GARR

Eduroam

21 May 2024 | eduroam

eduroam

Contacts

+06 4962 2000
This email address is being protected from spambots. You need JavaScript enabled to view it.

eduroam (Education Roaming)

Eduroam is a service that enables users traveling to different institutions to connect to the wireless network easily and securely, using the same login credentials from their home organization.

eduroam.org News

statistics

The Italian eduroam Federation

Who we are

Who can use eduroam?

Affiliated institutions

How to Connect

Find Your Contact Person

Interested in Joining?

Joining Procedure

How to?

Technical Documentation

eduroam at a Glance

Access to Services

Forms

Download the Forms

Map of Italian Hotspots

Map of Global Hotspots

FAQ

Check the FAQs

Support FAQs

User Support

Support for eduroam is provided by your home institution (e.g., your university). Therefore, you need to contact your organization's helpdesk for assistance in configuring your mobile devices (such as laptops or smartphones).

Forgotten Password

We're sorry you forgot your password. Eduroam credentials are managed by the same institution that generated your account (e.g., your university). Contact your home institution's helpdesk to have your password changed or reset.

I Need an eduroam Account

Eduroam credentials are issued by education and research institutions participating in the service. If your institution does not support eduroam, contact your organization's IT department to convince them to join eduroam! Here is the list of participating institutions: https://www.servizi.garr.it/eduroam/utenti/istituti-aderenti

Device Configuration Guide

You need to contact your home institution's helpdesk for assistance. Many organizations provide automatic eduroam configuration through eduroam CAT. Check if your institution is listed among those available.

Institutional Support

Institutions wishing to connect to eduroam and offer access to their staff, students, and researchers can apply by following this procedure. For any information requests, please write to this address: eduroam [at] garr.it.

SECURITY FAQs

Is eduroam Safe to Use?

eduroam is based on the most secure encryption and authentication standards currently in force.
Its security far exceeds that of typical commercial hotspots.

eduroam requires the use of 802.1x which provides end-to-end encryption to ensure that your private credentials are available only to your home institution (e.g., the university). What really matters is the certificate used by your home institution, regardless of who manages the infrastructure.

Please note, however, that when browsing the Internet by connecting from an eduroam hotspot, the local security measures of that hotspot will also apply to you. For example, firewall settings at the visited location may differ from those of your organization and, as a guest, you may have access to a reduced number of services.

Does eduroam Use a Web Portal for Authentication?

Web portal-based authentication mechanisms (Web Portal, Captive Portal, or Splash-Screen) are not considered secure for eduroam, even if the website is protected by a secure HTTPS connection.

What Happens If a Web Page Requests My Username or Password?

eduroam will never display a web page requesting your username and/or password. This is a sign that someone is attempting to steal your password: do not use any network that asks you for this type of information; in fact, we encourage you to report it to us at this address: eduroam [at] garr.it.

I've Heard That, Under Certain Circumstances, My University Credentials Can Be Stolen by Attackers. What Is This About?

The security model in eduroam is the result of a well-researched study. Your credentials are well protected as long as your device is configured correctly; in this case, any type of authentication used in eduroam (PEAP, TTLS-PAP, EAP-TLS) will be secure.

Your eduroam Identity Provider (e.g., your university) provides you with installation instructions that allow for correct and secure configuration - the most critical part is configuring the device to trust a specific certificate authority (CA) and the Identity Provider's server name.

Many eduroam Identity Providers offer installers or configuration files that allow you to configure your device securely with a simple process in just a few clicks. One of these is eduroam CAT and the geteduroam app - check if your institution is among those listed.

Use the installers and/or configuration instructions provided by your eduroam Identity Provider to be safe from attacks.

If you don't follow the configuration instructions, or in the unlikely event that your eduroam Identity Provider doesn't provide them, the account data you use to access eduroam is at risk of a Man-in-the-Middle attack. For eduroam Identity Providers, not providing sufficient configuration instructions is contrary to the eduroam participation policy, which is why we welcome reports of such cases at this address: eduroam [at] garr.it.

We want to clarify that this type of problem is not specific to eduroam: any wireless network with Enterprise-type authentication, in fact, is in the same condition.

eduroam (education roaming) is a wireless access service developed for the international research and education community.

Italian eduroam federation

The purpose of the Italian eduroam Federation is to facilitate access to theGARR network and other connected networks for mobile users (roaming users) from participating organizations (eduroam service).

The Federation is coordinated by Consortium GARR, which represents it to other federations and confederations. eduroam is a registered trademark of the GEANT Association - formerly TERENA,and stands for Educational Roaming. More information can be found at http://www.eduroam.org.

The core principles of the Italian eduroam Federation are as follows:

Allow users from member institutions to access the GARR network (and connected networks) when visiting another participating organization. Access is provided through the host organization’s network infrastructure using their home institution’s login credentials, thanks to the eduroam service.
Ensure the security of login credentials and the data exchanged by roaming users.

La Italian eduroam federation is a member of the European eduroam Confederation, whose rules have been signed by the GARR Consortium on behalf of the Federation.

The goal of the European eduroam Confederation is to extend internationally the services provided by national eduroam federations to their members, ensuring as much consistency as possible in usage rules while accommodating differences imposed by national regulations.

Peering with Non-Eduroam Federations

The Italian eduroam Federation can also establish peering agreements with other federations that are not part of the European eduroam Confederation but provide equivalent mobility services. In such cases, the Federation must define the peering policies to be adopted. These peering agreements do not extend to federations within the European eduroam Confederation and their related services.

Who can access eduroam?

Identity and resource provider

Eduroam is available to all users from organizations that are part of the federation. It allows seamless wireless network access both within one’s home institution and at other participating organizations in Italy and around the world. Check if your institution is already a member and explore participating organizations worldwide by clicking the dropdown below.

