EduRoam deployment issues

Unfortunately setting up EduRoam servers isn't as trivial as it could be. Network administrators who might have been using to manage only simple non-configuring switches need to:

• Use 802.1q VLANs (for security separation of guest and more sensitive network)
• Deploy certain ethernet hardening technologies, example:
  • dhcp snooping
  • dynamic arp inspection
  • ...
  • Linux L2/L3 firewall (ebtables, arptables, iptables)
• Correctly secure and deploy the 802.11a/b/g (Wi-Fi) network
• Activate 802.1x authentication on wired and wireless network access points
• Configure the network access eqipment to use Radius authentication
• Set-up usualy a UNIX server to run essential servers:
  • dhcp
  • MySQL
  • LDAP directory
  • freeradius
  • monitoring / account merging custom server (EduRoam monitor)
  • postfix SMTP mail server
  • script for automated reporting of statistics to the NREN
• Usually for easier management the following tools are also installed:
  • Web LDAP management http://phpldapadmin.sourceforge.net/
  • Web MySQL management http://www.phpmyadmin.net

Obviously this might be a big step-up for a network engineer if he needs to run all these "new" technologies. In practice ~50% of deployments were done in a "trial and error" way and this way quite some glitches were introduced into the system.