Home » eduroam Setup » Firewall and IP address recommendations

Firewall and IP address recommendations

Posted
on April 17, 2017

The table below summarizes the IP addresses and ports associated with the Canadian Federation-Level RADIUS servers (FLRs) for eduroam, and monitoring of IdP status for Federated Identity Management (FIM). CANARIE operates additional monitoring and operational tools for CAF services.  Participants are encouraged to use these tools and permit access to CANARIE on the listed ports below.  The list of IPs, protocols and ports below should be made accessible through provisioning of your site firewall rules.

Table 1: CAF Operational Server IP Addresses and Ports

Service Location DNS CNAME IPv4 Address IPv6 Address CAF Participant Site Ports Required Ports Accepted by This Host
eduroam Kelowna BC prod1-west.eduroam.ca 128.189.5.5 icmp ping, UDP & TCP 1812, 1813, 2083, 3799 UDP: 1812, 1813
eduroam Vancouver BC Prod2-west.eduroam.ca 142.231.112.1 icmp ping, UDP & TCP 1812, 1813, 2083, 3799 UDP: 1812, 1813
eduroam Ottawa, ON prod1-east.eduroam.ca 205.189.33.100 2001:410:102:1::100 icmp ping, UDP & TCP 1812, 1813, 2083, 3799 UDP: 1812, 1813
eduroam Ottawa, ON prod2-east.eduroam.ca 205.189.33.101 2001:410:102:1::101 icmp ping, UDP & TCP 1812, 1813, 2083, 3799 UDP: 1812, 1813
eduroam Ottawa, ON monitor.canarie.ca 205.189.33.55 2001:410:102:1::55 icmp, ping, UDP & TCP: 1812, 1813, 2083, 3799, TCP: 443 UDP: 1812, 1813
eduroam Ottawa, ON tools.canarie.ca 205.189.33.111 2001:410:102:1::111 icmp, ping, UDP & TCP: 1812, 1813, 2083, 3799, TCP: 443 TCP: 443, 80
FIM Ottawa, ON logger.canarie.ca 205.189.33.23 2001:410:102:1::23 icmp, ping, UDP & TCP: 1812, 1813, 2083, 3799, TCP: 443 UDP: 514, TCP: 514
FIM Toronto, ON caf-shib2ops.ca 128.100.132.106 UDP:ping
TCP: 443, 80