/* Stile di base per il titolo dell'accordion */ .rl-accordion-title { cursor: pointer; /* Cambia il cursore per indicare che è cliccabile */ } /* Aggiungi l'icona + per l'accordion chiuso */ .rl-accordion-title::after { content: '+'; /* Aggiungi il simbolo + */ font-weight: bold; margin-left: 10px; /* Spazio a sinistra del simbolo */ font-size: 24px; /* Aumenta la dimensione del simbolo */ } /* Cambia l'icona a - quando l'accordion è aperto */ .rl-accordion-title.active::after { content: '-'; /* Cambia il simbolo a - */ font-weight: bold; font-size: 24px; /* Aumenta la dimensione del simbolo */ } document.addEventListener("DOMContentLoaded", function() { // Seleziona tutti i titoli dell'accordion const accordionTitles = document.querySelectorAll(".rl-accordion-title"); accordionTitles.forEach((title) => { // Aggiungi un listener per il click sul titolo dell'accordion title.addEventListener("click", function() { // Verifica se l'elemento ha la classe 'active' if (title.classList.contains("active")) { title.classList.remove("active"); } else { title.classList.add("active"); } }); }); });

Affiliated institutions

To filter the results, enter the initials of your institution in the search field.

LEGENDA

Institutions Info Status CAT profile

/* Custom filtering function which will search data in column four between two values */ $.fn.dataTable.ext.search.push( function( settings, data, dataIndex ) { var filter=$('#filter_institution').val(); var institution_type = data[4]; var institution_status = data[5]; if(filter=='type_all'){ return true; } else if (filter=='inactive'){ return institution_status=='inactive'; } else if (filter=='type_idp_sp'){ return institution_type=='IdP+RP' && institution_status=='active'; } else if (filter=='type_idp'){ return institution_type=='IdP' && institution_status=='active'; } else { return institution_type=='RP' && institution_status=='active'; } } ); $(document).ready(function() { var table = $('#example').DataTable({ "processing": true, "ajax": '/data/eduroam/institutions.json', "columns": [ {"data": "name"}, { "data": "url", "orderable": false, "className": 'dt-body-center', "render": function(data, type, row){ if (data!=null){ return ''; } else { return ''; } } }, { "data": "status", "orderable": false, "className": 'dt-body-center', "render": function(data, type, row){ if (row.status == 'inactive'){ image = '"fa-regular fa-hourglass-half fa-lg uk-text-muted"'; } else if (row.type == 'IdP+RP') { image = '"fa-solid fa-building-circle-check fa-lg uk-text-success"'; } else if (row.type == 'IdP') { image = '"fa-regular fa-id-card fa-lg uk-text-primary"'; } else { image = '"fa-solid fa-wifi fa-lg uk-text-primary"'; } return ''; } }, { "data": "cat", "orderable": false, "className": 'dt-body-center', "render": function(data, type, row){ if (data!=null){ return ''; } else { return ''; } } }, { "data": "type", "visible": false, }, { "data": "status", "visible": false, } ], }); $('#filter_institution').change(function(){ var value=$(this).val(); table.draw(); }); } );

The service that allows users on the move to easily and securely access the wireless network

eduroam in a nutshell

eduroam (Education Roaming) is the service that allows users on the move to easily and securely access the wireless network at other organizations, using the same credentials provided by their home institution.

Students, professors, and researchers visiting an institution or organization that participates in eduroam can access the network from any mobile device and authenticate using the credentials they regularly use within their home organization.

How it works

Eduroam technology is based on the IEEE 802.1X standard and a hierarchy of RADIUS proxy servers, allowing any user from a participating institution to gain network access at any connected institution. Depending on the local policies of the visited institutions, eduroam participants may also have access to additional resources.

A Configuration Assistant Tool (CAT) has been developed to help organizations provide their users with access to eduroam. This tool, available for the most common platforms, allows you to configure your device quickly and easily.

Here you can find the configuration tool for institutions that have customized their eduroam profile. If it’s not available for your university or organization, you can consult the informational pages provided by your institution. Alternatively, you can contact your institution's Access Port Manager.

Is it secure?

eduroam is based on some of the most secure encryption and authentication standards currently available. Its security far exceeds that of typical commercial hotspots.

eduroam requires the use of the IEEE 802.1x standard, which provides end-to-end encryption to ensure that user credentials are only accessible by their home institution.
Moreover, user credentials are protected because eduroam does not share them with the site you are visiting; instead, they are forwarded to the user's home institution, where they can be verified and validated.

Unlike eduroam, authentication methods based on Web Portal, Captive Portal, and Splash Screens require you to trust their infrastructure when they receive your password in plain text, which would compromise the end-to-end encryption principles and security that eduroam offers.
eduroam will never display a web page asking for a username and/or password.

What are the benefits of eduroam for users?

The Wi-Fi roaming service eduroam is free for users, and once installed on your laptop, mobile phone, or other device, there’s no need to request temporary accounts or borrow someone else's credentials: simply turn on your device, and you should be online.

Where can I use eduroam?

Whether you are moving to campus or spending time studying or working at another research and educational institution, eduroam offers you seamless internet connectivity.
Over 10,000 hotspots are available at universities, research centers, academies, schools, and other research and educational institutions in more than 100 countries worldwide.

What about in Italy?

In Italy, eduroam is managed by the Italian eduroam Federation, coordinated by the GARR Consortium, which defines its usage rules and represents it in other federations and confederations.

What are the benefits of eduroam for institutions?

eduroam provides a single solution that meets all the mobility connectivity requirements of an institution, supporting both local users and visitors connecting to the local network, as well as users connecting to other participating networks.

Additionally, eduroam eliminates the need to provide temporary accounts, thus reducing administrative burdens, as students, staff, and researchers visiting another institution or country use the credentials provided by their home institution to access Wi-Fi services.

