skip to content

IT Help and Support

University Information Services
 

This page gives technical details of how eduroam is implemented at the University of Cambridge.  It is intended for technical staff, from both within Cambridge and outside, to understand how it operates.

The information provided below describes eduroam as implemented by the central University Wireless Service.  However, some eduroam services within the collegiate university are provided by the local institution (college, department or other group) and may differ from what is described below: for more information about those, you will need to contact the local institution.

Contents

Wireless protocols

The University Wireless Service provides eduroam connectivity using the WPA2 protocol with AES encryption.

Port blocks

The University Wireless Service eduroam blocks some ports to/from hosts on the network.

Outbound to Janet / the internet

Outbound traffic is permitted by default.  Only a small number of ports are blocked:

Protocol Port number(s)
TCP 25 (SMTP), 
135-139 (MS RPC), 
445 (SMB)
UDP 135-139 (MS RCP), 
445 (SMB)

Outbound to UDN (University network)

All permitted.

Inbound from same geographical area

Protocol Port number(s)
TCP 25 (SMTP), 
135-139 (MS RPC), 
445 (SMB)
UDP 135-139 (MS RCP), 
445 (SMB)

"Geographical area" refers to something akin to a physical site (such as the Sidgwick Site, or Downing and New Museums Site).  While inbound connections are normally blocked we permit them where clients are physically close enough to allow things like Bonjour/iTunes sharing/UPnP etc. to work.

Everything else permitted.

Inbound from elsewhere

Traffic from other wireless areas, elsewhere on the UDN, Janet and the internet is all blocked (although the firewall is stateful, so allows responses to connections originated by the client).

IP addresses

Clients will receive IPv4 addresses from one of the University's IP ranges.

There is no IPv6 support at the present time.

The addresses used may or may not have DNS registrations against them (this is because the usage is ephemeral and typically not possible with IPv6).

Multicast is not currently enabled.

From the IP address, there is no way to distinguish between a user from the Collegiate University and an external visitor.

Current configuration

The configuration of IP addresses is described below - we strongly advise these are not used for access control on services but are provided for situations where this may be appropriate.

Currently, UDN-wide private ranges are used for client IP addresses - these are RFC1918 addresses which are routed around the University network without translation. When they leave the UDN (the University network), they will be SNATed behind one of the University's public IPv4 ranges.

UDN-wide private addresses Public addresses used for SNAT
10.248.0.0/13 131.111.5.128/25

These addresses have DNS registrations (both forward and reverse).  The outside addresses of the SNAT are also registered.

It should be noted that this configuration can be changed without warning and must not be relied upon.

Note that the ranges for the UniOfCam browser-based service are slightly different.

Last updated: 8th May 2019

UIS Service Desk

UIS Service Status

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

Lecture capture (Panopto) public video sharing options to be disabled

5 August 2021

We are disabling the public video sharing options in Panopto, the University’s online platform for lecture capture and educational videos, to protect the University from unintended additional costs. No videos will be lost as a result of this change, but you will need to download any videos that you wish to continue to...

Turnitin maintenance: Saturday 14 August 16:00–18:00

4 August 2021

Turnitin will be undergoing essential maintenance on Saturday 14 August during 16:00–18:00 BST. Please be aware that submissions or grading for Turnitin Assignments in Moodle will not be possible during this time. We therefore advise that submission deadlines are set outside this maintenance window. Follow @TurnitinStatus...

Easier way for Departments and NSIs to get ‘bolt-on’ Office 365 licences for staff

4 August 2021

It will be quicker, easier, and cheaper to for Departments to get bolt-on product licences to add to individual users’ Office 365 licences from 1 October 2021. The new process will apply to individual licences for products such as Visio, Project and PowerBI that are not included under the Microsoft EES Agreement. UIS will...