Axis Communications 243Q Blade user manual Authentication process, Radius

Page 40

AXIS 243Q Blade - System options 40

To perform the authentication, the RADIUS server uses various EAP methods/protocols. The one used in the Axis implementation is EAP-TLS (EAP-Transport Layer Security).

The AXIS network video device presents its certificate to the network switch, which in turn forwards this to the RADIUS server. The RADIUS server validates or rejects the certificate and responds to the switch, and sends its own certificate to the client for validation. The switch then allows or denies network access accordingly, on a preconfigured port.

The authentication process

Axis video device

Certificate

Q: Certificate OK?

A: OK

Network	Q: Certificate OK?
Network	A: OK
switch


				Certificate
				Authority (CA)


RADIUS
server					Certificate

Protected network

1.A CA server provides the required signed certificates.

2.The Axis video device requests access to the protected network at the network switch. The switch forwards the video device’s CA certificate to the RADIUS server, which then replies to the switch.

3.The switch forwards the RADIUS server’s CA certificate to the video device, which also replies to the switch.

4.The switch keeps track of all responses to the validation requests. If all certificates are validated, the Axis video device is allowed access to the protected network via a preconfigured port.

RADIUS

RADIUS (Remote Authentication Dial In User Service) is an AAA (Authentication, Authorization and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.

Image 40

Contents Axis 243Q Blade Video Server User’s Manual About This Document Page Contents Axis 243Q Blade Product description OverviewLED indicators Switches & connectorsAxis 243Q Blade Product description Accessing the video server Access from a browserLive View Setting the root passwordLayout Axis 243Q Blade Accessing the video server Video stream types Video streamsMotion Jpeg How to stream MPEG-4 MPEG-4 protocols and communication methodsAxis Media Control AMC Other methods of accessing the video streamRTP/RTSP/HTTP or RTP/RTSP/HTTPS Other MPEG-4 clients Configuring the video server Accessing the Setup linkVideo & Image Image settingsImage appearance Video stream Text overlay settingsTest Video source settings Advanced MPEG-4 settingsBit Rate control Overlay/Mask Settings Advanced Mjpeg settingsOverlay/Mask Overlay image limitations Overlay image requirementsImage Formats Image Size Live View Config Default Video FormatDefault Viewer Viewer SettingsAction Buttons User-defined LinksCheck Show custom link Output ButtonsAuthentication key Installing PTZ devicesPan Tilt Zoom PTZ configuration Preset positionsPTZ controls PTZ control modes Using CGI links to control PTZ devicesControl panel Guard tour AdvancedPTZ control queue Using PTZ on video inputs Event servers Event configurationEvent types How to set up a triggered event Triggered EventClick Add triggered... on the Event Types Enter the minimum time interval between triggersScheduled event How to set up a scheduled eventClick Add scheduled... on the Event Types Camera tampering Click Motion Detection in the Event Config menu How to configure Motion DetectionMotion detection Port status Object SizeSystem options SecurityUsers IP Address FilterHttps IeeeAuthentication process RadiusDate & time Axis 243Q Blade System options CA serversBasic TCP/IP settings IPv4 and IPv6 Address ConfigurationServices NetworkDNS configuration Host Name ConfigurationNAT traversal port mapping for IPv4 Link-Local IPv4 addressNetwork traffic QoS Settings QoS Quality of serviceSmtp email Bonjour UPnPPorts & devices Maintenance SupportSupport Overview System OverviewAccess Log The Access Log may be used for various purposes AboutResetting to the factory default settings Terminal connector Pin Function DescriptionRS-485-A Non-invertingSchematic diagram I/O terminal connector Axis 243Q Blade10o 11oRS-485 COM port Checking the firmware TroubleshootingUpgrading the firmware Emergency recovery procedure Axis 243Q Blade cannot be accessed from a web browser Alarms, to a destination outside the local networkServer is inaccessible Video Image ProblemsSnapshot images Only I framesTechnical specifications NTSC/PALMaintenance Weight General performance considerations Optimizing your systemBandwidth Glossary Axis 243Q Blade GlossaryCompression See Image compression De-interlacing See InterlacingEncoder See Video encoder Fixed iris See AutoirisAn IP address consists of four groups or quads Megapixel See Pixel Axis 243Q Blade Glossary SSL/TSL An I-VOP is a complete image frame Factory default settings 49 firmware Live view configIndex Generic Http Generic TCP/IPLive View Video source Video streams 12, 14, 18 Viewer settings