DCU Wireless (Wifi) Networks
Eduroam (Educational Roaming) is an implementation of a wireless infrastructure which facilitates roaming educational users to gain wireless Internet access at other member sites. Access to the service is authenticated - always using your personal credentials from your home institution regardless of where you access the service. The wireless network name is the same in all places - "Eduroam".
How to configure a device to Eduroam
Information Systems Services highly recommend that students and staff configure and connect all digital devices to the Eduroam WiFi Network.
Eduroam Wireless Network
- Main secured (AES) DCU wireless network for all staff & students
- Available to visiting staff & students from other colleges
- Available to DCU staff & students while visiting other colleges
- Available to Invent staff and long term contractors after registration with HR
- Devices must support 802.1x (e.g. not compatible with amazon kindle)
How to connect to DCU-Guest-Wifi
Guest Wifi offers basic web browsing & SSL-VPN(443) for guests of DCU.
- Available in DCU, MDI, St Pats, The Innovation Campus and The DCU Ryan Academy.
- Restricted services: http, https, SSL-VPN(443).
- Email clients (Thunderbird, Outlook) will not work on this network.
- Unsecured network - no default data encryption.
- Access to the DCU Guest WiFi may be restricted.
Eduroam Usage Policy
The use of the Eduroam service is governed by DCU's ICT policies, including acceptable usage policy:
Furthermore use of the service is governed by the Eduroam policy;
The most notable part of the Eduroam policy is Section 6 which is indicated here:
- A user's role is in principle always a visitor who wants Internet access at a Server Provider (SP). The user MUST abide by their IdP's (Identity Provider) AUP or equivalent and respect the visited organisation's AUP or equivalent. Where regulations differ the more restrictive applies. Users MUST as a minimum abide by relevant law of the country where (s)he is physically situated while using the service, home or abroad.
- The user is responsible for taking reasonable steps to ensure that they are connected to a genuine Eduroam service (as directed by their home organisation) prior to entering their login credentials. The primary means to achieve this is to validate the server certificate that is presented to the user upon login.
- The user is responsible for their credentials and the use of any service they might provide.
- If credentials are thought to have been compromised, the user MUST immediately report back to their IdP (home institution).
- The user is obliged to inform the SP (where possible) and IdP of any faults with the eduroam service.
If a user is in breach of these acceptable usage policies, the following actions will be taken: The user will be suspended from the service. Examples of a breach of the AUP include any activity which may adversely affect the quality of the WiFi service, or which may impact on the reputation of the University. Serious breaches e.g. infringing on copyright may result in disciplinary action being taken by the University.
Network traffic is passively monitored and details logged for incident response purposes only.
Protocols allowed on DCU Eduroam service:
DCU complies with the full list of allowed ports and protocols as suggested by the Eduroam policy. There may also be a range of additional protocols allowed, over and above those that have been stated as a requirement by Eduroam.
Currently the Eduroam service in DCU does not support IPv6
Advice for DCU staff and students visiting other Eduroam institutions
- Test that Eduroam works for you in DCU before you leave. If you can't get it working here, you're likely to have problems elsewhere as well.
- Search for (and read) any documentation the remote site has on Eduroam before you leave. Forewarned is forearmed and sites might have some variations in how it is implemented.
- The remote site may use different network security settings to that used in DCU (e.g.WPA2 TKIP AES) . If so, you will need to change that part of your network configuration.
- The authentication part of the configuration is specific to the home institution (DCU) so that shouldn't be changed. It includes the EAP methods (Microsoft protected EAP EAP-TTLS-PAP and PEAP+MSCHAPv2, certificates and server verification. Do not change any of those.
- Don't forget to include the realm (dcu.ie) when you're authenticating. Usually this just means using firstname.lastname@example.org rather than simply username. The username is your Novell username and your Novell password. The realm is generally not what clients refer to as a domain. Domains should be left blank.
- DCU users should use the following server and certificate details: idp-wireless.dcu.ie and the GTE Cyber Trust Global Root