Appendix B: Wireless Technology
179
MVP-9000i 9" Modero® ViewPoint® Touch Panel with Intercom
EAP Communication Overview
EAP Authentication goes a step beyond just encrypting data transfers, but also requires that a set of credentials be
validated before the client (panel) is allowed to connect to the rest of the network (FIG. 130). Below is a description of
this process. It is important to note that no user intervention is necessary during this process. It proceeds automatically
based on the configuration parameters entered into the panel.
1. The client (panel) establishes a wireless connection with the AP specified by the SSID.
2. The AP opens up a tunnel between itself and the RADIUS server configured via the access point. This tunnel means
that packets can flow between the panel and the RADIUS server but nowhere else. The network is protected until
authentication of the client (panel) is complete and the ID of the client is verified.
3. The AP (Authenticator) sends an "EAP-Request/Identity" message to the panel as soon as the wireless connection
becomes active.
4. The panel then sends a "EAP-Response/Identity" message through the AP to the RADIUS server providing its
identity and specifying which EAP type it wants to use. If the server does not support the EAP type, then it sends a
failure message back to the AP which will then disconnect the panel. As an example, EAP-FAST is only supported
by the Cisco server.
5. If the EAP type is supported, the server then sends a message back to the client (panel) indicating what information
it needs. This can be as simple as a username (Identity) and password or as complex as multiple CA certificates.
6. The panel then responds with the requested information. If everything matches, and the panel provides the proper
credentials, the RADIUS server then sends a success message to the access point instructing it to allow the panel to
communicate with other devices on the network. At this point, the AP completes the process for allowing LAN
Access to the panel (possibly a restricted access based on attributes that came back from the RADIUS server).
As an example, the AP might switch the panel to a particular VLAN or install a set of farewell rules.
FIG. 130 EAP security method in process
Client - Panel
(Supplicant)
802.1x
(EAP Over Wireless)
Authenticator
(Wireless Access Point)
LAN
Authentication Server
(RADIUS Server)
To Next Page
Loading...
Need help?
General
