Firewall Configuration Guidelines

RADIUS traffic is carried by UDP with various port pairs.  Current conventions call for udp/1812, udp/1813 (for authentication and accounting respectively) where the now deprecated ports of udp/1645, udp/1646 are used by some RADIUS servers.  The eduroam-US TLRS responds to both sets of authentication and accounting ports.

Your firewalls must allow all RADIUS traffic between the eduroam-US Top-Level RADIUS Server(s) (TLRS) and your RADIUS server(s) on the ports you choose during configuration.