Filter
Top Products
AXIS 225FD - System Options
27
A signed certificate can be obtained from an issuing Certificate Authority by clicking the Create Certificate
Request button. When the signed certificate is returned, click the Install signed certificate button to import the
certificate. The properties of any certificate request currently resident in the camera or installed can also be
viewed by clicking the Properties... button. The HTTPS Connection Policy must also be set in the drop-down
lists to enable HTTPS in the camera.
Please refer to the online help for more information.
Security - 802.1x
IEEE 802.1x is an IEEE standard for port-based Network Admission Control. It provides authentication to
devices attached to a network port (wired or wireless), establishing a point-to-point connection. If
authentication fails, access is prevented on the port. 802.1x is based on EAP (Extensible Authentication
Protocol).
In a 802.1x enabled network switch, clients equipped with the correct
software can be authenticated and
allowed or denied network access at the Ethernet level.
Clients and servers in an 802.1x network may need to authenticate each other
by some means. In the Axis
implementation this is done with the help of digital certificates provided by a Certification Authority. These are
then validated by a third-party entity, such as a RADIUS server, examples of which are Free Radius and
Microsoft Internet Authentication Service.
To perform the authentication, the RADIUS server uses various EAP methods/protocols, of
which there are
many. The one used in the Axis implementation is EAP-TLS (EAP-Transport Layer Security).
The AXIS network video device presents it
s certificate to the network switch, which in turn forwards this to the
RADIUS server. The RADIUS server validates or rejects the certificate and responds to the switch, and sends its
own certificate to the client for validation. The switch then allows or denies network access accordingly, on a
pre-configured port.
The authentication process
RADIUS
RADIUS (Remote Authentication Dial In User Service) is an AAA (Authentication, Authorization and
Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local
and roaming situations.
Protected network
Axis video device
Q: Certificate OK?
Certificate
Authority (CA)
3
1
2
4
A: OK
RADIUS
server
Network
switch
Q: Certificate OK?
A: OK
Certificate
Certificate
1. A CA server provides the required
signed certificates.
2. The Axis video device requests
access to the protected network at the
network switch. The switch forwards
the video device’s CA certificate to
the RADIUS server, which then
replies to the switch.
3. The switch forwards the RADIUS
server’s CA certificate to the video
device, which also replies to the
switch.
4. The switch keeps track of all
responses to the validation requests.
If all certificates are validated, the
Axis video device is allowed access
to the protected network via a
pre-configured port.