Add publicroam to your existing wifi network

Open standards

Publicroam works with the open standards WPA2-Enterprise and RADIUS. Almost all wifi equipment supports this. There is no need to invest in new infrastructure. And once connected, publicroam is highly scalable; new locations and access points can easily be added.

Easy implementation

To offer publicroam you create a RADIUS connection between your local wifi network and the publicroam top-level RADIUS server. This is a standard configuration via the admin environment of your wifi network. The public IP addresses of your organization are whitelisted, after which you receive a shared secret and can establish the connection.

Minimal management

Once connected, daily management is minimal. Visitor support questions are answered by the publicroam helpdesk. So there is no burden on the local ICT helpdesk. And accounts are issued automatically. So no extra work at the reception desk either.

How publicroam works

Publicroam is based on WPA2-Enterprise and RADIUS authentication. Participating organizations establish a connection between their wifi network and the publicroam top-level RADIUS server. Through their wifi access point(s) they broadcast the SSID ‘publicroam’. A visitor’s wifi device with a publicroam account automatically connects to the access point and sends its login credentials encrypted to the top-level RADIUS server. The credentials are then verified, and once correct, approval is sent back to the participating organization. The visitor is then granted access to the local guest wifi network.

Wifi network requirements

To connect, your wifi network must support 802.1X authentication with RADIUS (at least 802.11b and/or 802.11g). This is standard on almost all professional wifi equipment. Via RADIUS the network is linked to publicroam so authentication requests can be forwarded. For a complete overview, also download the detailed technical specifications.

Logging of data

During the authentication process of users, data is exchanged with publicroam. This usage data includes:
– Timestamp of authentication requests and corresponding responses
– Outer EAP identity (User-Name attribute)
– MAC address (Calling-Station-Id attribute)
– Type of the authentication response (i.e. Accept or Reject)

This data may be retained by an organization and publicroam for a maximum of three months. After that it must be deleted. This data may only be used to provide and optimize the service, and for no other purpose.

Filtering and monitoring internet traffic

An organization may filter access to the internet, for example by blocking certain websites. Bandwidth per user may also be limited. The minimum requirement is that publicroam users must be able to surf the internet and send and receive emails at a reasonable speed. Another requirement is that any restrictions applied must be the same for all publicroam users.

Service Level Agreement (SLA)

If your organization offers publicroam, an agreement will be signed that includes an SLA. This sets out the agreements on, among other things, the availability of the service and the handling of support requests from visitors and customers.

Privacy and data processing

Respecting privacy is a core value of publicroam. This means that publicroam stores as little data as possible and keeps it for as short a time as possible. The data that is stored is used only to optimally provide the service and to monitor usage of the service at a meta level. Providers of the publicroam service must adhere to the same rules, and the agreements are recorded in a data processing agreement that includes arrangements on data security, processors, processing locations, retention periods and reporting obligations.

Agreements with guest wifi users

When a visitor registers for the first time, they agree to the terms of use. These set out all the agreements on the use of guest networks. Among other things, that an account is personal, that it is not intended to be continuously online at an organization, that a user must observe standard netiquette, etc. If a visitor engages in activities that violate these terms, the account may be deleted and/or blocked.

Connecting to publicroam

Once the participation agreement is arranged, you will get access to the publicroam customer portal. There you will find the details to configure the connection with the publicroam RADIUS via the admin environment of your own wifi network. Your supplier will have a manual for this. And if you can’t figure it out, we’ll be happy to help.