EasyManua.ls Logo

Axis Q37 Series - Page 42

Axis Q37 Series
67 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
AXISQ37NetworkCameraSeries
Thewebinterface
Keytype:Selectthedefaultoradifferentencryptionalgorithmfromthedrop-downlisttoprotectthecerticate.
Thecontextmenucontains:
Certicateinformation:Viewaninstalledcerticate’sproperties.
Deletecerticate:Deletethecerticate.
Createcerticatesigningrequest:Createacerticatesigningrequesttosendtoaregistrationauthoritytoapply
foradigitalidentitycerticate.
Securekeystore
:
Secureelement(CCEAL6+):Selecttousesecureelementforsecurekeystore.
TrustedPlatformModule2.0(CCEAL4+,FIPS140-2Level2):SelecttouseTPM2.0forsecurekeystore.
Networkaccesscontrolandencryption
IEEE802.1x
IEEE802.1xisanIEEEstandardforport-basednetworkadmissioncontrolprovidingsecureauthenticationofwiredandwireless
networkdevices.IEEE802.1xisbasedonEAP(ExtensibleAuthenticationProtocol).
ToaccessanetworkprotectedbyIEEE802.1x,networkdevicesmustauthenticatethemselves.Theauthenticationisperformedby
anauthenticationserver,typicallyaRADIUSserver(forexample,FreeRADIUSandMicrosoftInternetAuthenticationServer).
IEEE802.1AEMACsec
IEEE802.1AEMACsecisanIEEEstandardformediaaccesscontrol(MAC)securitythatdenesconnectionlessdatacondentiality
andintegrityformediaaccessindependentprotocols.
Certicates
WhenconguredwithoutaCAcerticate,servercerticatevalidationisdisabledandthedevicetriestoauthenticateitself
regardlessofwhatnetworkitisconnectedto.
Whenusingacerticate,inAxis'implementation,thedeviceandtheauthenticationserverauthenticatethemselveswithdigital
certicatesusingEAP-TLS(ExtensibleAuthenticationProtocol-TransportLayerSecurity).
Toallowthedevicetoaccessanetworkprotectedthroughcerticates,youmustinstallasignedclientcerticateonthedevice.
Authenticationmethod:SelectanEAPtypeusedforauthentication.
Clientcerticate:SelectaclientcerticatetouseIEEE802.1x.Theauthenticationserverusesthecerticatetovalidatethe
client’sidentity.
CAcerticates:SelectCAcerticatestovalidatetheauthenticationserver’sidentity.Whennocerticateisselected,thedevice
triestoauthenticateitselfregardlessofwhatnetworkitisconnectedto.
EAPidentity:Entertheuseridentityassociatedwiththeclientcerticate.
EAPOLversion:SelecttheEAPOLversionthatisusedinthenetworkswitch.
UseIEEE802.1x:SelecttousetheIEEE802.1xprotocol.
ThesesettingsareonlyavailableifyouuseIEEE802.1xPEAP-MSCHAPv2astheauthenticationmethod:
Password:Enterthepasswordforyouruseridentity.
Peapversion:SelectthePeapversionthatisusedinthenetworkswitch.
Label:Select1touseclientEAPencryption;select2touseclientPEAPencryption.SelecttheLabelthatthenetwork
switchuseswhenusingPeapversion1.
ThesesettingsareonlyavailableifyouuseIEEE802.1aeMACsec(StaticCAK/Pre-SharedKey)astheauthenticationmethod:
Keyagreementconnectivityassociationkeyname:Entertheconnectivityassociationname(CKN).Itmustbe2to64
(divisibleby2)hexadecimalcharacters.TheCKNmustbemanuallyconguredintheconnectivityassociationand
mustmatchonbothendsofthelinktoinitiallyenableMACsec.
42

Related product manuals