Identity e Resource Provider [IDP e RP]

Identity Provider: Organizations that participate in the service by providing their users with the necessary credentials to access the network;
Resource Provider: Organizations that participate in the service by providing the devices and network infrastructure that allow users to access the network.

Who and How

Only institutions connected to the GARR network can join the Italian eduroam Federation as an Identity Provider (IDP) or as both Identity Provider (IDP) and Resource Provider (RP).
Institutions, institutes, or organizations that ARE NOT connected to the GARR network can join the Italian eduroam Federation exclusively as a Resource Provider (RP).

Where and When

If my institution is only an Identity Provider (IDP) of the eduroam federation, I will be able to connect to the Wi-Fi network of all national or international organizations that are Resource Providers (RP) of the eduroam Federation, but WILL NOT be able to do so within my own institution.
If my institution is only a Resource Provider (RP) of the eduroam federation, all users from national and international organizations that are Identity Providers (IDP) of the eduroam federation, will be able to access the institution's Wi-Fi network.
If my institution is both an Identity Provider (IDP) and a Resource Provider (RP) of the eduroam federation, I will be able to connect to the Wi-Fi network of my institution and all national or international organizations that are Resource Providers (RP) of the eduroam federation, and my institution will be able to grant access to all users from national and international organizations that are Identity Providers (IDP) of the eduroam federation.

Also check

Check the map of Resource Providers (RP) and the locations where you can connect if your institution is an Identity Provider (IDP) of the eduroam federation.
Check if your institution has joined eduroam and whether it is an IDP or RP (RP is also referred to as SP - Service Provider).

Administrative Procedures

To join the Italian eduroam Federation as an Identity Provider (IDP) or Resource Provider (RP), or both, the same procedure outlined under "Joining Procedure" must be followed.
Institutions, institutes, or organizations that ARE NOT connected to the GARR network can request to join only as a Resource Provider (RP).

All organizations connected to GARR can request to join the eduroam federation for free

Admission procedure

Universities, research organizations, and all other scientific and academic institutions that wish to join eduroam and offer access to their staff, students, and researchers can apply for eduroam service membership by following the procedure outlined below.

How to Join

Complete the Application Form attached to the Regulation of the Italian eduroam Federation following the instructions for completion;
Appoint two Technical Contacts for the eduroam service, responsible for necessary interaction with GARR for the proper functioning of the service, and provide their names, contact information (phone, mobile, email) in the Application Form;
Digitally sign the Application Form and send it via certified mail (PEC) to GARR at This email address is being protected from spambots. You need JavaScript enabled to view it.. The form must be signed by the Legal Representative of the applying institution or by one of their delegates with the necessary authority (e.g., the Director of a Section/Institute in the case of an application from institutions with multiple locations such as CNR/ENEA/INFN, INAF, INGV, etc.).

Once approved, the application, countersigned by the Consortium GARR, will be sent back to the applying institution via PEC.

The data of the Technical Contact(s) provided by the institution through the application form will be processed by GARR for the purpose of providing the eduroam service.

What to do in case of a change in the eduroam Technical Contact

The Technical Contact is an important point of reference for interaction between GARR and the institution participating in the eduroam Service.
Therefore, it is the responsibility of the participating institution to promptly notify GARR of any change in the Technical Contact or update of their contact details.

The institution wishing to change its Technical Contact for the eduroam service must:

Complete the Technical Contact Update Form in full;
Digitally sign the Technical Contact Update Form and send it via email to This email address is being protected from spambots. You need JavaScript enabled to view it.. The form must be signed by the Legal Representative of the requesting institution or by one of their delegates with the necessary authority (e.g., the Director of a Section/Institute in the case of an application from institutions with multiple locations such as CNR/ENEA/INFN/INAF/INGV, etc.).

Upon receiving the request, GARR will update the Technical Contact information for the eduroam Service. The institution will be notified by email once the update has been made.

Acceptable Use Policy (AUP) and obligations of the participants

Service access

The roaming network access service provided by the Federation is available to all end-users of member organizations, users from other federations that are part of the European eduroam Confederation, and other federations with which there is a peering agreement.

Federation members can restrict access to services provided to other federations if the policies practiced by those federations or some of their members cannot guarantee certain requirements set by Italian law or fail to meet the minimum security standards required by the Federation.

Participants in the Federation MUST inform the GARR Consortium of any access limitations they establish, as well as any changes to these limitations.

Federation members must make their Acceptable Use Policies (AUP) available to hosted users, who are required to comply with them and refrain from behaviors that violate them, even if allowed elsewhere.

Obligations of Participants

Educate their users on respecting the AUPs of visited institutions and commit to resolving any issues caused by their users;
Provide a secure authentication server;
Inform guests about the methods and level of security offered;
Guide users on how to use the service and avoid transferring technical support issues to other institutions;
Keep logs of authentication sessions and network access;
Report any security issues to their NREN and contribute to their resolution.

// Configurazione const MAX_VIDEOS = 6; const TAG_FILTER = 'eduroam'; const API_BASE_URL = 'https://garr.tv/api/v1/videos'; const MAX_TITLE_LENGTH = 90; // Funzione per troncare il testo function truncateText(text, maxLength) { if (text.length

eduroam configuration on Windows 7

13 July 2017 | eduroam

To configure your Windows 7 device for eduroam, proceed as shown below.

eduroam configuration on Windows 10

13 July 2017 | eduroam

To configure your Windowss 10 device for eduroam, proceed as shown below.

eduroam configuration on Mac OS X

13 July 2017 | eduroam

To configure your Mac OS X device for eduroam, proceed as shown below.

eduroam configuration on Linux

13 July 2017 | eduroam

To configure your Linux device for eduroam, proceed as shown below.

eduroam configuration on iphone

13 July 2017 | eduroam

To configure your iPhone for eduroam, proceed as shown below.

eduroam configuration on android

13 July 2017 | eduroam

To configure your Android device for eduroam proceed as follows.

