Protected Setup Pages
61
MVP-5200i Modero® ViewPoint® Touch Panel with Intercom - Instruction Manual
EAP-FAST
In the
Wireless Security: Enterprise Mode
popup window (FIG. 62), press the
Security Type
field to select
EAP-FAST
.
EAP-FAST (Flexible Authentication via Secure Tunneling) security was designed for wireless environments where security and ease
of setup are equally desirable. EAP-FAST uses a certificate file, however it can be configured to download the certificate
automatically the first time the panel attempts to authenticate itself. Automatic certificate downloading is convenient but slightly
less secure, since its the certificate is transferred wirelessly and could theoretically be “sniffed-out”.
Refer to the
EAP Authentication
section on page 136 and the
Using the Site Survey Tool
section on page 30 for further details on
these security options.
EAP-PEAP
In the
Wireless Security: Enterprise Mode
popup window (FIG. 62), press the
Security Type
field to select
EAP-PEAP
.
PEAP (Protected Extensible Authentication Protocol) was developed as a way to securely transmit authentication information, such
as passwords, over a wireless network environment. PEAP uses only server-side public key certificates and therefore does not need
a client (panel) certificate which makes the configuration and setup easier.
There are two main versions of the PEAP protocol supported by panel’s DeviceScape Wireless Client:
PEAPv0
PEAPv1
PEAP uses inner authentication mechanisms supported by the DeviceScape Wireless Client, the most common of which are:
MSCHAPv2 with PEAPv0
GTC with PEAPv1
EAP-FAST
SSID:
Opens an on-screen keyboard to enter the SSID name used on the target AP.
The SSID is a unique name used by the AP, and is assigned to all panels on that network. An SSID is required by the
AP before the panel is
permitted to join the network.
• The SSID is case sensitive and must not exceed 32 characters.
• Make sure this setting is the same for all points in the wireless network.
• With EAP security, the SSID of the AP
must
be entered. If it is left blank, the panel will try to connect to the first
access point detected that supports EAP. However, a successful connection is not guaranteed because the
detected AP may be connected to a RADIUS server, which may not support this EAP type and/or have the proper
user identities configured.
Identity:
Opens an on-screen keyboard to enter an EAP Identity string (used by the panel to identify itself to an
Authentication (RADIUS) Server).
Note: This information is similar to a username used to login to a secured server or workstation. This works in tandem
with the Password string which is similar to the password entered to gain access to a secured workstation. Typically,
this is in the form of a username such as: jdoe@amx.com.
Anonymous Identity: Opens an on-screen keyboard to enter an IT provided alphanumeric string which (similar to the username) is used
as the identity, but that does not represent a real user.
This information is used as a fictitious name which might be seen by sniffer programs during the initial connection
and setup process between the panel and the Radius server. In this way the real identity (username) is protected.
Typically, this is in the form of a fictitious username, such as anonymous@amx.com
Password:
Opens an on-screen keyboard. Enter the network password string specified for the user entered within the
Identity
field (used by the panel to identify itself to an Authentication (RADIUS) Server)
Note: This information is similar to the password entered to gain access to a secured workstation.
Automatic PAC
Provisioning:
This selection toggles PAC (Protected Access Credential) Provisioning -
Enabled
(automatic)
or
Disabled
(manual)
.
• If
Enabled
is selected, the following
PAC File Location
field is disabled, because the search for the PAC file is done
automatically.
• If
Disabled
is selected, the user is required to manually locate a file containing the PAC shared secret credentials
for use in authentication.
In this case, the IT department must create a PAC file and then transfer it into the
panel using the
AMX Certificate Upload
application.
Note: Even when automatic provisioning is enabled, the PAC certificate is only downloaded the first time that the
panel connects to the RADIUS server. This file is then saved into the panel's file system and is then reused from then
on. It is possible for the user to change a setting, such as a new Identity, that would invalidate this certificate. In that
case, the panel must be forced to download a new PAC file. To do this, set Automatic PAC Provisioning to Disabled and
then back to Enabled. This forces the firmware to delete the old file and request a new one.
PAC File Location:
This field is used when the previous Automatic PAC Provisioning option has been
Disabled
.
• When pressed, the panel displays an on-screen PAC File Location keyboard which allows you to enter the name of
the file containing the PAC shared secret credentials for use in authentication.
• This field is only valid when the automatic PAC provisioning feature has been enabled via the previous field.
Auto Key Renewal:
Select between NEVER, 1 Day, 3 Days, 7 Days, 14 Days, and 30 Days.
Cancel/Save:
• Cancel - discard changes and return to the previous page.
•
Save
- store the new security information, apply changes, and return to the previous page.
