Honeywell Vx9 Manual
Have a look at the manual Honeywell Vx9 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 178 Honeywell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
6 - 47 Logon Options There are two options available, a single signon which uses the Windows username and password as the credentials for 802.1x authentication and pre-logon which used saved credentials for 802.1x authentication before Windows logon. If either option is enabled, the credentials entered here take precedence over any credentials entered on the Profile tab. To use either option, select Logon Options on the Profile tab. The Logon Options button is displayed. Click the Login Options button. Single Signon To use the Single Signon option, select the checkbox for Use the Windows username and password when available. When the active profile is using LEAP, PEAP-MSCHAP, PEAP-GTC or EAP-FAST, the SCU ignores the username and password, if any, saved in the profile. Instead, the username and password used for Windows logon is used. Any certificates needed for authentication must still be specified in the profile. Click OK then click Commit. Pre-Logon Connection To use the Pre-logon connection, select the checkbox for Enable pre-logon connection. This option is designed to be used when: EAP authentication is required for a WLAN connection Single Signon is configured, so the Windows username and password are used as credentials for EAP authentication The WLAN connection needs to be established before the Windows login. Once this option is enabled, the Authentication delay and Association timeout values can be adjusted as nec- essary. Both values are specified in milliseconds (ms). The default authentication delay is 5000 ms and the valid range is 0 - 600,000 ms. The default association timeout is 10,000 ms and the valid range is 10,000 to 600,000 ms. Click on the Credentials button to enter the logon credentials.
6 - 48 If using the Windows certificate store: Check the Use MS store checkbox. The default is to use the Full Trusted Store. To select an individual certificate, click on the Browse button. Uncheck the Use full trusted store checkbox. Select the desired certificate and click Select. You are returned to the Credentials screen. If using the Certs Path option: Leave the Use MS store box unchecked. Enter the certificate filename in the CA Cert textbox. Click OK then click Commit. Sign-On vs. Stored Credentials When using wireless security that requires a user name and password to be entered, the Summit Client Utility offers these choices: The Username and Password may be entered on the Credentials screen. If this method is selected, anyone using the device can access the network. The Username and Password are left blank on the Credentials screen. When the device attempts to connect to the network, a sign on screen is displayed. The user must enter the Username and Password at that time to authenticate. When using Summit with the Thor VX9, there is an option on the Global tab to use the Windows user name and password to log on instead of any username and password stored in the profile. Use Stored Credentials 1. After completing the other entries in the profile, click on the Credentials button. 2. Enter the Username and Password on the Credentials screen and click the OK button. 3. Click the Commit button. 4. For LEAP and WPA/LEAP, configuration is complete. 5. For PEAP-MSCHAP and PEAP-GTC, importing the CA certificate into the Windows certificate store is optional. 6. For EAP-TLS, import the CA certificate into the Windows certificate store. Also import the User Certificate into the Windows certificate store. 7. Access the Credentials screen again. Make sure the Validate server and Use MS store checkboxes are checked. 8. The default is to use the entire certificate store for the CA certificate. Alternatively, use the Browse button next to the CA Cert (CA Certificate Filename) on the Credentials screen to select an individual certificate. 9. For EAP-TLS, also enter the User Cert (User Certificate filename) on the credentials screen by using the Browse button. Windows 7 Professional only: Credentials login and password entry window: When the Thor VX9 attempts to connect to the network, click the flashing icon in the Notification bar to display the login screen. Enter user name and password and click OK to close the window. This procedure will need to be followed each time the Thor VX9 returns from, for example: sleep, hibernate, change in profiles, and when invalid credentials have been entered.
