Eduroam – Connect anything…

There are a vast array of devices that should be able to connect to eduroam. Documenting how to connect each of these individually, and keeping that documentation up to date, would be impossible. Therefore the generic guidance below is designed so you can work out the settings for your device by exploring the available options you have, and checking which will work (do check for specific instructions for your computer if you haven’t already).

Your device will need to be able to do Enterprise WPA2, if you’re not sure, check below anyway, but if none of your options match what is below, it is unlikely your device is capable of connecting. There is a list of additional requirements / anomalies for certain devices at the bottom of the page.

There are two main steps to complete:

  1. Import the University’s Net CA Certificate
  2. Configure wireless settings

Import the University’s Net CA Certificate

  • You will need to Import the University’s Net CA Certificate to your device. This can usually be achieved by using the device’s web browser. Unfortunately, different devices require different certificate file formats, so you will have to try each one until it works…
    1. Navigate to: https://www.wireless.bris.ac.uk/certs/
    2. Click on each of the “UoB Net CA cert…” links. If your browser displays garbled text, then go back to https://www.wireless.bris.ac.uk/certs/
    3. When you get the right link [certificate format] for your device, you should be able to open and import the certificate.
    4. Your device will tell you when you have imported the certificate correctly.
  • If you can not import the certificate via the web browser, you may have to use a Certificate Manager program. This would usually be found in the Settings or Control Panel menus.
  • For some devices you may have to run the Certificate Manager program on a PC while your device is docked / connected to the PC
  • If you are unsure, search the Internet for: Import CA certificate <name of your device>

Configure wireless settings

The settings presented below are in the approximate order you will be asked for them. For each setting, any alternative names for the setting are given. Then the values for the setting that will work are listed. Sometimes you will have more than one option available on your device. The most preferable is listed first in the table. The last column lists options for this setting that will definitely not work. Each particular device may not ask you for all of the listed settings – just use those you are asked for.

Setting name Should work Will not work
Network name,
SSID
eduroam eDuRoAm (it must be all lowercase to work)
Network mode Infrastructure ad-hoc
Computer-to-Computer
Wireless security,
Network authentication
WPA2 Enterprise,
WPA Enterprise,
WPA2,
WPA,
WEP,
WPA2-PSK,
WPA-PSK,
Shared,
Open
Data encryption AES,
CCMP
56-bit
64-bit
104-bit
128-bit
WEP
WPA2 only mode Off,
Disabled
Pre-shared key,
shared password,
network key
If you get asked for this, then either your previous Wireless security setting choice is incorrect (see above), or your device is not capable of connecting (not capable of Enterprise WPA2).
EAP settings / type / outer method PEAP
Protected-EAP
PEAPv0
Tunnelled-TLS
TTLS
(although it may be possible to enable more than one EAP type at a time, it is better to only enable one, disable any others)
TLS,
Smart card
LEAP
GTC
AKA
MD5
PEAPv1
User certificate Must be left blank
CA Certificate,
Certificate Authority,
Trusted Root CA
University of Bristol Net CA Anything else
Validate server certificate,
Validate server name
Yes,
Enabled
Although the connection might work with this disabled, it will be very insecure, you MUST ensure server certificate validation is enabled.
Server name,
Trusted servers
eduroam.wireless.bris.ac.uk
Inner EAP method,
Inner link security,
Authentication method,
Phase 2 authentication,
PEAP sub type
MS-CHAPv2,
EAP-MSCHAPv2
EAP MSV2-Challenge,
PEAPv0/MSCHAPv2,
MSCHAP2
PAP,
Certificate,
MS-CHAP
Cipher,
TTLS Cipher
AES,
SHA,
3DES
(Leave the default settings if you are not sure)
RC4
MD5
Domain Must be blank
Realm bristol.ac.uk
Outer Identity,
Outer Username,
Anonymous identity,
Initial identity
nobody@bristol.ac.uk
(This must be all lowercase and end with @bristol.ac.uk)
Username,
Inner identity,
MSCHAPv2 identity
Your Bristol Username (lowercase)
(N.B. If there is only one box for username and you have not entered a ‘realm’ or ‘outer identity’ as above, you must append @bristol.ac.uk to your username, e.g. ab12345SPAM@bristol.ac.uk
Password Your normal Bristol password (case sensitive)
Anything else Generally can be left at the default value, or left blank.

Additional requirements

Certain devices may need some additional software or configuration. These details are noted below:

• Nokia N900 / Maemo devices

You need to configure the wireless manually (don’t “scan for networks”). After configuring as above, you need to click the Advanced-settings button, change to the EAP page, select Use manual user name and enter @bris.ac.uk in the box.

• Palm T|X

If Enterprise is not listed in the wireless security options choice, you will need to install the Palm Enterprise Security Update before attempting to connect to eduroam.

IPv6 ready!
162.210.198.129 at 17:36, 22 Oct 18