• Cancel - discard changes and return to the previous page. Refer to the EAP Authentication section on page 166 and the Using the Site Survey tool section on page 23 for further details on these security options. 80 MVP-5200i Modero Viewpoint Widescreen Touch Panel Protected Setup Pages EAP-TLS Settings Press the EAP-TLS button to open the EAP-TLS Settings page (FIG. 72). FIG. 72 Wireless Settings page - EAP-TLS Settings TLS (Transport Layer Security) was the original standard wireless LAN EAP authentication protocol. TLS requires additional work during the deployment phase, but provides additional security since even a compromised password is not enough to break into an EAP-TLS protected wireless network environment. EAP-TLS security is designed for wireless environments where it is necessary to securely transmit data over a wireless network by adding an additional level of security protocol via the use of a private key. EAP-TLS Settings SSID (Service Set Identifier): Opens an on-screen keyboard for entering the SSID name used on the target WAP. The SSID is a unique name used by the WAP, and is assigned to all panels on that network. An SSID is required by the WAP before the panel is permitted to join the network. • The SSID is case sensitive and must not exceed 32 characters. • Make sure this setting is the same for all points in the wireless network. • NXA-WAP200Gs use AMX as their default SSID. • With EAP security, the SSID of the WAP must be entered. If it is left blank, the panel will try to connect to the first access point detected that supports EAP. However, a successful connection is not guaranteed because the detected WAP may be connected to a RADIUS server, which may not support this EAP type and/or have the proper user identities configured. Identity: Opens an on-screen keyboard for entering an EAP Identity string (used by the panel to identify itself to an Authentication (RADIUS) Server). Note: This information is similar to a username used to login to a secured server or workstation. This works in tandem with the Password string, which is similar to the password entered to gain access to a secured workstation. Typically, this is in the form of a username such as: jdoe@amx.com. MVP-5200i Modero Viewpoint Widescreen Touch Panel 81j Protected Setup Pages EAP-TLS Settings (Cont.) Certificate Authority: When pressed, the panel displays an on-screen Certificate Authority (CA) File Location keyboard, for entering the name of the certificate authority file which is used to validate the server certificate. This field is optional. If a server certificate is used, it should first be downloaded into the panel and the Certificate Authority field should then be set to the name of that certificate file. No file path should be used for this setting, as all certificates are stored in a specific directory that the user cannot control or change. • Use the on-screen keyboard's Clear button to completely erase any previously stored network path information. Client Certificate: Opens an on-screen keyboard for entering the name of the file containing the client (panel) certificate for use in certifying the identity of the client (panel). • Refer to the Client certificate configuration section on page 83 for information regarding Client Certificates and their parameters. Private Key: When pressed, the panel displays an on-screen Client Private Key File Location keyboard for entering the name of the file containing the private key. • Use the on-screen keyboard's Clear button to completely erase any previously stored network path information. Private Key password: This field should only be used if the Private Key is protected with a password. If no password protection is associated with the Private Key, then this field should be left blank. • When pressed, the panel displays an on-screen Private Key Password keyboard which allows you to enter an alpha-numeric password string. • Use the on-screen keyboard's Clear button to completely erase any previously stored network path information. Save/Cancel: • Save - store the new security information, apply changes, and return to the previous page. • Cancel - discard changes and return to the previous page. • Refer to the EAP Authentication section on page 166 for further details on these security options. • Refer to the Using the Site Survey tool section on page 23 for more information on using this feature. ^82 MVP-5200i Modero Viewpoint Widescreen Touch Panel Protected Setup Pages NOTE Client certificate configuration A client certificate can be configured by an IT department in several ways. The client certificate and private key can both be incorporated into one file or split into two separate files. In addition, the file format used by these files could be PEM, DER, or PKCS12. These formats are described later in this section. The following table describes how to fill in the fields for each possible case. Client Certificate Configuration ...