eduroam - FAQ

Last Updated: 06/28/2017
What is eduroam?

The eduroam service is an international secure federated access service, allowing for members of participating institutions to access a secure wireless network when on the CU Boulder campus or one of the hundreds of other institutions in both the United States and world-wide .

How do I connect to eduroam?

Users must download and install eduroam configuration software for their device prior to connecting to eduroam. After installing the certificate, simply select the eduroam SSID (from Wi-Fi option) to connect.

For detailed instructions on setting up your device to connect to the eduroam network, please refer to the following:

What is this software that is being installed on my computer? What is it used for?

Our Secure Wireless has a couple software components that are used for onboarding:

SecureW2 onboarding agent

  • Configures devices network settings to easily join our encrypted wireless network.
  • Installs a secure certificate for our wireless authentication controller to prevent man-in-the-middle attacks if someone presents a fake ‘eduroam’ wireless network.

SafeConnect Policy Key

  • Posture assessment tool for verifying the health of a device before it connects to our Secure Wireless environment.  This is used to ensure devices comply with the CU Boulder Minimum Security Requirements.  This includes:
    • Authentication against the campus Active Directory
    • Verifying Antivirus is installed, running, and has latest definitions
    • Verifying Windows / Macintosh firewall running
    • Verifying Windows / Macintosh operating system updates are enabled, running, and up-to-date
  • Additional posture checking
    • Checking if user is behind a NAT device
    • Detection of Peer-to-peer (P2P) software
    • Detection of outdated or vulnerable software such Oracle Java, Adobe Acrobat Reader, Adobe Flash Player
    • Detection of outdated or expired operating systems such as OS X 10.5, 10.6, and Windows XP.
    • Detection of specific malware
What areas of campus have wireless?

Wireless is available throughout the vast majority of the CU Boulder campus.

What is an SSID?

SSID stands for Service Set Identity/Identifier. It is a name that represents which wireless network a user is attached to. This is also called the "Network Name" by some vendors. Select the eduroam to connect to the secured network, after initial software configuration.

What SSID should I use?
  • Faculty, staff, and students with an 802.1X capable devices (most modern devices) should use eduroam.
  • Campus visitors whose institution does not participate in eduroam, should use UCB Guest.
  • Faculty, staff, and students with older devices should use UCB Wireless.
Can my printer be setup to use eduroam

No, printers can't attach to eduroam SSID because they lack encryption mechanisms.

In general, faculty or staff should not use wireless printers because data is passed unencrypted and may violate FERPA, HIPPA, or other data sensitivity policies. However, if you need to setup wireless printing, the printer should remain on UCB Wireless.

Can University guests/visitors use the eduroam network?

Campus visitors from institutions participating in eduroam can simply select eduroam from their operating system Wi-Fi options and connect to eduroam using their institution's credentials. If you experience any issues with while visiting CU Boulder, please contact your home institution's service desk.

Campus visitors not from a participating institution should use the UCB Guest Wireless service.

Can I use my smartphone on the wireless network?

Yes. Refer to the following tutorials to learn how to set up your device:

Do other devices interfere with wireless?

Yes, any 2.4GHz or 5GHz device that is near the wireless access point or wireless card can affect performance and may negatively impact your wireless connection. These devices are usually microwave ovens in close range, cordless phones, cameras and other 2.4GHz wireless devices. A non-University of Colorado access point can interfere with the CU wireless network, so it is necessary to coordinate with OIT if you wish to set up a wireless access point. Deployment or installation of your own Wi-Fi access point is prohibited.

Is wireless bad for my health?

Testing done on wireless network devices indicates no confirmed health risks at this time. You should read the health information provided by your wireless card manufacturer and follow their recommendations.

If you are interested in additional information, the FCC has a detailed Radio Frequency Safety FAQ .

What campus network should I be using?

Eduroam

Who should use? Resource Access Reauthentication
Faculty, staff, students and visitors from institutions participating in eduroam All protocols are open to campus and Internet* Once yearly, between Summer and Fall semesters

UCB Wireless

Who should use? Resource Access Reauthentication
Users with devices that do not support 802.1x encryption (most modern devices support 802.1x) Most protocols and Internet. File sharing restricted protocols (i.e. CIFS, NetBIOS) will be blocked in near future. Monthly, with increasing frequency as service is phased out.**

VPN

Who should use? Resource Access Reauthentication
Faculty, staff, and students All protocols are open to campus and Internet* 24 hours

UCB Guest

Who should use? Resource Access Reauthentication
Should be used by Guests visiting campus that need basic web Limited protocols (web,email,ssh) 12 hours

* Some protocol restrictions may occur due to security incidents

** Exceptions can be created by the IT Service Center for Faculty/Staff or departmental devices needing longer term port exceptions with yearly renewals.

Why am I downloading onboarding software from a non-colorado.edu address?

The eduroam configuration software is downloaded from the Secure W2 on-boarding web page. Due to the dynamic nature of the on-boarding process this is needed and can be trusted.

I changed my IdentiKey password and now I can't connect to eduroam. How do I correct this?

Due to the nature of your eduroam credentials being stored locally on your device, changing your IdentiKey password using Identity Manager will cause an eduroam authentication failure.

Depending on your operating system you may be prompted to re-enter your credentials. If not prompted, the most reliable method for correcting the authentication issue is to repeat the onboarding process. The following tutorials explain this process:

Should I use eduroam or Cisco VPN for my secured connection?

In general, it is best practice to use eduroam for most secured on-campus connections, while Cisco VPN should be used for secured off-campus connections. Refer to the chart below for usage specific usage scenarios:

Service Connection Location Purpose
eduroam On-Campus Create on-campus secure connections that allow users to access file servers and other secured systems, as well as securely browse the internet.
Cisco VPN Off-campus Gain access to campus resources (e.g. library resources, file servers) from off-campus.
Custom VPN On-campus and off-campus In order to to access department specific resources, custom VPN connections should be used on and off campus.