6 - 49 10. If using EAP FAST and manual PAC provisioning, input the PAC filename and password.. 11. Click the OK button then the Commit button. 12. If changes are made to the stored credentials, click Commit to save those changes before making any additional changes to the profile or global parameters. 13. Verify the device is authenticated by reviewing the Status tab. When the device is property configured, the Status tab indicates the device is Authenticated and the method used. Note: See Configuring the Profile (page 6-51) for more details. Note: If invalid credentials are entered into the stored credentials, the authentication will fail. No error message is displayed. The user may or may not be prompted to enter valid credentials. Use Sign On Screen 1. After completing the other entries in the profile, click on the Credentials button. Leave the Username and Pass- word blank. No entries are necessary on the Credentials screen for LEAP or LEAP/WPA. 2. For PEAP-MSCHAP and PEAP-GTC, importing the CA certificate into the Windows certificate store is optional. 3. For EAP-TLS, import the CA certificate into the Windows certificate store. Also import the User Certificate into the Windows certificate store. 4. Access the Credentials screen again. Make sure the Validate server and Use MS store checkboxes are checked. 5. The default is to use the entire certificate store for the CA certificate. Alternatively, use the Browse button next to the CA Cert (CA Certificate Filename) on the Credentials screen to select an individual certificate. 6. For EAP-TLS, also enter the User Cert (User Certificate filename) on the credentials screen by using the Browse button. 7. Click the OK button then the Commit button. 8. When the device attempts to connect to the network, a sign-on screen is displayed. 9. Enter the Username and Password. Click the OK button. 10. Verify the device is authenticated by reviewing the Status tab. When the device is property configured, the Status Tab indicates the device is Authenticated and the method used. 11. The sign-on screen is displayed after a reboot. Note: See Configuring the Profile (page 6-51) for more details. If a user enters invalid credentials and clicks OK, the device associates but does not authenticate. The user is again prompted to enter credentials. If the user clicks the Cancel button, the device does not associate. The user is not prompted again for credentials until: the device is rebooted, the radio is disabled then enabled, the Reconnect button on the Diags Tab is clicked or the profile is modified and the Commit button is clicked. Use Windows Username and Password Please see Logon Options (page 6-47) for information.
6 - 50 Windows Certificate Store vs. Certs Path Note: It is important that all dates are correct on the Thor VX9 and host computers when using any type of certificate. Certificates are date sensitive and if the date is not correct authentication will fail. User Certificates EAP-TLS authentication requires a user certificate. The user certificate must be stored in the Windows certificate store. To generate the user certificate, see Generate a User Certificate (page 6-68). To import the user certificate into the Windows certificate store, see Install a User Certificate (page 6-70). A Root CA certificate is also needed. Refer to the section below. Root CA Certificates Root CA certificates are required for EAP/TLS, PEAP/GTC and PEAP/MSCHAP. Two options are offered for storing these certificates. They may be imported into the Windows certificate store or copied into the Certs Path directory. Use the Certs Path 1. See Generate a Root CA Certificate (page 6-64) and follow the instructions to download the Root Certificate to a PC. 2. Copy the certificate to specified directory on the mobile device. The default location for Certs Path is C:\Program Files\Summit\certs. A different location may be specified by using the Certs Path global variable. 3. When completing the Credentials screen for the desired authentication, do not check the Use MS store checkbox after checking the Validate server checkbox. 4. Enter the certificate name in the CA Cert textbox. 5. Click OK to exit the Credentials screen and then Commit to save the profile changes. Use Windows Certificate Store 1. See Generate a Root CA Certificate (page 6-64)and follow the instructions to download the Root Certificate to a PC. 2. To import the certificate into the Windows store, See Install a Root CA Certificate (page 6-66). 3. When completing the Credentials screen for the desired authentication, be sure to check the Use MS store check- box after checking the Validate server checkbox. 4. The default is to use all certificates in the store. If this is OK, skip to the last step. 5. Otherwise, to select a specific certificate click on the Browse (…) button. If using the Windows Certificate Store, the Windows Account must have a password. The password cannot be left blank. The Summit Client Utility uses the Windows user account credentials to access the Certificate Store. The Windows user account credentials need not be the same as the wireless credentials entered in the Summit Client Utility. !
6 - 51 6. Uncheck the Use full trusted store checkbox. 7. Select the desired certificate and click the Select button to return the selected certificate to the CA Cert textbox. 8. Click OK to exit the Credentials screen and then Commit to save the profile changes. Configuring the Profile Use the instructions in this section to complete the entries on the Profile tab according to the type of wireless security used by your network. The instructions that follow are the minimum required to successfully connect to a network. Your system may require more parameters than are listed in these instructions. Please see your system administrator for complete infor- mation about your network and its wireless security requirements. To begin the configuration process: On the Main Tab, click the Admin Login button and enter the password. Unless you need to create multiple profiles, edit the default profile with the parameters for your network. Select the Default profile from the pull down menu. Make any desired parameter changes as described in the applicable following section determined by network security type and click the Commit button to save the changes. IMPORTANT – Remember to click the Commit button after making changes to ensure the changes are saved. Many ver- sions of the SCU display a reminder if the Commit button is not clicked before an attempt is made to close or browse away from the tab in focus if there are unsaved changes. If changes are made to the stored credentials, click Commit to save those changes first before making any additional changes. No Security To connect to a wireless network with no security, make sure the following profile options are used. Enter the SSID of the Access Point assigned to this profile EAP Type to None Encryption to None Auth Type to Open Once configured, click the Commit button. Ensure the correct Active Profile is selected on the Main tab and restart. The SCU Main tab shows the device is asso- ciated after the radio connects to the network.
