AXISM3014NetworkCamera
SystemOptions
IEEE802.1X
IEEE802.1Xisastandardforport-basedNetworkAdmissionControlprovidingsecureauthenticationofwiredandwirelessnetwork
devices.IEEE802.1XisbasedonEAP(ExtensibleAuthenticationProtocol).
ToaccessanetworkprotectedbyIEEE802.1X,devicesmustauthenticatethemselves.Theauthenticationisperformedbya
third-partyentitycalledanauthenticationserver ,typicallyaRADIUSserver,examplesofwhichareFreeRADIUSandMicrosoft
InternetAuthenticationService.
InAxis'implementation,thenetworkdeviceandtheauthenticationserverauthenticatethemselveswiththehelpofdigital
certicatesusingEAP-TLS(ExtensibleAuthenticationProtocol-TransportLayerSecurity).Thecerticatesareprovidedbyan
CerticationAuthority(CA).Youneed:
aCAcerticatetovalidatetheidentityoftheauthenticationserver
aCA-signedclientcerticateandaprivatekeytoauthenticatethenetworkdevice.
ToallowthenetworkdevicetoaccessanetworkprotectedbyIEEE802.1X:
1.ObtainaCAcerticate,aclientcerticateandaclientprivatekey(contactyournetworkadministrator).
2.GotoSetup>SystemOptions>Security>IEEE802.1XanduploadtheCAcerticate,theclientcerticateandthe
clientprivatekey.
3.UnderSettings,selecttheEAPOLversion,provideyourEAPidentityandprivatekeypassword.
4.ChecktheboxtoenableIEEE802.1XandclickSave.
Certicates
CACerticateTheCAcerticateisusedtovalidatetheidentityoftheauthenticationserver.Enterthepathto
thecerticatedirectly,orlocatetheleusingtheBrowsebutton.ThenclickUpload.Toremove
acerticate,clickRemove.
Clientcerticate
Clientprivatekey
Theclientcerticateandprivatekeyareusedtoauthenticatethenetworkdevice.Theycanbe
uploadedasseparatelesorinonecombinedle(e.g.aPFXleoraPEMle).UsetheClient
privatekeyeldifuploadingonecombinedle.Foreachle,enterthepathtothele,orlocatethe
leusingtheBrowsebutton.ThenclickUpload.Toremoveale,clickRemove.
Settings
EAPOLversionSelecttheEAPOLversion(1or2)asusedinyournetworkswitch.
EAPidentityEntertheuseridentity(maximum16characters)associatedwithyourcerticate.
PrivatekeypasswordEnterthepassword(maximum16characters)fortheprivatekey.
EnableIEEE802.1XChecktheboxtoenabletheIEEE802.1Xprotocol.
Certicates
Certicatesareusedtoauthenticatedevicesonanetwork.Typicalapplicationsincludeencryptedwebbrowsing(HTTPS),network
protectionviaIEEE802.1Xandsecureuploadofimagesandnoticationmessagesforexampleviaemail.Twotypesofcerticates
canbeusedwiththeAxisproduct:
Server/Clientcerticates-ToauthenticatetheAxisproduct.
CAcerticates-Toauthenticatepeercerticates,forexamplethecerticateofanauthenticationserverincasetheAxisproductis
connectedtoanIEEE802.1Xprotectednetwork.
Note
Installedcerticates,exceptpreinstalledCAcerticates,willbedeletediftheproductisresettofactorydefault.Preinstalled
CAcerticatesthathavebeendeletedwillbereinstalled.
36