EasyManua.ls Logo

Axis P47 Series - Page 34

Axis P47 Series
61 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
AXISP47-PLVEseries
Thewebinterface
IEEE802.1xisanIEEEstandardforport-basednetworkadmissioncontrolprovidingsecureauthenticationofwiredandwireless
networkdevices.IEEE802.1xisbasedonEAP(ExtensibleAuthenticationProtocol).
ToaccessanetworkprotectedbyIEEE802.1x,networkdevicesmustauthenticatethemselves.Theauthenticationisperformedby
anauthenticationserver,typicallyaRADIUSserver(forexample,FreeRADIUSandMicrosoftInternetAuthenticationServer).
Certicates
WhenconguredwithoutaCAcerticate,servercerticatevalidationisdisabledandthedevicetriestoauthenticateitself
regardlessofwhatnetworkitisconnectedto.
Whenusingacerticate,inAxis'implementation,thedeviceandtheauthenticationserverauthenticatethemselveswithdigital
certicatesusingEAP-TLS(ExtensibleAuthenticationProtocol-TransportLayerSecurity).
Toallowthedevicetoaccessanetworkprotectedthroughcerticates,youmustinstallasignedclientcerticateonthedevice.
Authenticationmethod:SelectanEAPtypeusedforauthentication.ThedefaultoptionisEAP-TLS.EAP-PEAP/MSCHAPv2isa
moresecureoption.
Clientcerticate:SelectaclientcerticatetouseIEEE802.1x.Theauthenticationserverusesthecerticatetovalidatethe
client’sidentity.
CAcerticate:SelectCAcerticatestovalidatetheauthenticationserver’sidentity.Whennocerticateisselected,thedevice
triestoauthenticateitselfregardlessofwhatnetworkitisconnectedto.
EAPidentity:Entertheuseridentityassociatedwiththeclientcerticate.
EAPOLversion:SelecttheEAPOLversionthatisusedinthenetworkswitch.
UseIEEE802.1x:SelecttousetheIEEE802.1xprotocol.
IEEE802.1AEMACsec
IEEE802.1AEMACsecisanIEEEstandardformediaaccesscontrol(MAC)securitythatdenesconnectionlessdatacondentiality
andintegrityformediaaccessindependentprotocols.
ThesettingsareonlyavailableifyouuseEAP-TLSastheauthenticationmethod:
Mode
DynamicCAK/EAP-TLS:Thedefaultoption.Afterasecuredconnection,thedevicechecksforMACseconthenetwork.
StaticCAK/pre-sharedkey(PSK):Selecttosetthekeynameandvaluetoconnecttothenetwork.
ThesettingsareonlyavailableifyouuseEAP-PEAP/MSCHAPv2astheauthenticationmethod:
Password:Enterthepasswordforyouruseridentity.
Peapversion:SelectthePeapversionthatisusedinthenetworkswitch.
Label:Select1touseclientEAPencryption;select2touseclientPEAPencryption.SelecttheLabelthatthenetwork
switchuseswhenusingPeapversion1.
Preventbrute-forceattacks
Blocking:Turnontoblockbrute-forceattacks.Abrute-forceattackusestrial-and-errortoguesslogininfoorencryptionkeys.
Blockingperiod:Enterthenumberofsecondstoblockabrute-forceattack.
Blockingconditions:Enterthenumberofauthenticationfailuresallowedpersecondbeforetheblockstarts.Youcansetthe
numberoffailuresallowedbothonpagelevelanddevicelevel.
Firewall
34

Table of Contents

Other manuals for Axis P47 Series

Preview: Installation Guide
Installation Guide40 pages

Related product manuals