6 - 52 WEP To connect using WEP, make sure the following profile options are used. Enter the SSID of the Access Point assigned to this profile EAP Type to None Encryption to WEP or Manual WEP (depending on SCU version) Auth Type to Open Click the WEP keys/PSKs button. Valid keys are 10 hexadecimal or 5 ASCII characters (for 40-bit encryption) or 26 hexadecimal or 13 ASCII characters (for 128-bit encryption). Enter the key(s) and click OK. Once configured, click the Commit button. Ensure the correct Active Profile is selected on the Main tab and restart. The SCU Main tab shows the device is asso- ciated after the radio connects to the network.
6 - 53 LEAP To use LEAP (without WPA), make sure the following profile options are used. Enter the SSID of the Access Point assigned to this profile EAP Type to LEAP Encryption to WEP EAP or Auto WEP (depending on SCU version) Auth Type as follows: If the Cisco/CCX certified AP is configured for open authentication, set the Auth Type radio parameter to Open. If the AP is configured to use shared key or passphrase, set the Auth Type radio parameter to Shared. If the AP is configured for network EAP only, set the Auth Type radio parameter to LEAP. See Sign-On vs. Stored Credentials (page 6-48) for information on entering credentials. To use Stored Credentials, click on the Credentials button. No entries are necessary for Sign-On Credentials as the user will be prompted for the Username and Password when connecting to the network. Enter the Domain\Username (if the Domain is required), otherwise enter the Username. Enter the password. Click OK then click the Commit button. Ensure the correct Active Profile is selected on the Main tab and restart. The SCU Main tab shows the device is asso- ciated after the radio connects to the network.
6 - 54 PEAP/MSCHAP To use PEAP/MSCHAP, make sure the following profile options are used. Enter the SSID of the Access Point assigned to this profile EAP Type to PEAP-MSCHAP Encryption to WPA TKIP Auth Type to Open To use another encryption type, select WPA CCKM, WPA2 AES or WPA2 CCKM for encryption and complete other entries as detailed in this section. See Sign-On vs. Stored Credentials (page 6-48) for information on entering credentials. Click the Credentials button. No entries except the CA Certificate Filename are necessary for Sign-On Credentials as the user will be prompted for the User Name and Password when connecting to the network. For Stored Credentials, User, Password and the CA Certificate Filename must be entered. Enter these items as directed below. Enter the Domain\Username (if the Domain is required), otherwise enter the Username. Enter the password. Leave the CA Certificate File Name blank for now. Click OK then click Commit. Ensure the correct Active profile is selected on the Main Tab. See Windows Certificate Store vs. Certs Path (page 6-50) for more information on certificate storage. Once successfully authenticated, import the CA certificate into the Windows certificate store. Return to the Credentials screen and check the Validate server checkbox.
6 - 55 If using the Windows certificate store: Check the Use MS store checkbox. The default is to use the Full Trusted Store. To select an individual certificate, click on the Browse button. Uncheck the Use full trusted store checkbox. Select the desired certificate and click Select. You are returned to the Credentials screen. If using the Certs Path option: Use MS store box unchecked. Enter the certificate filename in the CA Cert textbox. Click OK then click Commit. The device should be authenticating the server certificate and using PEAP/MSCHAP for the user authentication. Ensure the correct Active Profile is selected on the Main tab and restart. The SCU Main tab shows the device is asso- ciated after the radio connects to the network. Note: The date must be properly set on the device to authenticate a certificate.
6 - 56 PEAP/GTC To use PEAP/GTC, make sure the following profile options are used. Enter the SSID of the Access Point assigned to this profile EAP Type to PEAP-GTC Encryption to WPA TKIP Auth Type to Open To use another encryption type, select WPA CCKM, WPA2 AES or WPA2 CCKM for encryption and complete other entries as detailed in this section. See Sign-On vs. Stored Credentials (page 6-48) for information on entering credentials. Click the Credentials button. No entries except the CA Certificate Filename are necessary for Sign-On Credentials as the user will be prompted for the User Name and Password when connecting to the network. Enter these items as directed below. Enter the Domain\Username (if the Domain is required), otherwise enter the Username. Enter the password. Leave the CA Certificate File Name blank for now. Click OK then click Commit. Ensure the correct Active Profile is selected on the Main Tab. See Windows Certificate Store vs. Certs Path (page 6-50) for more information on certificate storage. Once successfully authenticated, import the CA certificate into the Windows certificate store. Return to the Credentials screen and check the Validate server checkbox. Note: Some servers may be configured to allow only a single use of the password for PEAP/GTC. In this case, wait for the token to update with a new password before attempting to validate the server. Then enter the new password, check the Validate Server checkbox and proceed with the certificate process below.