The basic idea behind eduroam is to provide free, unrestricted access to the Internet. Eduroam only handles authentication and authorization of the users. The actual Internet access is provided locally.
The eduroam initiative started in 2003 within TERENA's Task Force on Mobility, TF-Mobility. Today eduroam is a federation of federations (confederation); single federations are run at national level and they are all connected to a regional confederation. Thus eduroam is avaliable at almost all universities worldwide.
eduroam technology is based on 802.1X standard (typically used with a 802.11 wireless network with WPA2 Enterprise authentication) and a hierarchy of RADIUS proxy servers. The wireless eduroam networks use the SSID 'eduroam'.
The role of the RADIUS hierarchy is to forward the users' credentials to the users' home institution, where they can be verified and validated.
When a user requests authentication, the user's realm determines where the request is routed to. The realm is the suffix of the user-name, delimited with '@', and is derived from the organisation's DNS domain name.
Every university that wants to participate in eduroam connects its institutional RADIUS-server to the national top-level RADIUS (NTLR) server of the country where the institution is located. The NTLRs are in turn connected to the regional top-level RADIUS server (European top-level RADIUS, ETLR, in case of Europe), which themselves form the root of the hierarchy in a full-mesh topology.
Further information can be found on the eduroam.org website.
SWITCH offers a captive portal name Multi Provider Portal (MPP) which is developed by CloudGuard, originally for the purposes of the now discontinued PWLAN serive.
Over the years, CloudGuard has extended the MPP to many more use-cases for guest access and bring your own device (BYOD), and continues to be available.
For further information about MPP, see the CloudGuard product page.