Eap-Peap - AMX MVP-9000i-GB Instruction Manual

EAP-FAST (Cont,)
Key Mgmt:
Automatic PAC
Provisioning:
PAC File Location:
Auto Key Renewal:
Cancel/Save:
Refer to the EAP Authentication section on page 146 and the Using the Wireless Site Survey Tool section on page 34 for further
details on these security options.

EAP-PEAP

From the Security Modes options, press the Enterprise button to open the Wireless Security: Enterprise Mode page. Scroll through
the Security Type options to select EAP-PEAP (FIG. 82).
Wireless Security: Enterprise Mode - EAP-PEAP
FIG. 82
PEAP (Protected Extensible Authentication Protocol) was developed as a way to securely transmit authentication information, such
as passwords, over a wireless network environment. PEAP uses only server-side public key certificates and therefore does not need
a client (panel) certificate which makes the configuration and setup easier.
There are two main versions of the PEAP protocol supported by panel's Devicescape Wireless Client:
PEAPv0

PEAPv1

PEAP uses inner authentication mechanisms supported by the Devicescape Wireless Client, the most common of which are:
MSCHAPv2 with PEAPv0

GTC with PEAPv1

EAP-PEAP security is designed for wireless environments where it is necessary to transmit data securely over a wireless network.
MVP-9000i - Instruction Manual
This button has 4 options:
• WPA-EAP: The default and most common setting for EAP authentication methods. Accepts WPA, WPA2 & TKIP,
or AES.
• 8021X: Used to specify IEEE 802.1x port authentication only.
• CCKM-WPA: Cisco key management option. Used with CCKM and WPA (TKIP encryption only) authentication.
• CCKM-WPA2: Cisco key management option. Used with CCKM and WPA2 (AES encryption only)
authentication.
Note: The Key Mgmt selection must match the security settings on the AP in order for the connection to be
successful.
This selection toggles PAC (Protected Access Credential) Provisioning - Enabled (automatic) or Disabled
(manual).
• If Enabled is selected, the following PAC File Location field is disabled, because the search for the PAC file is
done automatically.
• If Disabled is selected, the user is required to manually locate a file containing the PAC shared secret
credentials for use in authentication. In this case, the IT department must create a PAC file and then transfer
it into the panel using the AMX Certif icate Upload application.
Note: Even when automatic provisioning is enabled, the PAC certificate is only downloaded the f irst time that the
panel connects to the RADIUS server. This f ile is then saved into the panel's f ile system and is then reused from
then on. It is possible for the user to change a setting, such as a new Identity, that would invalidate this certif icate.
In that case, the panel must be forced to download a new PAC f ile. To do this, set Automatic PAC Provisioning to
Disabled and then back to Enabled. This forces the f irmware to delete the old f ile and request a new one.
This field is used when the previous Automatic PAC Provisioning option has been Disabled.
• When pressed, the panel displays an on-screen PAC File Location keyboard which allows you to enter the name
of the file containing the PAC shared secret credentials for use in authentication.
• This field is only valid when the automatic PAC provisioning feature has been enabled via the previous field.
• Select between NEVER, 1 Day, 3 Days, 7 Days, 14 Days, and 30 Days.
• Cancel - discard changes and return to the previous page.
• Save - store the new security information, apply changes, and return to the previous page.
Protected Setup Pages
67