Network Operations Center - NOC

16 April 2024 | NOC

Network Operations Center
NOC

Contacts

monday - friday | 8:00 - 20:00

+06 4962 2550
This email address is being protected from spambots. You need JavaScript enabled to view it.

other contacts

NOC (Network Operations Center)

The GARR service is responsible for managing and operating the network infrastructure, handling fault management, activating new connections, and collecting and publishing traffic statistical data.

The GARR NOC is responsible for managing the GARR network infrastructure and ensuring its efficient operation.

Traffic statistics

Network management

Mgmt Section

Fault reporting

Procedure

Trouble Ticket System

go to TTS

Other networks connections

other network

Customized connectivity

your connectivity

Security

go to GARR CERT

Documents

go to Documents

FAQs

go to FAQs

FAQ

Chi può contattare il NOC ?

Solo gli APM (Access Port Manager) della rete GARR possono contattare direttamente il NOC attraverso i riferimenti indicati nella pagina Contatti.
I singoli utenti GARR che desiderano segnalare problemi sulla rete sono invitati a fare riferimento al proprio APM.
Un APM che desidera riportare un problema sulla rete puo' contattare il NOC possibilmente via e-mail, o comunque utilizzando uno dei modi sopra indicati.

Come posso riportare un problema sulla rete?

Un APM (Access Port manager) che desidera riportare un problema sulla rete puo' contattare il NOC possibilmente via e-mail, o comunque utilizzando uno dei modi indicati nella pagina contatti

Posso diventare un APM / essere inserito nella lista degli APM?

Un APM che desidera riportare un problema sulla rete puo' contattare il NOC preferibilmente via e-mail, o comunque utilizzando i riferimenti presenti nella pagina Contatti.
La comunicazione della lista degli APM viene fatta al NOC dalla direzione del Consortium GARR; eventuali modifiche a tale lista non sono quindi di competenza del NOC e devono essere richieste alla direzione attraverso i contatti GARR.
È possibile collaborare con il NOC indicando suggerimenti, evoluzioni, progetti, etc. legati ai compiti del NOC, inviando una e-mail.
Nei limiti delle possibilità logistiche, il GARR è disponibile a concordare con gli APM la organizzazione di riunioni, corsi o specifiche consulenze.
Gli APM interessati possono contattare il GARR attraverso i contatti GARR.
Un APM (Access Port manager) che desidera riportare un problema sulla rete puo' contattare il NOC possibilmente via e-mail, o comunque utilizzando uno dei modi indicati nella pagina contatti

Vorrei attivare IPv6, cosa devo fare?

L'organizzazione che vuole richiedere l'abilitazione di IPv6 sul proprio link di accesso a GARR, deve farne esplicita richiesta tramite un messaggio email dell'APM (Access Port Manager) al NOC di GARR. Verrà contattato in seguito per una semplice operazione, la configurazione di IPv6 sul link di accesso, verificandone contestualmente il buon esito. L'operazione tipicamente non ha impatto sull'inoltro dei pacchetti IPv4.
All'atto dell'attivazione, l'utente dovrà aver già configurato IPv6 sul proprio router di accesso e sulla propria LAN.
Il GARR NOC è disponibile a fornire assistenza per quanto riguarda le informazioni necessarie all'attivazione di IPv6 sul proprio router di accesso e ad indicare tutta la documentazione disponibile per la configurazione del nuovo protocollo sulla propria LAN e sulle workstation ad essa collegate. Sarà utile avere già configurata prima dell'attivazione del servizio una macchina (PC) già configurata con IPv6, per permettere ai tecnici GARR di diagnosticare eventuali problemi.

Chiudi

NOC Team

Meet the team

We manage the GARR network infrastructure to ensure its efficient operation

Network management

GINS (GARR Integrated Networking Suite)

GINS is a software suite that includes tools for network issue diagnostics and tracking, traffic statistics acquisition and visualization, and network activity reporting.

The status and performance of the GARR network are constantly monitored to ensure the most efficient service possible to the Italian University and Research community. GINS provides online public statistics and customized access for individual organizations.

Got to GINS website
Monitoring
It performs continuous monitoring of the infrastructure and network performance.
It analyzes and resolves issues related to network software, hardware, services, and applications.

Statistics
- Traffic statistics
- User site traffic statistics
- POP traffic statistics
- Peering traffic statistics
- Links traffic statistics
- WeatherMap
- WeatherMap backbone IP
Alarm Management and Activations
It interacts with telecommunication operators for alarm management and user connection activation at the RCs.
It tracks network incidents and maintenance through trouble tickets.

Trouble Ticket System
- Trouble Ticket System
- Tickets in progress
- POP tickets
- Network Services tickets
- Fault reporting
Routing

It performs IP routing functions on the components of the national network infrastructure (including international links and peering connections with NAPs and ISPs) and implements routing policies on the routers in harmony with the defined topology and functionalities.

It serves as the primary point of contact for network users and NOCs of other networks.

CONNECTIONS TO OTHER NETWORKS
Maintenance and support

It carries out scheduled maintenance, network migrations, coordinates field technician interventions when necessary, provides user support in configuring their network devices, keeps network infrastructure documentation up to date, and produces regular reports on network operation.

Maintenance and support
Configurations for new users

Configures Concentration Routers to accommodate User Router (UR) connections, in coordination with telecommunications operators. Interacts with the technical departments (NMC) of TLC Operators and the TAC (Technical Assistance Center) of network equipment vendors. Tests and activates new optical/IP circuits and services.

