User`s manual

29
AXIS P1311 - System Options
IEEE 802.1X
IEEE 802.1X is an IEEE standard for port-based Network Admission Control. It provides authentication to devices attached to a
network port (wired or wireless), establishing a point-to-point connection, or, if authentication fails, preventing access on
that port. 802.1X is based on EAP (Extensible Authentication Protocol).
In a 802.1X enabled network switch, clients equipped with the corr
ect software can be authenticated and allowed or denied
network access at the Ethernet level.
Clients and servers in an 802.1X network may need to authenticate eac
h other by some means. In the Axis implementation
this is done with the help of digital certificates provided by a Certification Authority. These are then validated by a
third-party entity, such as a RADIUS server, examples of which are Free Radius and Microsoft Internet Authentication Service.
To perform the authentication, the RADIUS server uses va
rious EAP methods/protocols, of which there are many. The one used
in the Axis implementation is EAPOL using EAP-TLS (EAP-Transport Layer Security).
The Axis network video device presents its certificate to the network swi
tch, which in turn forwards this to the RADIUS server.
The RADIUS server validates or rejects the certificate and responds to the switch, and sends its own certificate to the client for
validation. The switch then allows or denies network access accordingly, on a preconfigured port.
The authentication process