eduroam 802.1X deviceauth refresh

Do you recognize the following web form? If you don’t then you can stop reading. If you do then, even if you haven’t had occasion to fill it in often, please read on as there are changes coming. Above is … Continue reading

Posted in eduroam | Tagged , | Comments Off on eduroam 802.1X deviceauth refresh

eduroam and realmless usernames

IT Services’s user-facing instructions for connecting to eduroam have always been unequivocal about the username to use: if you want to connect to eduroam, your username is your SSO with @ox.ac.uk appended on at the end, all lower case. So, … Continue reading

Posted in eduroam | Comments Off on eduroam and realmless usernames

FreeRADIUS, sql_log, PostgreSQL and upserting

While this is superficially a post for creating an upsert PostgreSQL query for FreeRADIUS’s sql_log module, I felt the problem was general enough to warrant an explanation as to what CTEs can do. As such, the post should be of … Continue reading

Posted in eduroam, Uncategorized | Tagged , , | Comments Off on FreeRADIUS, sql_log, PostgreSQL and upserting

Linux and eduroam: RADIUS

A service separate from, but tightly coupled to, eduroam is our RADIUS service. This is the service that authenticates a user, making sure that the username and password typed into the password dialog box (or WPA supplicant) is correct. Authorization … Continue reading

Posted in eduroam, Linux | Tagged , , , | 3 Comments

Linux and eduroam: Monitoring

For the past few months my colleague John and I have been trying to explain the inner most details of the new eduroam service, how it’s put together, how it runs and how it’s managed. These posts haven’t shied away … Continue reading

Posted in eduroam, Productivity | 1 Comment

Linux and eduroam: Building for speed and scalability

When upgrading the eduroam infrastructure, there was one goal in mind: increase the bandwidth over the previous one. The old infrastructure made use of a Linux box to perform NAT, netflow and firewalling duties. This can all be achieved with … Continue reading

Posted in eduroam, Firewall, Linux | Tagged , | 3 Comments

Cisco networking & eduroam: Rate Limiting Using Microflow Policing

This is my final post on the interesting technical aspects of the new networking infrastructure that support the eduroam service around the university. This post covers the finer technical details of how we currently rate limit client devices to 8Mbps … Continue reading

Posted in Cisco Networks, eduroam | 1 Comment

Linux and eduroam: link aggregation with LACP bonding

In previous posts, I discussed the roles of routing and NATing in the new eduroam infrastructure . In one sense, that is all you need to create a Linux NAT firewall. However, the setup is not very resilient. The resulting … Continue reading

Posted in eduroam, Linux | Tagged , , , | 8 Comments

Linux and eduroam: Routing

This is a continuation of the series of blog posts describing the Linux servers in the middle of the new eduroam infrastructure. Packets sent by your eduroam client eventually end up on one of the Linux boxes in the eduroam … Continue reading

Posted in eduroam | Tagged , | Comments Off on Linux and eduroam: Routing

Cisco networking and eduroam: Routing

This is the first post in a series discussing some of the finer details of the networking setup for the new eduroam infrastructure that went into production last month. In this post, I will be covering the IP routing setup … Continue reading

Posted in Cisco Networks, eduroam | Comments Off on Cisco networking and eduroam: Routing