Eap-Fast - AMX MVP-5100 Operation/Reference Manual

EAP-FAST

In the Wireless Security: Enterprise Mode popup window (FIG. 53), press the Security Type field to select
EAP-FAST.
EAP-FAST (Flexible Authentication via Secure Tunneling) security was designed for wireless
environments where security and ease of setup are equally desirable. EAP-FAST uses a certificate file,
however it can be configured to download the certificate automatically the first time the panel attempts to
authenticate itself. Automatic certificate downloading is convenient but slightly less secure, since its the
certificate is transferred wirelessly and could theoretically be "sniffed-out".
EAP-FAST Settings
SSID:
Identity:
Anonymous Identity:
Password:
Automatic PAC
Provisioning:
MVP-5100/5150 5.2" Modero Viewpoint Touch Panels
Opens an on-screen keyboard to enter the SSID name used on the target AP.
The SSID is a unique name used by the AP, and is assigned to all panels on
that network. An SSID is required by the AP before the panel is permitted to
join the network.
• The SSID is case sensitive and must not exceed 32 characters.
• Make sure this setting is the same for all points in the wireless network.
• With EAP security, the SSID of the AP must be entered. If it is left blank, the
panel will try to connect to the first access point detected that supports
EAP. However, a successful connection is not guaranteed because the
detected AP may be connected to a RADIUS server, which may not
support this EAP type and/or have the proper user identities configured.
Opens an on-screen keyboard to enter an EAP Identity string (used by the
panel to identify itself to an Authentication (RADIUS) Server).
Note: This information is similar to a username used to login to a secured
server or workstation. This works in tandem with the Password string which is
similar to the password entered to gain access to a secured workstation.
Typically, this is in the form of a username such as: jdoe@amx.com.
Opens an on-screen keyboard to enter an IT provided alphanumeric string
which (similar to the username) is used as the identity, but that does not
represent a real user.
This information is used as a fictitious name which might be seen by sniffer
programs during the initial connection and setup process between the panel
and the Radius server. In this way the real identity (username) is protected.
Typically, this is in the form of a fictitious username, such as
anonymous@amx.com
Opens an on-screen keyboard. Enter the network password string specified
for the user entered within the Identity field (used by the panel to identify itself
to an Authentication (RADIUS) Server)
Note: This information is similar to the password entered to gain access to a
secured workstation.
This selection toggles PAC (Protected Access Credential) Provisioning -
Enabled (automatic) or Disabled (manual) .
• If Enabled is selected, the following PAC File Location field is disabled,
because the search for the PAC file is done automatically.
• If Disabled is selected, the user is required to manually locate a file
containing the PAC shared secret credentials for use in authentication. In
this case, the IT department must create a PAC file and then transfer it into
the panel using the AMX Certificate Upload application.
Note: Even when automatic provisioning is enabled, the PAC certificate is
only downloaded the first time that the panel connects to the RADIUS server.
This file is then saved into the panel's file system and is then reused from
then on. It is possible for the user to change a setting, such as a new Identity,
that would invalidate this certificate. In that case, the panel must be forced to
download a new PAC file. To do this, set Automatic PAC Provisioning to
Disabled and then back to Enabled. This forces the firmware to delete the old
file and request a new one.
Protected Setup Pages
69