Cisco 4400 validating identity radius
Each have a list of connected country domains (.nl, .dk, .au, etc.) serving the appropriate National Roaming Operators (NROs).
They accept requests for federation domains for which they are authoritative, and subsequently forward them to the associated RADIUS server for that federation (and transport the result of the authentication request back).
The Identity Management System of eduroam Id Ps contains the information of the end users; for instance usernames and passwords.
They must be kept up-to-date by the responsible Id P.
Figure 2.1: Layers of the eduroam RADIUS hierarchy NEED TO (RE)CREATE DIAGRAM ??
Institutions which opt to be eduroam Id P and eduroam SP at the same time can have one RADIUS server that fulfills both roles simultaneously.
This is the most popular deployment model in eduroam.
Requests for federation domains they are not responsible for are forwarded to the proper confederation TLR.
A federation RADIUS server has a list of connected Id P and SP servers and the associated realms.
Search for cisco 4400 validating identity radius:
Some EAP methods allow to put a different User-Name into the RADIUS packet than in the EAP payload.