Axis Communications A1001 user manual Ieee, Certificates

Page 42

AXIS A1001 Network Door Controller & AXIS Entry Manager

System Options

To access the Axis product via the desired protocol, enter https:// or http:// in the address field in a browser.

The HTTPS port can be changed on the System Options > Network > TCP/IP > Advanced page.

IEEE 802.1X

IEEE 802.1X is a standard for port-based Network Admission Control providing secure authentication of wired and wireless network devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol).

To access a network protected by IEEE 802.1X, devices must be authenticated. The authentication is performed by an authentication server, typically a RADIUS server, examples of which are FreeRADIUS and Microsoft Internet Authentication Service.

In Axis implementation, the Axis product and the authentication server identify themselves with digital certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security). The certificates are provided by a Certification Authority (CA). You need:

a CA certificate to authenticate the authentication server.

a CA-signed client certificate to authenticate the Axis product.

To create and install certificates, go to Setup > Additional Controller Configuration > System Options > Security > Certificates . See Certificates on page 42. Many CA certificates are preinstalled.

To allow the product to access a network protected by IEEE 802.1X:

1.Go to Setup > Additional Controller Configuration > System Options > Security > IEEE 802.1X.

2.Select a CA Certificate and a Client Certificate from the lists of installed certificates.

3.Under Settings, select the EAPOL version and provide the EAP identity associated with the client certificate.

4.Check the box to enable IEEE 802.1X and click Save.

Note

For authentication to work properly, the date and time settings in the Axis product should be synchronized with an NTP server. See Date & Time on page 43.

Certificates

Certificates are used to authenticate devices on a network. Typical applications include encrypted web browsing (HTTPS), network protection via IEEE 802.1X and secure upload of images and notification messages for example via email. Two types of certificates can be used with the Axis product:

Server/Client certificates - To authenticate the Axis product.

CA certificates - To authenticate peer certificates, for example the certificate of an authentication server in case the Axis product is connected to an IEEE 802.1X protected network.

Note

Installed certificates, except preinstalled CA certificates, will be deleted if the product is reset to factory default. Preinstalled CA certificates that have been deleted will be reinstalled.

A Server/Client certificate can be self-signed or issued by a Certificate Authority (CA). A self-signed certificate offers limited protection and can be used before a CA-issued certificate has been obtained.

To install a self-signed certificate:

1.Go to Setup > Additional Controller Configuration > System Options > Security > Certificates .

2.Click Create self-signed certificate and provide the requested information.

To create and install a CA-signed certificate:

42

Page 41 Page 43
Image 42
Page 41 Page 43
Contents Axis A1001 Network Door Controller & Axis Entry Manager Intellectual Property Rights Equipment Modifications About this DocumentLiability Trademark AcknowledgmentsSupport Learn MoreAxis A1001 Network Door Controller & Axis Entry Manager Hardware Overview Front and backExternal power inputs Power outputsInterface LED Indicators LED indicators, buttons and other hardwareColor Indication For technical specifications, see Connectors and ButtonsExternal Power Inputs Power ConnectorPower Outputs Buttons and Other HardwareSet the Root Password Access from a BrowserAccess from the Internet Start a browser Chrome, Internet Explorer, Firefox, SafariOverview Configuration Step by Step Select a LanguageExport a Hardware Configuration File Configure the HardwareImport a Hardware Configuration File To import a hardware configuration fileTo create a new hardware configuration from the beginning Create a New Hardware ConfigurationConfigure Locks and Door Monitors Motorized locks must be configured as secondary locksLock Options Reader and REX Device Options Configure Readers and REX DevicesUse Supervised Inputs Following reader options are availableVerify the Hardware Connections Set the Date and TimeVerification Controls Configure the Network Settings Set the Date and Time ManuallyGet the Date and Time from the Computer To enable card formats Configure Card FormatsBasic TCP/IP Settings Go to Setup Configure Card FormatsCard Format Descriptions Field MapsConnected Door Controllers in the System Manage Network Door ControllersDoor Controller System Status Connected Door Controllers ListClick Reset hardware configuration IP address MAC addressRemove Door Controllers from the System Maintenance Instructions Access Management About UsersChoose a Workflow Create and Edit Access Schedules Access Schedule TypesAdd Schedule Items Manage Doors Go to Access Management Groups tab, click Add new groupCreate and Edit Groups Group CredentialsIdentification Types Add Scheduled Unlock StatesClick Add scheduled unlock Use Manual Door Actions Go to Access ManagementCreate and Edit Users Manual Door ActionsFollowing credentials are available for users User CredentialsImport Users First name required Last nameExample Access Schedule Combinations Export UsersCreate a Subtraction schedule called Nights & weekends View the Event Log View the Alarm LogConfigure the Event and Alarm Logs Event Log FiltersSet Up Action Rules Alarm Log OptionsEvent Log Options Triggers Access PointConfiguration Go to Events Action Rules and click AddDoor HardwareActions Add RecipientsRecipient Types Set Up Email RecipientsCreate Schedules Following recipients are available Event Wiegand Set Up Recurrences Reader Feedback Beeper pattern State Dual LED Single LEDClick View and print View, Print, and Export ReportsReport Types Click Print selected columnsUsers To enable Https on the Axis productSecurity IP Address FilterTo allow the product to access a network protected by Ieee IeeeCertificates Network Click Install certificate and upload the certificateDate & Time Create a self-signed certificate as described aboveLinux/Unix syntax Assign IP Address Using ARP/PingARP/Ping Linux/Unix exampleDNS Configuration Advanced TCP/IP SettingsAxis Internet Dynamic DNS Service NTP ConfigurationHost Name Configuration Link-Local IPv4 AddressQoS Quality of Service Information, see the online helpMaintenance Ports & DevicesSystem Overview SupportSupport Overview Logs & ReportsScripting Reset to Factory Default SettingsAdvanced File UploadFirmware To upgrade the product’s firmware Upgrade the FirmwareEmergency Recovery Procedure UNIX/Linux, type the following from the command lineProduct cannot be accessed from a browser Symptoms, Possible Causes and Remedial ActionsProblems setting the IP address Product is accessible locally but not externallyStatus and Network indicator LEDs are flashing red rapidly Hardware failureAxis A1001 Network Door Controller Connectors Function/group Specifications General CasingPower WeightAxis Entry Manager Connectors Function Pin Specifications Reader Data ConnectorReader I/O Connector Function PinDoor Connector Auxiliary ConnectorPower Connector Power & Relay Connector Network ConnectorPower Lock Connector Tampering Alarm Pin HeaderConnection Diagrams Back tampering alarmSupervised Inputs M5.7
Related manuals
Manual 20 pages 40.35 Kb
Top Page Image Contents