Configure EAP for Selected Site

Extensible Authentication Protocol (EAP) is a secure means of transferring data from one computer to another - in this case, to devices. EAP is configured on a site-wide basis. For more information, see Using EAP with VoiceConsole.

Honeywell offers three association types, which determine at what level credentials are required. The EAP configuration wizard guides the process.

Association Type Definition
Site Based There is a single username and password or certificate for all operators and devices at a given site. This option is the closest to what existed in previous versions of VoiceConsole.
Device Based Each device has its own username and password or certificate. In this configuration, operators don't need to be involved in the authentication process, because all authentication is between the device and the authentication server.
Operator Based Each operator must log onto VoiceConsole to enter a username and password and, optionally, a Personal Identification Number. The operator must enter the PIN (if PINs have been enabled for the site) on the device before they can connect to the full network.

Configure Behavior (Page 1 of 4)

  1. Under the Administration tab, click Sites.
  2. In the View Sites list, select the site that you want to configure.
  3. Under Site Actions, select Configure EAP for selected site.
    The Configure Behavior page opens.
  4. In the EAP Type section, select one of the EAP types.
  5. In the Association section, select one of the association types.
    Either Password or Certificate is selected automatically in the Type section depending on what EAP type you selected.

    If Certificate is selected, Honeywell strongly recommends using PEM or base 64 formatted certificates.

  6. Specify whether you want to use PINs (Personal Identification Numbers) in addition to a username and password. This is recommended if you are setting up an operator-based configuration to provide an added level of security.
  7. Specify whether the devices should log off of the EAP-enabled network when the device is placed in the charger.
  8. Click Next.
    The Configure LDAP page opens.

Configure LDAP (Page 2 of 4)

  1. In the Enable LDAP section, select whether to enable LDAP. If you select No, click Next and proceed to the Configure Credentials section below. If you select Yes, proceed to the next step.

    If you selected Operator Based in Step 3, LDAP settings are required.

  2. If you want to use an LDAP configuration that already exists, select it in the LDAP Configuration drop-down list, and proceed to the Configure Credentials section below. Otherwise, select Create New Configuration in the LDAP Configuration drop-down list and proceed to the next step.
  3. If you want to use SSL (Secure Socket Layers) for your LDAP connection, enable the Use SSL check box and:
    1. Click the View Trusted Certificates action in the Navigation bar.
    2. In the Configure EAP: Trust dialog box, browse for and select the new certificate for the directory server.
    3. Click Add Certificate.

    This step in configuring EAP involves importing the certificate of the Directory Server or the certificate of the Certificate Authority that issued it into the list of trusted certificates for VoiceConsole.

  4. Enter the hostname of the machine on which the Directory Server is running.

    5. Note that this field is case-sensitive.

  5. Enter the port on which the Directory Server is listening
  6. Specify the search username and password that VoiceConsole should use when attempting to find the distinguished name of a user.
  7. Enter the search base (where to look) and searchable attribute (what to look for) on the Directory Server.
  8. Enter the password attribute that VoiceConsole modifies when changing the password of a user in the Directory Service.
  9. You can test the Directory Server that you entered by entering the test user name and clicking the Test Directory Server Connection Information button. This information is not required.
  10. Click Next.
    The Configure Credentials page opens.

VoiceConsole applies a sixty-second timeout between a Lightweight Directory Access Protocol (LDAP) log in and any multifactor acknowledgment that follows.

Configure Credentials (Page 4 of 4)

  1. Change the server credentials by selecting a different certificate, if desired.

    You may choose to not use a certificate, but Honeywell strongly recommends that you do use one for added security.

    If you are using a PEM certificate, both a certificate and a key are required.

  2. Specify whether to use the same EAP type and SSID for the restricted user as entered in the Configure LDAP page. If you do not want to use the same EAP type and SSID, enter the EAP type and SSID for the restricted user. If you want the restricted user to have only access to a portion of the network, this is where you would enter that information.
  3. Enter information for the users.
  4. Click Next.
    The Summary page opens.
  5. Review the summary of the selections that you made in the previous three steps. If the information is correct, click Done.

Summary (Page 4 of 4)

The summary page recaps the choices made on the earlier pages.

Select Done to save the configuration.