EDUROAM: How do I connect?

Summary

This article describes how to connect to the eduroam network.

Body

Audience

Students, Employees 

Question

How do I connect?

Answer

With eduroam, Minnesota State students and employees can use their StarID credentials to access Wi-Fi when visiting participating institutions. Visitors from other eduroam-participating colleges and universities can access Wi-Fi at participating Minnesota State colleges and universities using the usernames and passwords from their home institutions.

Before traveling to another eduroam-participating institution, we recommend signing onto eduroam at your home campus with each device you will be using, to be sure everything works. Connecting involves verifying and trusting a security certificate issued by InCommon to Metropolitan State University, where the authentication servers are located.

Connecting to eduroam

  1. On your device, select the eduroam from the list of available Wi-Fi networks.
  2. You will be prompted to sign onto the network. Enter the following for credentials:
    Username: StarID@minnstate.edu or StarID@go.minnstate.edu (for example, ab1234cd@minnstate.edu)
    Password: your StarID password.
  3. You may be prompted to accept a security certificate. If this happens, verify that the certificate is issued from InCommon RSA Server CA 2 to Metropolitan State University using the server name eduroam.metrostate.edu. If so, click OK to accept.   Here's an example from an Apple iOS device:

Uploaded Image (Thumbnail)

Note: Linux devices may not prompt for credentials when you first join eduroam. If that's the case, set up a "hidden" network with the settings below.

If your device asks for more information, use the following settings:

  • Security: 802.1x EAP / WPA2 Enterprise
  • EAP Method: TTLS (Tunneled TLS)
  • Phase-2 (Inner) Authentication: PAP or GTC
  • Proxy Settings: none
  • IP Settings: DHCP
  • CA Certificate: Use system certificates (no CA certificate is required)
  • Domain: eduroam.metrostate.edu

Sometimes a device may prompt for authentication several times, even though the password is correct. If this happens, keep trying. Once the device has connected, it usually connects automatically from then on. If the device tells you that the password is invalid, though, it probably is. Re-enter and try again.

 

Firewall restrictions for BSU and NTC eduroam clients

Devices connected to eduroam while on the BSU and NTC campuses will not connect to non-public BSU/NTC IT resources such as file servers, printers, etc.

Institutions that implement eduroam will often treat clients as guests and therefore have firewall restrictions in place, per guidelines from the eduroam governing body.

While connected to eduroam on the BSU and NTC campuses, devices will only be allowed to communicate with off-campus resources using the following protocols/ports:

  • IP Protocol 41 - IPv6 Encapsulation
  • IP Protocol 50 - Encapsulating Security Payload
  • IP Protocol 51 - Authentication Header
  • tcp/21 - FTP
  • tcp/22 - SSH
  • tcp/80 - HTTP
  • tcp/110 - POP3
  • udp/123 - NTP
  • tcp/143 - IMAP4
  • tcp/220 - IMAP3
  • tcp/udp/443 - HTTPS
  • tcp/465 - SMTPS
  • udp/500 - ISAKMP
  • tcp/587 - SMTP
  • tcp/993 - IMAPS
  • tcp/995 - POP3S
  • udp/1194 - OpenVPN
  • tcp/1723 - PPTP
  • tcp/1935
  • tcp/3389 - RDP
  •  tcp/udp/4172
  • udp/4500
  • tcp/udp/8443
  • tcp/10000
  • tcp/32111

Details

Details

Article ID: 1058
Created
Wed 11/10/21 4:38 PM
Modified
Mon 6/30/25 5:35 PM