Network technologies Network map
Security

Filter network traffic in case of security incidents and DoS attacks in close collaboration with GARR-CERT

GARR CERT
Integration with European networks

It interacts with the GÉANT Pan-European network NOC for the management of international connectivity.

Integration with European networks

FAULT REPORTING PROCEDURE

The trouble ticket system allows tracking of all interventions involving service interruptions, software/hardware updates, and maintenance of GARR equipment and lines.

Trouble tickets are issued and managed by the NOC in response to:

Identification of an issue following an alarm generated by NOC monitoring procedures
Identification of an issue by the NOC
Notification from an APM (Access Port Manager) of GARR network users
Notification from telecommunication operators

The NOC monitors the evolution of the issue and provides appropriate updates following relevant status changes. Upon completion of operations, the trouble ticket is closed, reporting details about the nature of the intervention/problem.
The responsible individuals for access to the GARR network are informed of the existence of an issue by sending an email to the APM mailing list for every opening/modification/closure of a trouble ticket.
The names of the Access Port Managers (APMs) are communicated to the NOC by the GARR Directorate.

Who can contact the NOC

The GARR NOC can only be directly contacted by the GARR users' Access Port Managers (APMs).

Each APM represents a single entity/institution connected to GARR and is responsible for managing the configuration of the user router through which access to GARR is established. They also interact with the NOC whenever issues arise with the connections that affect this access.

End-to-end connectivity services to establish direct, physical, or virtual links

Customized connectivity

Upon request, GARR provides end-to-end connectivity services to establish direct, physical, or virtual links between two or more locations in order to extend its data centers geographically or to segregate data from specific applications and share resources transparently.

Dedicated connectivity is a fee-based service.

Dark fiber

Most accesses are implemented using DF (dark fiber) between the Point of Presence (POP) and the user's site or on GARR transmission infrastructure. In case of unavailability of one of these methods, transport is carried out via Lambda Wave or through SDH mode accesses, implemented on operator circuits.
Bandwidth upgrade

According to the requirements, it is possible to perform upgrades to 1-10 Gbps or multiples, up to 100 Gbps.

Types of connections

IP Access

It constitutes the basic connectivity for access and is usually implemented through a point-to-point connection between the site and the nearest GARR POP. If necessary, it is possible to configure accesses on different POPs to ensure connectivity in case of a fault on the primary link. Through appropriate rerouting protocols, traffic can be moved to the functioning link.
L3VPN

It is a Layer 3 Virtual Private Network (VPN) service. User traffic can be securely transported between the various locations of an organization over a public network. This type of service is requested, for example, by organizations with distributed offices nationwide that need to communicate securely over proprietary networks, separate from public ones.
L2VPN

It is a Layer 2 Virtual Private Network (VPN) service. The principle is the same as L3VPN but in this case, it is applied at Layer 2 (data link).
VPLS

It is an Ethernet-based service that provides a Layer 2 (data-link layer) point-to-multipoint virtual private connectivity (LAN-type). VPLS allows devices located in geographically distinct sites to be connected to the same Ethernet LAN network. From the device's perspective, it will appear directly connected to the remote device even though it is traversing the backbone network.
END TO END

End-to-end connections are direct links between two points in the network. These connections can terminate either on routers, thus traversing the IP network, or on transmission equipment, thus traversing the optical network. Logically, they can be represented as a cable that interconnects two points (sites) of the network, carrying only the traffic from site A to site B and vice versa.

NOC Team

Fabrizio Bataloni

Manager
Luna Nike Mora
Agostino Tasca
Marco Parisi
Lorenzo Ercoli
Manuel Petrianni

For more information about the services or to request activation

Network Information Center - NIC

21 May 2024 | NIC

Network Information Center
NIC

Contacts

+06 4962 2044
This email address is being protected from spambots. You need JavaScript enabled to view it.

other contacts

GARR NIC (Network Information Center)

This service handles the free registration of .it and .eu domain names for all institutions connected to the GARR network.

GARR offers a secondary DNS service for institutions connected to the GARR network upon request. To register a .it domain, at least two DNS servers (primary, secondary) are required. Institutions are guaranteed support for DNS configuration both during activation and for all service maintenance operations.

DNSSEC can be activated on .it and .eu domains already registered with GARR, a DNS Security extension that consists of a set of specifications aimed at adding a security layer to DNS.

statistics

Domain Name Registration for .IT

Domain Name Registration for .EU

AAMS filters

DNSSEC activation

References and information

Organization data modification form

go to the form

Forms and Documentation

Statistics

FAQs

Go to faqs

FAQ

If I register a domain with a Registrar other than GARR, can I assign a GARR IP to a host where services related to that domain are active?

"If the traffic generated by the services related to that domain (web, email, etc.) passes through GARR (using a GARR IP), the use of the domain must comply with GARR's AUP, regardless of the Registrar through which the domain is registered or the TLD to which it belongs."

Can a GARR entity register a domain with another Registrar whose use is not in compliance with the AUP?

An entity affiliated with GARR is free to register a domain with any other commercial Registrar under any TLD (including .it and .eu). If the domain is not registered for institutional purposes, and therefore not compliant with the AUP, the traffic generated by services related to the domain should not pass through the GARR network. Therefore, the hosts where these services will be activated should not have a GARR IP.

We have noticed that a user has registered a domain that points to the web server of a host with a GARR IP. How should we proceed?

