Configuring Cisco ACS 5.2
Thanks to Tony Brzoskowski at The University of Wisconsin - Parkside for providing this documentation!
If you have any questions or comments regarding these instructions please contact the eduroam-US Team and we will work with you to assist as much as possible.
Cisco's ACS 5.2 may be configured as a proxying RADIUS server in only a few steps as illustrated below.
Create a network device for the eduroam host radius server which will authenticate your clients as they roam to other networks:
Create an external radius server proxy which will be used to authenticate clients which roam on your network:
Create an Access Service which will authenticate the clients based on rules:
Create your Service Selection Policies to route to the proper access:
Note: Per the Best Practices document, local users should be required to include their realm (e.g. their supplicant should be configured to use user [at] institution [dot] edu) when using eduroam, even at their home institution. The above configuration allows the @institution.edu to be omitted. This leads to extra debugging later when users, while traveling, do not include their realm.
For complete documentation on configuration of Cisco ACS 5.2 please see their reference manual.