...
Making sure that your eduroam network is functional for eduroam visitors is an important part of being a member of eduroam. If visitors cannot connect to eduroam at your institution, it leads to dissatisfaction not only with your network but also with eduroam itself. Many members across the world include their eduroam connection as part of their network monitoring. The ideal kind of monitor is for the administrator to be alerted should an interruption to the service occur for whatever reason (RADIUS issue, internet connection outage, NRPS FLR issue etc), and although this monitoring is optional, we have found that where an organisation does have active monitoring, any interruptions to the service has quickly been picked up and the organisation has been able to quickly restore service.
...
Note: For the the examples below, we call this file file eapol_config.cfg and store it in /opt/eduroam_monitor on Linux or C:\eduroamHB on Windows.
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
#!/bin/sh # Run a heartbeat ip=<the IP address for your server> s=<the secret for the client you created> bssid=<the BSSID for your eduroam network, in a MAC format like 02:00:00:00:00:01> # check that eapol_test works if [[ -x /sbin/eapol_test ]]; then if [[ -f /opt/eduroam_monitor/eapol_config.cfg ]]; then # get the actual output i=$(/sbin/eapol_test -t 5 -c /opt/eduroam_monitor/eapol_config.cfg -N 30:s:$bssid:eduroam -N 32:s:eduroamUK-heartbeat -t 5 -r 1 eduroam-monitor -a $ip -s $s |tail -1) # output is either success or failure /bin/logger eduroam Monitoring: $i fi fi |
...
| Note |
|---|
If you used a fake username (because your eduroam national operator didn't give you a username to use), you would see a FAILURE message with this script every time. In this case, change line 10 to this:
|
You can run this script by either adding a line into a crontab for your monitoring user, or you can copy eduroam_monitor_check.sh into /etc/cron.hourly for an hourly run. Alternatively, if you prefer a more frequent run, add a file into /etc/cron.d/ with this contents:
...
Windows traditionally does not have a process to monitor NPS. As with the Linux script, you will need a configuration file, and the eapol_test utility on Windows, which you can download here.The which you can build it directly yourself using the instructions in the testing with eapol_test page. You can also download a copy here, which the eduroam UK team have built, code-signed and published it for Windows, so after . After downloading, you can right-click the executable, click Properties, and then examine the code signing certificate. It should be signed around March 21 2021.
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
@echo off set ROAMING_IP="<the IP address for your server>" set ROAMING_SECRET="<the secret for the client you created>" set BSSID="<the BSSID for your eduroam network, in a MAC format like 02:00:00:00:00:01>" cd C:\eduroamHB eapol_test.exe -t6t 5 -N 33:x:4f53432d457874656e6465642d49643d31323435c eapol_config.cfg -N 30:s:%BSSID%:eduroam -N 32:s:eduroamUKeduroam-heartbeatmonitor -c eapol_config.cfg -a %ROAMING_IP% -s %ROAMING_SECRET% |findstr /R "^SUCCESS$" >nul 2>nul set MYVAR=%errorlevel% IF "%MYVAR%" == "0" GOTO EventSuccess eventcreate /Id 2 /D "eduroam Monitoring: FAILURE" /T ERROR /L system /SO eduroamMonitor >nul 2>nul GOTO End :EventSuccess eventcreate /Id 1 /D "eduroam Monitoring: SUCCESS" /T SUCCESS /L system /SO eduroamMonitor >nul 2>nul :End |
...
| Note |
|---|
If you used a fake username (because your eduroam national operator didn't give you a username to use), you would see a FAILURE message with this script every time. In this case, change line 6 to this:
|
...