IT Services

Technical information you may need to know

An eduroam UK (JRS) site will implement one of two 'tiers' of service. The JRS tier available at the site you're visiting will dictate what type of service you'll recieve. JRS3 offers the best security and access to external internet resources. The Tier 1 service is no longer used.

• JRS Tier 2 - When you visit a Tier 2 site you will find a secure wireless network called 'eduroam' advertising WPA-Enteprise/WPA2-Enterprise security. Tier 2 sites use 802.1X authentication (a secure tunelling mechanism), to pass your credentials back to a University of Sussex authentication server. To connect to eduroam at a Tier 2 site follow the appropriate configuration guide to pre-configure your equipment. Tier 2 sites may also impose some restrictions on network access, please consult the equivalent guide at the institution you plan to visit for further details.
• JRS Tier 3 - A Tier 3 site includes the same security and authentication precautions as Tier 2 but in addition, should provide relatively unfettered access to internet resources and must support IPv6 connectivity.

Notes

1. Note: If you are connecting at a Tier 2/3 site with equipment that does not use the Microsoft Windows operating system, pay particular attention to the certificate validation sections of the configuration guides. If you use a Microsoft Windows operating system and the configuration guide is followed correctly, Windows will ensure that your credentials are handled securely (even when cached).
2. If you can already connect to the eduroam wireless network on the eduroam campus and/or to the wired network with 802.1X authentication, you will be able to connect to eduroam at other Tier 2/3 sites automatically.

Data Encryption Protocols

Sites supporting eduroam may use one of two data encryption protocols:

• WPA2/AES
• WPA/TKIP

In order to connect to an eduroam network, your computer must be configured to use the right encryption method. You can check which method is used by a given institution by checking the spreadsheet on the JANET website and, if necessary, change the settings on your computer to use the relevant method. Encryption methods for European institutions are also detailed on the JANET interactive google map - to check the details, zoom in to the institution and click on the eduroam logo to see information about the campus network.

At Sussex, the AES encryption method is used so if you are visiting a site which uses TKIP, you will need to temporarily change the encryption settings. Similarly, if your home institution uses TKIP, you may need to change the settings to connect to eduroam at Sussex.

Updating encryption settings

If you find you are unable to connect to eduroam it may be because your eduroam connection is set to use a different encryption method. You can check and temporarily change the settings using the following procedures (and simply change the settings back when returning to your home institution):

Windows XP

1. Open wireless network connections
2. Select eduroam
3. Select properties
4. On the association tab change the data encryption to the correct setting (AES for Sussex, AES or TKIP for other institutions as defined in the JANET spreadsheet)

Windows Vista or Windows 7

1. Right-click on the network icon in the task bar (bottom right corner of screen)
2. Select "manage wireless networks"
3. Select eduroam
4. Right-click on eduroam and choose properties
5. On the security tab change the data encryption to the correct setting (AES for Sussex, AES or TKIP for other institutions as defined in the JANET spreadsheet)

Mac OS X

1. Click on the airport icon in the toolbar and open Network Preferences (or open Network from the Settings window)
2. Click on Airport and then choose the eduroam network from the drop-down list
3. Click Advanced
4. Under 'User Profiles', click on eduroam to highlight it
5. Change security type to the required settings (WPA2 Enterprise for Sussex or institutions using WPA2/AES and WPA Enterprise for institutions using WPA/TKIP)