Our institute is connected to the eduroam network
is an international project to promote mobility and roaming in national research and education networks (NREN). In the Czech Republic, this project is under the umbrella of CESNET. Our institute joined the project in 2019. This was another step towards improving the quality of research and the prestige of the institute.
One account. Everywhere
A registered subscriber can use this wireless network (wherever available) with a single user account. Account management is carried out by the home (founding) organization - school or other educational or research institution.
Using roaming is simple, a properly configured subscriber device connects automatically as soon as the eduroam network is available. Hence the acronym: education roaming. The service is free for all participants.
However, connecting to eduroam does not mean that you automatically gain access to your “home” network. It is nothing more than internet access. You will still need to establish a VPN connection or similar tool to access your parent institution's network.
Eduroam account activation
Eduroam uses a username consisting of two parts - the username itself and realm (something like a region). The user account is always set up by your home institution, which is usually the administrator of the realm.
Instructions for our employees are available on internal pages.
Set up user devices to connect to eduroam
For a secure connection to eduroam, it is not enough just to enter a username and password. You have to set up a certificate check, the easiest way to do this is by using eduroam CAT, see documentation at eduroam.cz.
For manual setup, you'll need the following information:
-
Sítě Network Name (SSID): eduroam
-
Connection protocol: 802.1x
-
Security and Encryption: WPA2 / AES
-
authentication: PEAP (alternatively TTLS)
-
internal authentication protocol: MS-CHAPv2
-
RADIUS server name (usually automatically): radius.jh-inst.cas.cz
-
Certification Authority: DigiCert Assured ID Root CA
-
The IP address is assigned automatically via DHCP
Covered spaces in JHIPC
eduroam is broadcast on the ground floor and first floor, in Brdička's auditorium and foyer. Access to the building is allowed to employees, guests are required to register at the reception.
Traffic filtering
The following services (ports) are allowed in the outgoing direction: ping, http, https, imap, imaps, jabber, openvpn, pop3, pop3s. Establishing a connection from outside is not allowed. If justified, the scope of permitted traffic may be adjusted in the future.