In general, it is the responsibility of the APM to monitor the usage of the public address space (IPv4 and IPv6) assigned to their network infrastructure. Unfortunately, conditions can arise that make it very difficult to control unauthorized activation, on hosts with GARR IP, of services related to a domain registered with a commercial maintainer

Typical Case:
A user of a GARR entity decides to independently register a domain name by using a commercial Registrar. In addition to the registration, the user may request to point the www resolution of the domain to the IP address assigned to the personal computer that the user uses every day, which also hosts a web server. Situations like these are clearly beyond the control of the APM or are very difficult to detect. When an APM does manage to detect such cases, they can proceed with a "cleanup" action or request a Registrar change for the domain to GARR-MNT with the consent of the registrant, or take at least control of the forward and reverse resolution in the DNS for services related to that domain. In any case, services related to that domain must comply with GARR AUP, as they are active on a host with a GARR IP.

How much does it cost to register a domain with GARR?

The Network Information Centre service of GARR is exclusively active for all entities affiliated with the GARR Network. Entities belonging to the GARR Community can request domain name registration under the ccTLD ".it" or ".eu" from GARR at no additional cost to them beyond what is already defined in the agreement with GARR

I have registered a domain with a commercial Registrar whose usage is compliant with the AUP. Can I manage the resolution for this domain name using my own nameservers even if the Registrar is not GARR?

The administrative procedure for registering a domain name and the resolution of names associated with that domain are two independent aspects. It is possible to entrust the administrative registration procedure to a commercial Registrar, but the authoritative nameservers for that domain name can be managed by the entity itself.

The Legal Representative (APA) must always request registration from GARR for a domain name, even when the registration procedure for a specific domain name is not directly managed by GARR?

The registration request is exclusively required for domain names that the requesting entities intend to register with GARR-MNT or for domains belonging to any TLD for which secondary nameserver service is requested. For all domains registered with a commercial Registrar and for which secondary DNS service is not requested from GARR, it is not necessary to send the registration request signed by the Legal Representative. In these cases, it is assumed by all GARR entities that the use of such domains must be compatible with the AUP.

Our Student and Graduate Guidance Center needs to activate a web service, provided and managed by an external company. Consequently, we need to associate the IP address of an external host with the www.pippo.unipaperopoli.it host. Can we do that?

Hosting on machines with non-GARR IPs to which a name under a second (or third, etc.) level domain registered by GARR is assigned is always better to avoid for traceability reasons in case of security incidents that may occur on such hosts. If the non-GARR IP host is used illicitly, it is highly likely that notification of the event would not reach either the entity that registered the domain or GARR-CERT. Therefore, GARR's position in these cases is to discourage the adoption of such solutions. Registering that domain is not technically necessary to operate services related to it.

Under which TLDs can I register domain names by contacting GARR?

The GARR-NIC handles domain name registrations only under the ccTLDs ".it" and ".eu" and exclusively for entities belonging to the GARR Community.

I know that GARR provides a secondary DNS service. Can this service also be requested for domain names registered under TLDs other than ".it" and ".eu"? Are there any additional costs for requesting this service?

GARR provides a secondary DNS service for domain names registered under both the ccTLDs ".it" and ".eu" as well as under any other TLD. There are no additional costs for activating the service. However, the service can only be provided for domain names whose usage complies with the AUP.

I need to transfer domain management to GARR-MNT for a domain previously registered with a commercial Registrar. In this case, do I also need a registration request signed by the Legal Representative (APA)?

Even in the case of transferring a domain name from another provider to GARR, it is necessary to send the registration request signed by the Legal Representative(APA) via fax to the number +39-06.4962.2044

How to request IP addresses?

The documentation regarding the request for new IP addresses and the maintenance of information related to assigned IP addresses is available on the pages of the GARR-LIR. Only organizations connected to the GARR network can request the registration of .IT and .EU internet domains at the GARR-NIC. Documentation regarding the request for new domains and the maintenance of information related to already registered domains is available on the pages of the GARR-NIC.

Who should I contact to register a domain name?

Only organizations connected to the GARR network can request the registration of .IT and .EU internet domains from the GARR-NIC. Please consult the GARR website for a list of such organizations. Documentation regarding the request for new domains and the maintenance of information related to already registered domains is available on the pages of the GARR-NIC.

We received an email advising us to register our institutional domain name under the following TLDs: .asia,.com.hk,.com.tw,.hk,.in,.net.cn,.org.cn,.tw, .at, .in. How should we proceed?

GARR recommends NOT following the advice given in the email.

Chiudi

whois

go to WHOIS

Go to LOCAL INTERNET REGISTRY - LIR

go to LIR

Assignment of new domain names under the 'IT' ccTLD

Domain Name Registration for .IT

Any organization authorized to access the GARR network can request domain names from the GARR NIC

From 08/02/2011, the GARR-NIC has become a Registrar. Now, it's possible to manage the registration and maintenance procedures of ".it" domains synchronously on behalf of all entities belonging to the GARR Community.
The synchronous registration of a ".it" domain allows the GARR-NIC to complete, in real-time, both the procedures for updating already registered domains and for registering new domain names, without requiring the registering entity to send any paper documentation to the Registry

Request procedure

To register a new ".it" domain name, you need to::

To download the registration form for the request and maintenance of a domain
Submit the registration request signed by the Legal Representative (APA) of the requesting Entity .
The registration requests for a new '.it' domain name should be sent via email to This email address is being protected from spambots. You need JavaScript enabled to view it. and cc'd to: This email address is being protected from spambots. You need JavaScript enabled to view it.

Fill in by indicating:
- In the request, you need to provide the details of the entity requesting the domain (registrant), the administrative contact for the domain (admin), and the technical contact (APM) for the domain, such as the DNS manager.
- Within the form, there is a section dedicated to the authoritative nameservers for the domain name zone you intend to register. You must specify the primary nameserver and at least one secondary nameserver. If you do not have a secondary nameserver, you can request to use GARR's secondary DNS service.
- The DNS must be configured in accordance with the specifications outlined in rfc1912
- Before initiating a request for a new .it domain, it is recommended to read the service description and, in case of any doubts, contact the GARR NIC

Addresses in the .IT domain

Starting from July 11, 2012, it will be possible to register domain names in the .it level even using words with accents. For example, we could use web addresses that contain words like university, health, or city. Those that are technically referred to as Internationalized Domain Names (IDNs) will be accepted, meaning accented words and non-Latin names, including characters commonly used in French such as ç or in German such as ß.

