AMX MVP-7500/8400 EAP-TTLS Settings

Setup Pages

68 MVP-7500/8400 Modero Viewpoint Wireless Touch Panels

Refer to the EAP Authenticationsection on page 166 for further details on these security options.

Refer to the Using the Site Survey toolsection on page 22 for more information on using this feature.

EAP-TTLS Settings

TTLS (EAP Tunneled Transport Layer Security) is an authentication method that does not use a client certificate to

authenticate the panel. However. this method is more secure than PEAP because it does not broadcast the identity of the

user. Setup is similar to PEAP, but differs in the following areas:

An anonymous identity must be specified until the secure tunnel between the panel and the Radius server is

setup to transfer the real identity of the user.

There is no end-user ability to select from the different types of PEAP.

Additional Inner Authentication choices are available to the end-user.

EAP-TTLS security is designed for wireless environments where it is necessary to have the Radius server directly

validate the identity of the client (panel) before allowing it access to the network. This validation is done by tunneling a

connection through the WAP and directly between the panel and the Radius server. Once the client is identified and then

validated, the Radius server disconnects the tunnel and allows the panel to access the network directly via the target

WAP.

EAP-PEAP Settings (Cont.)

Inner Authentication Type: When pressed, this field cycles thr ough the choices of available Inner

Authentication mechanisms supported by the Devicescape Secure Wireless

Client. The most commonly used are: MSCHAPv2 and GTC.

• MSCHAPv2 (used with PEAPv0)

•TLS

•GTC (used with PEAPv1)

•OTP

• MD5-Challenge

Save/Cancel: •Save - store the new security information, apply changes, and return to the

previous page.

•Cancel - discard changes and return to the previous page.

EAP-TTLS Settings

SSID (Service Set Identifier): Opens an on-screen keyboard to enter the SSID name used on the target

WAP.

The SSID is a unique name used by the WAP, and is assigned to all panels

on that network. An SSID is required by the WAP before the panel is

permitted to join the network.

• The SSID is case sensitive and must not exceed 32 characters.

• Make sure this setting is the same for all points in your wireless network.

• NXA-WAP200Gs use AMX as their default SSID.

• With EAP security, the SSID of the WAP must be entered. If it is left blank,

the panel will try to connect to the first access point detected that supports

EAP. However, a successful connection is not guaranteed because the

detected WAP may be connected to a RADIUS server, which may not

support this EAP type and/or have the proper user identities configured.

Identity: Opens an on-screen keyboard. Enter an EAP Identity string (used by the

panel to identify itself to an Authentication (RADIUS) Server).

Note: This information is similar to a username used to login to a secured

server or workstation. This works in tandem with the Password string which is

similar to the password entered to gain access to a secured workstation.

Typically, this is in the form of a username such as: jdoe@amx.com.

Anonymous Identity: Opens an on-screen keyboard. Enter an IT provided alpha-numeric string

which (similar to the username) used as the identity, but that does not

represent a real user.

This information is used as a fictitious name which might be seen by sniffer

programs during the initial connection and setup process between the panel

and the Radius server. In this way the real identity (username) is protected.

Typically, this is in the form of a fictitious username such as:

anonymous@amx.com