51
IEEE 802.1x
IEEE 802.1x is an IEEE standard for port-based network admission control providing secure authentication of
wired and wireless network devices. IEEE 802.1x is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1x, network devices must authenticate themselves. The
authentication is performed by an authentication server, typically a RADIUS server (for example, FreeRADIUS
and Microsoft Internet Authentication Server).
IEEE 802.1AE MACsec
IEEE 802.1AE MACsec is an IEEE standard for media access control (MAC) security that defines connectionless
data confidentiality and integrity for media access independent protocols.
Certificates
When configured without a CA certificate, server certificate validation is disabled and the device tries to
authenticate itself regardless of what network it is connected to.
When using a certificate, in Axis' implementation, the device and the authentication server authenticate
themselves with digital certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer
Security).
To allow the device to access a network protected through certificates, you must install a signed client
certificate on the device.
Authentication method: Select an EAP type used for authentication.
Client certificate: Select a client certificate to use IEEE 802.1x. The authentication server uses the certificate
to validate the client’s identity.
CA certificates: Select CA certificates to validate the authentication server’s identity. When no certificate is
selected, the device tries to authenticate itself regardless of what network it is connected to.
EAP identity: Enter the user identity associated with the client certificate.
EAPOL version: Select the EAPOL version that is used in the network switch.
Use IEEE 802.1x: Select to use the IEEE 802.1x protocol.
These settings are only available if you use IEEE 802.1x PEAP-MSCHAPv2 as the authentication method:
• Password: Enter the password for your user identity.
• Peap version: Select the Peap version that is used in the network switch.
• Label: Select 1 to use client EAP encryption; select 2 to use client PEAP encryption. Select the Label
that the network switch uses when using Peap version 1.
These settings are only available if you use IEEE 802.1ae MACsec (Static CAK/Pre-Shared Key) as the
authentication method:
• Key agreement connectivity association key name: Enter the connectivity association name (CKN). It
must be 2 to 64 (divisible by 2) hexadecimal characters. The CKN must be manually configured in the
connectivity association and must match on both ends of the link to initially enable MACsec.
• Key agreement connectivity association key: Enter the connectivity association key (CAK). It should
be either 32 or 64 hexadecimal characters long. The CAK must be manually configured in the
connectivity association and must match on both ends of the link to initially enable MACsec.
Prevent brute-force attacks
AXIS Q8752-E Mk II Bispectral PTZ Network Camera
To Next Page
Loading...
