higher education

CTS 171: Designing Wi-Fi Networks In Higher Education

Recently, I joined the wonder folks at iBwave to deliver a webinar on the topic of designing Wi-Fi networks in Higher Education.

Thanks so much iBwave for providing me the opportunity to discuss Wi-Fi design in front of their audience.

The agenda items I cover in this webinar:

  • Challenges we see today
  • Approach to Wi-Fi design
  • Designing for capacity in large spaces
  • Wi-Fi 6 Considerations

To follow along with this episode you can download my slides.

My slides

Why must we design Wi-Fi? Why can’t we just install access points and call it a day? That’s something I go into with this webinar. But the short story is you don’t want to guess. We’re delivering a service that is used by thousands of people and whom rely on this service.

And some of those people have over 30k clients per day. What if 1/3 of those people had poor Wi-Fi experiences and put in a ticket for each incident?

When it comes to Wi-Fi, we should follow a process or a lifecycle in order to continue delivering a good user experience. I go into each of these on the webinar.

I provide examples from my own environments.

Share my solutions to temporary Wi-Fi deployments for events.

I also share some Bad-Fi

CTS 126: Using Eduroam in Higher Education

We took Anders Nilsson away from a party during Cisco Live and asked him to talk about Eduroam.


Anders Nilsson joins us on the show to discuss the basics of eduroam, how it works, and why higher education institutions decide to deploy the eduroam SSID on their campus. Anders is from Sweden and you may know him through the Wi-Fi Moose.


Anders does work for the Swedish education network and is technically responsible for eduroam in Sweden. That makes him today’s subject matter expert for this topic.

If you’re from a higher education institute you may be familiar with eduroam already. Or maybe you’re thinking about deploying eduroam or you don’t fully understand how it works. Anders provides a thorough introduction to eduroam which was started around 2003 in the Netherlands.

How eduroam routes authentication

From https://www.eduroam.us/node/10

The goal was to provide a better way for guest students at a visiting university to access Wi-Fi. In it’s early days, eduroam was implemented as an Open SSID with an access list that allowed VPN only. They quickly realized this method wouldn’t scale very well and went for the 802.1X solution instead.

eduroam is WPA2 Enterprise based with a federation of RADIUS servers. This means an institution will peer its RADIUS server(s) to the eduroam federation RADIUS servers. When a visiting user wants to join the eduroam SSID but authenticate back to the home RADIUS servers, the local institution will forward the authentication requests up the eduroam chain.

This allows for a seamless, convenient connection for the global academic community by using a single SSID, eduroam, at any participating institution. In the old days, a visiting user had to get ahold of the local IT department in order to gain access or use a visitor SSID.

Since eduroam is implemented using WPA2 Enterprise, it is strongly suggested to start with using EAP-TLS. Although, other EAP methods are allowed to be used, the table below features the common EAP types deployed with eduroam.


Native Supplicant Support




Windows (XP, Vista, 7), Mac OS X, Linux, iOS (iPhone, iPod Touch, iPad), Android (v1.6+)

• Validates client as well as infrastructure

• Reduced risk of being Phished

• Blocking user access is via certificate revocation

• PKI infrastructure is required

• Users must configure supplicant to use certificate*

• Identity may be exposed in TLS exchange depending on contents of certificate


Windows (8, 10), Mac OS X, Linux, iOS (iPhone, iPod Touch, iPad), Android (v1.6+)

• No native supplicant support on Microsoft Windows XP or 7

• Potential for Man-in-the-Middle attacks*


Windows (XP, Vista, 7), Mac OS X, Linux, iOS (iPhone, iPod Touch, iPad), Android (v1.6+)

• Works on many platforms

• Potential for Man-in-the-Middle attacks*

• Identity may be exposed during Phase-1 of exchange

Links and Resources

Follow Anders on Twitter – @HerrNilsson2
Learn more about eduroam
Read the eduroam FAQ

CTS 110: The Wi-Fi Connected Classroom

Teaching & learning is taking advantage of Wi-Fi. Are you ready for the connected classroom?

The Highly Connected Classroom

Students are bringing more Wi-Fi capable devices into the classroom. Professors have used the “closed lid” method with students for a while now to prevent distractions from happening during lectures.

Other professors have shifted their teaching to take advantage of technology. They use an interactive teaching method which involves students researching information and presenting their results in the class. With hundreds of students now actively utilizing Wi-Fi during class for teaching and learning purposes, we must ensure Wi-Fi is up to the task.

In this episode, I highlight topics I personally have gone through to create a highly connected classroom.

  • Stakeholder buy-in
  • Blending in with Aesthetics
  • Planning
  • Designing to meet requirements
  • Configuration
  • Monitoring

Navigating around the politics and funding is all part of the process. One we wish to ignore. In this episode I have some tips to get the project going. The most important part of a successful Wi-Fi deployment in a high density classroom environment is planning. Getting as much information as possible leads to a better design. Configuration cannot be left to defaults for high density classrooms. They need tuning and optimization to handle the capacity. And of course, let’s not forget to monitor our Wi-Fi networks. Be proactive instead of reactive.