Ever set up an Airport Express? Simple as fuck, right? How bout setting up an Airport Express to extend an existing network? utter shitshow, right? I'm not even sure they let you do it anymore. Take it from me - it takes about five hours of experimentation the first time, then pretty much every time you change something, expect to spend another couple hours. Wanna see how Eduroam does it? It's on the Wikipedia page: You can build a mesh network with Ubiquiti or Ruckus or whatever. You pay more. a Unifi is like $90 a node, compared to the $25 you pay for consumer shit. But it allows you to have everything working in concert - adjust the power, hand signals off from WAP to WAP and most importantly, put credentialing and access at one centralized location. On the other hand, when you open up your Comcast router it has a 2nd network built in, on the same frequencies, at the same power, as your own personal SSID. The only thing Comcast has control over is whether or not your credentials let you on. It matters a lot less when things are well-spaced but when they aren't, look out.The eduroam service uses IEEE 802.1X as the authentication method and a hierarchal system of RADIUS servers.[15] The hierarchy consists of RADIUS servers at the participating institutions, national RADIUS servers run by the National Roaming Operators and regional top-level RADIUS servers for individual world regions. When a user A from institution B in country C with two-letter country-code top-level domain xy visits institution P in country Q, A's mobile device presents his credentials to the RADIUS server of institution P. That RADIUS server discovers that it is not responsible for the Institution_B.xy realm and proxies the access request to the national RADIUS server of country Q. If C and Q are different countries, it is in turn proxied to the regional top-level RADIUS server, and then to the national RADIUS server of country C, which has a complete list of the participating eduroam institutions in that country. That national server forwards the credentials to the home institution B, where they are verified. The 'acknowledge' travels back over the proxy-hierarchy to the visited institution P and the user is granted access.