EasyManua.ls Logo

Axis M1137 - Page 28

Axis M1137
51 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
AXISM11Series
Thedeviceinterface
Important
Ifyouresetthedevicetofactorydefault,allcerticatesaredeleted.Anypre-installedCAcerticatesarereinstalled.
Filterthecerticatesinthelist.
Addcerticate:Clicktoaddacerticate.
Thecontextmenucontains:
Certicateinformation:Viewaninstalledcerticate’sproperties.
Deletecerticate:Deletethecerticate.
Createcerticatesigningrequest:Createacerticatesigningrequesttosendtoaregistrationauthoritytoapply
foradigitalidentitycerticate.
IEEE802.1x
IEEE802.1xisanIEEEstandardforport-basednetworkadmissioncontrolprovidingsecureauthenticationofwiredandwireless
networkdevices.IEEE802.1xisbasedonEAP(ExtensibleAuthenticationProtocol).
ToaccessanetworkprotectedbyIEEE802.1x,networkdevicesmustauthenticatethemselves.Theauthenticationisperformedby
anauthenticationserver,typicallyaRADIUSserver(forexampleFreeRADIUSandMicrosoftInternetAuthenticationServer).
Certicates
WhenconguredwithoutaCAcerticate,servercerticatevalidationisdisabledandthedevicetriestoauthenticateitself
regardlessofwhatnetworkitisconnectedto.
Whenusingacerticate,inAxis'implementation,thedeviceandtheauthenticationserverauthenticatethemselveswithdigital
certicatesusingEAP-TLS(ExtensibleAuthenticationProtocol-TransportLayerSecurity).
Toallowthedevicetoaccessanetworkprotectedthroughcerticates,asignedclientcerticatemustbeinstalledonthedevice.
Clientcerticate:SelectaclientcerticatetouseIEEE802.1x.Theauthenticationserverusesthecerticatetovalidatethe
client’sidentity.
CAcerticate:SelectaCAcerticatetovalidatetheauthenticationserver’sidentity.Whennocerticateisselected,thedevice
triestoauthenticateitselfregardlessofwhatnetworkitisconnectedto.
EAPidentity:Entertheuseridentityassociatedwiththeclientcerticate.
EAPOLversion:SelecttheEAPOLversionthatisusedinthenetworkswitch.
UseIEEE802.1x:SelecttousetheIEEE802.1xprotocol.
Preventbrute-forceattacks
Blocking:Turnontoblockbrute-forceattacks.Abrute-forceattackusestrial-and-errortoguesslogininfoorencryptionkeys.
Blockingperiod:Enterthenumberofsecondstoblockabrute-forceattack.
Blockingconditions:Enterthenumberofauthenticationfailuresallowedpersecondbeforetheblockstarts.Youcansetthe
numberoffailuresallowedbothonpagelevelanddevicelevel.
IPaddresslter
28

Table of Contents

Related product manuals