Table of Contents
Advertisement
EAP-FAST
In the Wireless Security: Enterprise Mode popup window (FIG. 62), press the Security Type field to select EAP-FAST.
EAP-FAST (Flexible Authentication via Secure Tunneling) security was designed for wireless environments where security and ease
of setup are equally desirable. EAP-FAST uses a certificate file, however it can be configured to download the certificate
automatically the first time the panel attempts to authenticate itself. Automatic certificate downloading is convenient but slightly
less secure, since its the certificate is transferred wirelessly and could theoretically be "sniffed-out".
EAP-FAST
SSID:
Identity:
Anonymous Identity: Opens an on-screen keyboard to enter an IT provided alphanumeric string which (similar to the username) is used
Password:
Automatic PAC
Provisioning:
PAC File Location:
Auto Key Renewal:
Cancel/Save:
Refer to the EAP Authentication section on page 136 and the Using the Site Survey Tool section on page 30 for further details on
these security options.
EAP-PEAP
In the Wireless Security: Enterprise Mode popup window (FIG. 62), press the Security Type field to select EAP-PEAP.
PEAP (Protected Extensible Authentication Protocol) was developed as a way to securely transmit authentication information, such
as passwords, over a wireless network environment. PEAP uses only server-side public key certificates and therefore does not need
a client (panel) certificate which makes the configuration and setup easier.
There are two main versions of the PEAP protocol supported by panel's DeviceScape Wireless Client:
PEAPv0
PEAPv1
PEAP uses inner authentication mechanisms supported by the DeviceScape Wireless Client, the most common of which are:
MSCHAPv2 with PEAPv0
GTC with PEAPv1
MVP-5200i Modero® ViewPoint® Touch Panel with Intercom - Instruction Manual
Opens an on-screen keyboard to enter the SSID name used on the target AP.
The SSID is a unique name used by the AP, and is assigned to all panels on that network. An SSID is required by the
AP before the panel is
permitted to join the network.
• The SSID is case sensitive and must not exceed 32 characters.
• Make sure this setting is the same for all points in the wireless network.
• With EAP security, the SSID of the AP must be entered. If it is left blank, the panel will try to connect to the first
access point detected that supports EAP. However, a successful connection is not guaranteed because the
detected AP may be connected to a RADIUS server, which may not support this EAP type and/or have the proper
user identities configured.
Opens an on-screen keyboard to enter an EAP Identity string (used by the panel to identify itself to an
Authentication (RADIUS) Server).
Note: This information is similar to a username used to login to a secured server or workstation. This works in tandem
with the Password string which is similar to the password entered to gain access to a secured workstation. Typically,
this is in the form of a username such as: jdoe@amx.com.
as the identity, but that does not represent a real user.
This information is used as a fictitious name which might be seen by sniffer programs during the initial connection
and setup process between the panel and the Radius server. In this way the real identity (username) is protected.
Typically, this is in the form of a fictitious username, such as anonymous@amx.com
Opens an on-screen keyboard. Enter the network password string specified for the user entered within the Identity
field (used by the panel to identify itself to an Authentication (RADIUS) Server)
Note: This information is similar to the password entered to gain access to a secured workstation.
This selection toggles PAC (Protected Access Credential) Provisioning - Enabled (automatic) or Disabled (manual).
• If Enabled is selected, the following PAC File Location field is disabled, because the search for the PAC file is done
automatically.
• If Disabled is selected, the user is required to manually locate a file containing the PAC shared secret credentials
for use in authentication. In this case, the IT department must create a PAC file and then transfer it into the
panel using the AMX Certif icate Upload application.
Note: Even when automatic provisioning is enabled, the PAC certificate is only downloaded the f irst time that the
panel connects to the RADIUS server. This file is then saved into the panel's file system and is then reused from then
on. It is possible for the user to change a setting, such as a new Identity, that would invalidate this certif icate. In that
case, the panel must be forced to download a new PAC f ile. To do this, set Automatic PAC Provisioning to Disabled and
then back to Enabled. This forces the f irmware to delete the old f ile and request a new one.
This field is used when the previous Automatic PAC Provisioning option has been Disabled.
• When pressed, the panel displays an on-screen PAC File Location keyboard which allows you to enter the name of
the file containing the PAC shared secret credentials for use in authentication.
• This field is only valid when the automatic PAC provisioning feature has been enabled via the previous field.
Select between NEVER, 1 Day, 3 Days, 7 Days, 14 Days, and 30 Days.
• Cancel - discard changes and return to the previous page.
• Save - store the new security information, apply changes, and return to the previous page.
Protected Setup Pages
61
Advertisement
Table of Contents
