AXISP32DomeCameraSeries
Thewebinterface
Authenticationmethod:SelectanEAPtypeusedforauthentication.ThedefaultoptionisEAP-TLS.EAP-PEAP/MSCHAPv2isa
moresecureoption.
Clientcerticate:SelectaclientcerticatetouseIEEE802.1x.Theauthenticationserverusesthecerticatetovalidatethe
client’sidentity.
CAcerticate:SelectCAcerticatestovalidatetheauthenticationserver’sidentity.Whennocerticateisselected,thedevice
triestoauthenticateitselfregardlessofwhatnetworkitisconnectedto.
EAPidentity:Entertheuseridentityassociatedwiththeclientcerticate.
EAPOLversion:SelecttheEAPOLversionthatisusedinthenetworkswitch.
UseIEEE802.1x:SelecttousetheIEEE802.1xprotocol.
IEEE802.1AEMACsec
IEEE802.1AEMACsecisanIEEEstandardformediaaccesscontrol(MAC)securitythatdenesconnectionlessdatacondentiality
andintegrityformediaaccessindependentprotocols.
ThesettingsareonlyavailableifyouuseEAP-TLSastheauthenticationmethod:
Mode
•DynamicCAK/EAP-TLS:Thedefaultoption.Afterasecuredconnection,thedevicechecksforMACseconthenetwork.
•StaticCAK/pre-sharedkey(PSK):Selecttosetthekeynameandvaluetoconnecttothenetwork.
ThesettingsareonlyavailableifyouuseEAP-PEAP/MSCHAPv2astheauthenticationmethod:
•Password:Enterthepasswordforyouruseridentity.
•Peapversion:SelectthePeapversionthatisusedinthenetworkswitch.
•Label:Select1touseclientEAPencryption;select2touseclientPEAPencryption.SelecttheLabelthatthenetwork
switchuseswhenusingPeapversion1.
Preventbrute-forceattacks
Blocking:Turnontoblockbrute-forceattacks.Abrute-forceattackusestrial-and-errortoguesslogininfoorencryptionkeys.
Blockingperiod:Enterthenumberofsecondstoblockabrute-forceattack.
Blockingconditions:Enterthenumberofauthenticationfailuresallowedpersecondbeforetheblockstarts.Youcansetthe
numberoffailuresallowedbothonpagelevelanddevicelevel.
IPaddresslter
Uselter:SelecttolterwhichIPaddressesareallowedtoaccessthedevice.
Policy:ChoosewhethertoAlloworDenyaccessforcertainIPaddresses.
Addresses:EntertheIPnumbersthatareeitherallowedordeniedaccesstothedevice.YoucanalsousetheCIDRformat.
Customsignedrmwarecerticate
37