.
In order to provide this traceability, remote authentication and network access transactions via eduroam are logged by TRI, with logs being retained for a period of six months. Access to usage logs is restricted to authorised personnel and authorities as required by the law.
Usage logs may also be used for purposes of service trouble-shooting and user support.
