Appendix B - Wireless Technology

EAP Communication Overview

EAP Authentication goes a step beyond just encrypting data transfers, but also requires that a set of credentials be validated before the client (panel) is allowed to connect to the rest of the network (FIG. 93). Below is a description of this process. It is important to note that no user intervention is necessary during this process. It proceeds automatically based on the configuration parameters entered into the panel.

LAN

802.1x (EAP Over Wireless)

 

 

 

 

Authentication Server

 

Client - Panel

Authenticator

 

(RADIUS Server)

 

(Supplicant)

 

(Wireless Access Point)

 

 

 

 

 

FIG. 93 EAP security method in process

 

 

1.The client (panel) establishes a wireless connection with the WAP specified by the SSID.

2.The WAP opens up a tunnel between itself and the RADIUS server configured via the access point. This tunnel means that packets can flow between the panel and the RADIUS server but nowhere else. The network is protected until authentication of the client (panel) is complete and the ID of the client is verified.

3.The WAP (Authenticator) sends an "EAP-Request/Identity" message to the panel as soon as the wireless connection becomes active.

4.The panel then sends a "EAP-Response/Identity" message through the WAP to the RADIUS server providing its identity and specifying which EAP type it wants to use. If the server does not support the EAP type, then it sends a failure message back to the WAP which will then disconnect the panel. As an example, EAP-FAST is only supported by the Cisco server.

5.If the EAP type is supported, the server then sends a message back to the client (panel) indicating what information it needs. This can be as simple as a username (Identity) and password or as complex as multiple CA certificates.

6.The panel then responds with the requested information. If everything matches, and the panel provides the proper credentials, the RADIUS server then sends a success message to the access point instructing it to allow the panel to communicate with other devices on the network. At this point, the WAP completes the process for allowing LAN Access to the panel (possibly a restricted access based on attributes that came back from the RADIUS server).

As an example, the WAP might switch the panel to a particular VLAN or install a set of farewell rules.

Configuring Modero Firmware via the USB Port

The MVP-5200i needs to be configured to connect with a PC to transfer firmware via the mini-USB port. To configure the touch panel:

Step 1: Configure The Panel For a USB Connection Type

1.After completing the installation of the USB driver (for more information, refer to the Upgrading the Modero Firmware via the USB port section on page 40), confirm the proper installation of the large Type-A USB connector to the PC's USB port, and restart your computer.

2.After the panel powers up, hold the reset button to display the Setup Page (for more information, refer to the Accessing the Setup and Protected Setup Pages section on page 19 ) and open the Protected Setup page.

3.Press System Settings to open the System Settings page.

4.Toggle the blue Type field in the Master Connection section until the choice cycles to USB.

ALL fields are then greyed out and read-only. However, they still display any previous network information.

5.Press the Back button on the touch panel to return to the Protected Setup page.

MVP-7500/8400 Modero Viewpoint Wireless Touch Panels

167

 

 

Page 181
Image 181
AMX MVP-7500/8400 manual Configuring Modero Firmware via the USB Port, EAP Communication Overview