EasyManua.ls Logo

Axis use-IP A1610 - Page 13

Axis use-IP A1610
30 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
AXISA1610NetworkDoorController
Thedeviceinterface
IEEE802.1xisanIEEEstandardforport-basednetworkadmissioncontrolprovidingsecureauthenticationofwiredandwireless
networkdevices.IEEE802.1xisbasedonEAP(ExtensibleAuthenticationProtocol).
ToaccessanetworkprotectedbyIEEE802.1x,networkdevicesmustauthenticatethemselves.Theauthenticationisperformedby
anauthenticationserver,typicallyaRADIUSserver(forexampleFreeRADIUSandMicrosoftInternetAuthenticationServer).
Certicates
WhenconguredwithoutaCAcerticate,servercerticatevalidationisdisabledandthedevicetriestoauthenticateitself
regardlessofwhatnetworkitisconnectedto.
Whenusingacerticate,inAxis'implementation,thedeviceandtheauthenticationserverauthenticatethemselveswithdigital
certicatesusingEAP-TLS(ExtensibleAuthenticationProtocol-TransportLayerSecurity).
Toallowthedevicetoaccessanetworkprotectedthroughcerticates,asignedclientcerticatemustbeinstalledonthedevice.
Clientcerticate:SelectaclientcerticatetouseIEEE802.1x.Theauthenticationserverusesthecerticatetovalidatethe
client’sidentity.
CAcerticate:SelectaCAcerticatetovalidatetheauthenticationserver’sidentity.Whennocerticateisselected,thedevice
triestoauthenticateitselfregardlessofwhatnetworkitisconnectedto.
EAPidentity:Entertheuseridentityassociatedwiththeclientcerticate.
EAPOLversion:SelecttheEAPOLversionthatisusedinthenetworkswitch.
UseIEEE802.1x:SelecttousetheIEEE802.1xprotocol.
Preventbrute-forceattacks
Blocking:Turnontoblockbrute-forceattacks.Abrute-forceattackusestrial-and-errortoguesslogininfoorencryptionkeys.
Blockingperiod:Enterthenumberofsecondstoblockabrute-forceattack.
Blockingconditions:Enterthenumberofauthenticationfailuresallowedpersecondbeforetheblockstarts.Youcansetthe
numberoffailuresallowedbothonpagelevelanddevicelevel.
IPaddresslter
Uselter:SelecttolterwhichIPaddressesthatareallowedtoaccessthedevice.
Policy:ChoosewhethertoAllowaccessorDenyaccessforcertainIPaddresses.
Addresses:EntertheIPnumbersthatareeitherallowedordeniedaccesstothedevice.YoucanalsousetheCIDRformat.
Custom-signedrmwarecerticate
ToinstalltestrmwareorothercustomrmwarefromAxisonthedevice,youneedacustom-signedrmwarecerticate.The
certicateveriesthatthermwareisapprovedbyboththedeviceownerandAxis.Thermwarecanonlyrunonaspecic
devicewhichisidentiedbyitsuniqueserialnumberandchipID.Custom-signedrmwarecerticatescanonlybecreated
byAxis,sinceAxisholdsthekeytosignthem.
ClickInstalltoinstallthecerticate.Youneedtoinstallthecerticatebeforeyouinstallthermware.
13

Table of Contents

Related product manuals