We would like to inform you that there is no initial period allowing owners of names, trademarks, and logos to benefit from any sort of pre-emption right. Therefore, the assignment will be made on a first-come, first-served basis.

For users who are part of the GARR network, the rules for requesting domain name assignments remain unchanged. The request, signed by the Legal Representative of their organization (APA), must be sent as usual to the GARR NIC service.

Assignment of new domain names under the 'EU' ccTLD

Domain Name Registration for .EU

Any organization authorized to access the GARR network can request domain names from the GARR NIC

Before initiating a request for a new .eu domain, it is necessary to read the service description, and, in case of doubts, contact the GARR NIC

Request procedure

To register a new ".eu" domain name, you need to:

Read the documentation available in the Forms Section
To download the registration form for the Request and Maintenance of a domain.
The completed form with the registration request must be sent by email to This email address is being protected from spambots. You need JavaScript enabled to view it. and copied to This email address is being protected from spambots. You need JavaScript enabled to view it..

Fill in by indicating:
- Organization
- Contact Person: First Name, Last Name
- Phone
- address
- Valid Email Address. A valid email address is important, being the only means through which to contact you: it will be used as a communication tool. EURid reserves the right to revoke a domain name if not accompanied by a valid email address.
Registrations are made on a "first come, first served" basis, meaning that the Registry processes the registration of a domain name based on the first request received. The registration of a .eu domain name lasts for one year. Unless otherwise notified in advance by EURid through GARR-NIC, the domain name will be renewed upon its expiry.
A domain name must be unique. To check the availability of a name, use the WHOIS search tool .
Domain names must meet certain technical requirements:
- at least 2 characters between 'a' and 'z'
- numbers from '0' to '9' and the hyphen '-'
- a maximum of 63 characters
- must not begin or end with a hyphen
- cannot contain a hyphen '-' in the third and fourth position.

In accordance with EU Regulation 733/2002 and CE Regulation 874/2004, certain names cannot be registered, and others are reserved for use by EU institutions or the governments of member states, EEA countries, and candidate countries.

The ability to use special Latin characters, as well as characters from the Greek and Cyrillic alphabets (without mixing different alphabets) for registering domain names under the .eu extension in Latin was introduced in December 2009. In 2016, EURid introduced the .eu extension in Cyrillic (.ею), and in 2019, the .eu extension in Greek (.ευ). With the introduction of these two new extensions, a rule was implemented stating that the alphabet used for the .eu extension must match the alphabet used for the domain name (latin.latin, cyrillic.cyrillic, and greek.greek).

For more information about .eu IDN domains, please visit these links:

EURid's Timeline

Domain names (IDNs)

Terms and condition for registration

At the time of registering a domain name, it is necessary to consent to the terms and conditions for end-users. This includes being bound to an extrajudicial resolution of disputes if a third-party claimant with recognized rights to the domain name alleges that your registration was made for speculative or abusive purposes. GARR-NIC will submit these conditions to you at the time of registration for formal signature. Non-compliance with these conditions may result in the loss of the domain name.

Update of the name server

our domain name will be active only after the EURid name server is updated. The update is performed five times a day. Of course, this will be possible only if GARR-NIC has also made the necessary changes.

Whois

Once registered, your domain name will be immediately stored in the WHOIS database. Some of your data will be publicly available through the WHOIS lookup function, which allows interested parties to find out who owns a specific domain name or associated website. Of course, the WHOIS database will be subject to restrictions to prevent misuse and comply with data protection requirements. Anyone accessing information through WHOIS will be subject to a disclaimer, which essentially states that the information cannot be used for commercial purposes.

Inhibition in the DNS of unauthorized sites offering gambling and tobacco

AAMS Filters

GARR, for its institutional purposes, is the holder of the authorization granted by the Ministry of Economic Development to operate as the manager of the public network dedicated to the Italian academic and research community.

For this reason, it is subject to the provisions of the State Customs and Monopoly Agency, which require the inhibition of domain names related to unauthorized websites offering online gambling or tobacco and inhalation liquid products
The inhibition provisions are indeed an obligation for the entities holding the authorization granted by the Ministry of Economic Development to operate as managers of a public network.

The national list of companies authorized to provide electronic communication services to the public is available on the website of the Ministry of Economic Development.

Websites subject to inhibition

The list of websites subject to inhibition is available on the website of the Customs and Monopolies Agency, in the Monopolies section.

Certification Service

21 May 2024 | CS

Certification Service
CS

Support and Contacts

+06 4962 2000
+39 050 221 3158
This email address is being protected from spambots. You need JavaScript enabled to view it.

other contacts

GARR CS (Certification Service)

The GARR Certification Service provides free digital certificates, both personal and server types, to all institutions connected to the GARR network.

The certificates are issued by the Certification Authority HARICA through the GEANT Trusted Certificate Service

statistics

Types of Certificates Issued

Certificate Request

Documents

go to documents

GARR participates in the Trusted Certificate Service (TCS) promoted by Géant for the benefit of European research networks

Types of certificates issued

GARR participates in the Trusted Certificate Service (TCS)M promoted by Géant for the benefit of European research networks.

Through this service, GARR provides its community with digital x.509 certificates (also available in e-Science version, valid for authentication on GRID resources) issued by one of the major commercial Certification Authorities: HARICA, automatically recognized by nearly all existing web browsers.

