Hello. I am having trouble getting an eduroam network to work in the research institution I work for. We use a ZoneDirector 1200 with Smart Redundancy. ZoneDirector had two AAA Servers for Active Directory authentication. To work eduroam, I set up two more AAA Servers: RADIUS, no encryption, Auth method PAP, Backup RADIUS disabled, port 1812, request timeout 3, max number of retries 2; RADIUS Accounting, no encryption, backup RADIUS, port 1813, request timeout 3, max number of retries 2. Guests and staff can access wifi without problems. Eduroam users can't. ZoneDirector authentication / accounting tests for the RADIUS server results in Failed: invalid username or password (I used a valid password to test). RADIUS Accounting test results in Success! This accounting server is available.
Other information: 1 - DHCP server is not ZoneDirector. 2 - A NAT firewall exists between ZoneDirector and the RADIUS and RADIUS Accounting servers. Then the ZoneDIrector IP is translated to an IP on the same network as the RADIUS and RADIUS Accounting servers. 3 - When I try to connect to the eduroam network using my password, it gets endlessly getting IP address.
More information: I already had two WLANs: one for guests (vouchers) and one for employees. I created a WLAN called eduroam with the following configuration: General Options Name / ESSID *: Eduroam ESSID: eduroam Description: Eduroam
WLAN Usages Type: Standard Usage
Authentication Options Method: 802.1x EAP Fast BSS Transition: disabled
Encryption Options Method: None
Options Authentication Server: RADIUS Wireless Client Isolation: Isolate wireless client traffic from other clients on the same AP (no Isolate wireless client traffic from all hosts ..., and no whitelist) Zero-IT Activation: disabled Priority: High
Advanced Options Only the following options are selected: Accounting Server: RADIUS Accounting - Send interim-update every 5 minutes Access Control: No ACLs, Device Policy None, Precedence Policy Default Rate Limiting: Uplink disabled, Downlink disabled VLAN Pooling: None Access VLAN: 1 (disabled Dynamic VLAN) Load Balancing: Do not perform client load balancing for this WLAN service Band Balancing: Do not perform Band Balancing on this WLAN Service Max Clients: Only allow up to 100 clients per AP radio to associate with this WLAN 802.11d: Support for 802.11d selected Client Fingerprinting: Enable Client Fingerprinting Service Schedule: Always on Auto-Proxy: Enable Auto-Proxy Configuration External Server: xxx.xxx.48.1 Inactivity Timeout: terminate idle user session after 5 minutes of inactivity