AMX Modero MVP-5200i User Manual

Protected Setup Pages

76

MVP-5200i Modero Viewpoint Widescreen Touch Panel

Refer to the EAP Authentication section on page 168 and the Using the Site Survey tool section on
page 27 for further details on these security options.

EAP-FAST Settings (Cont.)

Anonymous Identity:

Opens an on-screen keyboard to enter an IT provided alphanumeric string
which (similar to the username) is used as the identity, but that does not

represent a real user.
This information is used as a fictitious name which might be seen by sniffer
programs during the initial connection and setup process between the panel
and the Radius server. In this way the real identity (username) is protected.
Typically, this is in the form of a fictitious username, such as

[email protected]

Password:

Opens an on-screen keyboard. Enter the network password string specified
for the user entered within the Identity field (used by the panel to identify itself
to an Authentication (RADIUS) Server)
Note: This information is similar to the password entered to gain access to a
secured workstation.

Automatic PAC

Provisioning:

This selection toggles PAC (Protected Access Credential) Provisioning -
Enabled (automatic) or Disabled (manual).
• If Enabled is selected, the following PAC File Location field is disabled,

because the search for the PAC file is done automatically.

• If Disabled is selected, the user is required to manually locate a file

containing the PAC shared secret credentials for use in authentication. In
this case, the IT department must create a PAC file and then transfer it into
the panel using the AMX Certificate Upload application.

Note: Even when automatic provisioning is enabled, the PAC certificate is
only downloaded the first time that the panel connects to the RADIUS server.
This file is then saved into the panel's file system and is then reused from
then on. It is possible for the user to change a setting, such as a new Identity,
that would invalidate this certificate. In that case, the panel must be forced to
download a new PAC file. To do this, set Automatic PAC Provisioning to

Disabled and then back to Enabled. This forces the firmware to delete the old
file and request a new one.

PAC File Location:

This field is used when the previous Automatic PAC Provisioning option has
been Disabled.
• When pressed, the panel displays an on-screen PAC File Location

keyboard which allows you to enter the name of the file containing the PAC
shared secret credentials for use in authentication.

• This field is only valid when the automatic PAC provisioning feature has

been enabled via the previous field.

Save/Cancel:

• Save - store the new security information, apply changes, and return to the

previous page.

• Cancel - discard changes and return to the previous page.