SSL certificates: for server authentication and securing sessions with clients;
GRID certificates: for server and Grid service authentication (IGTF compliant);
Personal certificates and personal GRID certificates: for user authentication and securing email communications;
Code signing certificates: for software signing;
Document signing certificates: for authenticating documents created with Adobe PDF, Microsoft Office, OpenOffice, and LibreOffice.

TCS Certificates

Certificate request and generation

Administrator: For managing requests and generating digital certificates, see the guide by GARR CS dedicated to service managers: https://tcs-docs.aai.garr.it
Users: For submitting certificate requests, please refer to the digital certificate managers within your organization.

Statistics

source: GARR annual report 2024

/* body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; min-height: 100vh; } */ .header { text-align: center; margin-bottom: 3rem; color: black; } .header h1 { font-size: 2.5rem; font-weight: 300; margin-bottom: 0.5rem; } .header p { font-size: 1.1rem; opacity: 0.9; margin-top: 0.5rem; } .chart-card { background: rgba(255, 255, 255, 0.95); backdrop-filter: blur(10px); border-radius: 20px; padding: 2rem; box-shadow: 0 8px 32px rgba(0, 0, 0, 0.1); border: 1px solid rgba(255, 255, 255, 0.2); transition: transform 0.3s ease, box-shadow 0.3s ease; margin-bottom: 2rem; } .chart-card:hover { transform: translateY(-5px); box-shadow: 0 12px 40px rgba(0, 0, 0, 0.15); } .chart-header { text-align: center; margin-bottom: 1.5rem; } .chart-title { font-size: 1.3rem; font-weight: 600; color: #2d3748; margin-bottom: 0.3rem; } .chart-subtitle { font-size: 0.85rem; color: #383b40; line-height: 1.4; } .chart-container { position: relative; height: 400px; margin-bottom: 1rem; } .controls { display: flex; justify-content: center; align-items: center; gap: 1rem; flex-wrap: wrap; margin-top: 1rem; } .download-btn { background: linear-gradient(135deg, #1e3c72 0%, #2a5298 100%); color: white; border: none; padding: 0.6rem 1.2rem; border-radius: 8px; font-size: 0.9rem; cursor: pointer; transition: all 0.3s ease; box-shadow: 0 4px 15px rgba(30, 60, 114, 0.3); } .download-btn:hover { transform: translateY(-2px); box-shadow: 0 6px 20px rgba(30, 60, 114, 0.4); } .stats-summary { background: rgba(255, 255, 255, 0.9); backdrop-filter: blur(10px); border-radius: 15px; padding: 1.5rem; } .stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1rem; } .stat-item { text-align: center; padding: 1rem; border-radius: 10px; background: linear-gradient(135deg, #f7fafc 0%, #edf2f7 100%); } .stat-number { font-size: 1.8rem; font-weight: 700; color: #2d3748; } .stat-label { font-size: 0.9rem; color: #718096; margin-top: 0.25rem; } @media (max-width: 768px) { .header h1 { font-size: 2rem; } .chart-container { height: 300px; } body { padding: 1rem; } }

CS: Digital Certificates Issued

GARR's Certification Service issues digital certificates free of charge to its community in both personal and server versions. The chart shows the trend in the number of digital certificates issued.

Download Chart

${stat.value}

${stat.label}

` ).join(''); } // Initialize chart createCertificatesChart(); updateStats(); // Add hover effects document.querySelector('.chart-card').addEventListener('mouseenter', function() { this.style.transform = 'translateY(-8px)'; }); document.querySelector('.chart-card').addEventListener('mouseleave', function() { this.style.transform = 'translateY(0)'; });

For more information about the services or to request activation

torna su

GARR

Eduroam

eduroam

Contacts

eduroam (Education Roaming)

The Italian eduroam Federation

Who can use eduroam?

How to Connect

Interested in Joining?

How to?

eduroam at a Glance

Access to Services

Forms

Map of Italian Hotspots

Map of Global Hotspots

FAQ

Support FAQs

User Support

Forgotten Password

I Need an eduroam Account

Device Configuration Guide

Institutional Support

SECURITY FAQs

Is eduroam Safe to Use?

Does eduroam Use a Web Portal for Authentication?

What Happens If a Web Page Requests My Username or Password?

I've Heard That, Under Certain Circumstances, My University Credentials Can Be Stolen by Attackers. What Is This About?

eduroam (education roaming) is a wireless access service developed for the international research and education community.

Italian eduroam federation

Peering with Non-Eduroam Federations

Who can access eduroam?

Identity and resource provider

Affiliated institutions

The service that allows users on the move to easily and securely access the wireless network

eduroam in a nutshell

How it works

Is it secure?

What are the benefits of eduroam for users?

Where can I use eduroam?

What about in Italy?

What are the benefits of eduroam for institutions?

Identity e Resource Provider [IDP e RP]

Who and How

Where and When

Also check

Administrative Procedures

All organizations connected to GARR can request to join the eduroam federation for free

Admission procedure

How to Join

What to do in case of a change in the eduroam Technical Contact

Acceptable Use Policy (AUP) and obligations of the participants

Service access

Obligations of Participants

eduroam configuration on Windows 7

eduroam configuration on Windows 10

eduroam configuration on Mac OS X

eduroam configuration on Linux

eduroam configuration on iphone

eduroam configuration on android

Network Operations Center - NOC

Network Operations Center NOC

Contacts

Other contacts

NOC (Network Operations Center)

Network management

Fault reporting

Trouble Ticket System

Other networks connections

Customized connectivity

Security

Documents

FAQs

FAQ

Chi può contattare il NOC ?

Come posso riportare un problema sulla rete?

Posso diventare un APM / essere inserito nella lista degli APM?

Vorrei attivare IPv6, cosa devo fare?

NOC Team

We manage the GARR network infrastructure to ensure its efficient operation

Network management

Network Operations Center
NOC

Network Information Center
NIC