AXIS M1034-W Network Camera
System Options
IEEE 802.1X
IEEE 802.1X is a standard for port-based Network Admissio n Control providing secure authentication of wired and wireless network
devices. IEEE 802.1X is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1X, devices must authenticate themselves. The authentication is performed by a
third-party entity called an authenti c ation server, typically a RADIUS server, examples of which are FreeRADIUS and Microsoft
Internet Authentication Service.
In Axis' im plementation, the network device and the authentication server authenticate themselves with the help of digital
certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security). The c ertificates are provided by an
Certification Authority (CA). You need:
•aCAcertificate to validate the identity of the authentication server
• a CA-signed client certificate and a private key to authenticate the network device.
To allow the network device to access a network protected by IEEE 802.1X:
1. Obtain a CA certificate, a client certificate and a client private key (contact your network administrator).
2. Go to Setup > System Options > Security > IEEE 802.1X and upload the CA certificate, the client certificate and the
client private k ey.
3. Under Settings, select the EAPOL version, provide your EAP id entity and private key password.
4. Check the box to enable IEEE 802.1X and click Save.
Certificates
CA Certificate The CA certificate is used to validate the identity of the authentication server. Enter the path to
the certificate directly, or locate the file using the Browse button. Then click U
pload.Toremove
acertificate, click Remove.
Client certificate
Client private key
The clie nt certificate and private key are used to authenticate the network device. They can be
uploaded as separate file s or in one combined file (e.g. a PFX file or a PEM file). Use the Client
private k ey field if uploading one combined file . For each file, enter the path to the file, or locate the
fi
le using the Browse button. Then click Upload.Toremoveafile, click Remove.
Settings
EAPOL version
SelecttheEAPOLversion(1or2)asusedinyournetworkswitch.
EAP identity
Enter the user identity (maximum 16 characters) associated with your certificate.
Private key password
Enter the password (maximum
16 characters) for the private key.
Enable IEEE 802.1X
Check the box to enable the IEEE 802.1X protocol.
Certificates
Certificates are used to authenticate devices on a network. Typical applications includ e e ncrypted web browsing (HTTPS), network
protection via IEEE 802.1X and secure upload of images and notification messages for example via email. Two types of certificates
can be
used with the Axis product:
S
erver/Client certificates - to authenticate the Axis product
CA certificates - to authenticate peer certificates, for example the certificate of an authentication server in case the Axis product is
connected to an IEEE 802.1X protected network.
Note
Installed certificates, except preinstalled CA certifi cates, will be deleted if the product is reset to factory default. Preinstalled
CA certificates that have been deleted will be reinstalled.
39