Wireless Settings Page - Security Options - Eap-Ttls - AMX NXT-CV10 Operation/Reference Manual

Firmware Pages and Descriptions
Wireless Security - EAP-PEAP (Cont.)
Certificate Authority:
PEAP Version:
Inner Authentication Type:
Save/Cancel:

Wireless Settings Page - Security Options - EAP-TTLS

EAP (Extensible Authentication Protocol) is a Enterprise authentication protocol that can be used in both a
wired and wireless network environment. EAP requires the use of an 802.1x Authentication Server, also
known as a Radius server. Most of the configuration fields described below take variable length strings as
inputs. Whenever these fields are selected, an on-screen keyboard appears which allows the string to then be
entered.
TTLS (EAP Tunneled Transport Layer Security) was an authentication method, like PEAP, that does not use a
client certificate to authenticate the panel. This method is more secure than PEAP in that it does not broadcast
the identity of the user. The setup, although similar to PEAP, differs in the following areas:



An EAP-TTLS security method is designed for wireless environments where its necessary to first have the
Radius server directly validate the identity of the client (panel) before allowing it access to the network. This
validation is done by tunneling a connection through the WAP and directly between the panel and the Radius
server. By initially keeping the network out of the picture, there is far more security validation going on behind
the scenes before any possible access to the network is granted to the client. Once the client is identified and
then validated, the Radius server disconnects the tunnel and allows the panel to access the network directly via
the target WAP. Refer to the EAP Authentication section on page 184 for further details on these security
options. Refer to the Using the Site Survey tool section on page 59 for more information on using this feature.
Pressing the EAP-TTLS button opens the EAP-TTLS Settings dialog (FIG. 112).
122
When pressed, the panel displays an on-screen Certificate Authority (CA)
File Location keyboard which allows you to enter the name of the certificate
authority file which is used to validate the server certificate.
This field is optional.
If a server certificate is used, it should first be downloaded into the panel and
the Certificate Authority field should then be set to the name of that certificate
file. No file path should be used for this setting as all certificates are stored in
a specific directory that the user cannot control or change.
• Use the on-screen keyboard's Clear button to completely erase any
previously stored network path information.
When pressed, this field cycles through the choices of available PEAP:
PEAPv0, PEAPv1, or PEAPv1 w/peaplabel=1.
When pressed, this field cycles through the choices of available Inner
Authentication mechanisms supported by the Devicescape Secure Wireless
Client. The most commonly used are: MSCHAPv2 and GTC.
• MSCHAPv2 (used with PEAPv0)
• TLS
• GTC (used with PEAPv1)
• OTP
• MD5-Challenge
• Use the Save button to store the new security information, incorporate it,
and then return to the previous Wireless Settings page.
• Use the Cancel button to cancel any updates to the security parameters
and return to the previous Wireless Settings page.
An anonymous identity MUST be specified until the secure tunnel between the panel and the
Radius server is setup to transfer the real identity of the user.
There is no end-user ability to select from the different types of PEAP.
Additional Inner Authentication choices are available to the end-user.
10" Modero Touch Panels