Manualshelf

User`s manual

ManualsBrandsAxis ManualshomeQ7404
31323334353637383940
33
AXIS Q7404 - System Options
In a 802.1X enabled network switch, clients equipped with the correct software can be authenticated and allowed or denied
network access at the Ethernet level.
Clients and servers in an 802.1X network may need to authenticate each other by some means. In Axis implementation this is
done with the help of digital certificates provided by a Certification Authority. These are then validated by a third-party
entity, such as a RADIUS server, examples of which are Free Radius and Microsoft Internet Authentication Service.
To perform the authentication, the RADIUS server uses various EAP methods/protocols, of which there are many. The one used
in Axis implementation is EAPOL using EAP-TLS (EAP-Transport Layer Security).
The Axis network video product presents its certificate to the network switch, which in turn forwards this to the RADIUS
server. The RADIUS server validates or rejects the certificate and responds to the switch, and sends its own certificate to the
client for validation. The switch then allows or denies network access accordingly, on a preconfigured port.
The authentication process
Certificates
CA Certificate - This certificate is created by the Certification Authority for the purpose of validating itself, so the AXIS
Q7404 needs this certificate to check the server's identity. Provide the path to the certificate directly, or use the Browse...
button to locate it. Then click the Upload button. To remove a certificate, click the Remove button.
Client certificate/private key - AXIS Q7404 must also authenticate itself, using a client certificate and a private key. Provide
the path to the certificate in the first field, or use the Browse button to locate it. Then click the Upload button. To remove a
certificate, click the Remove button.
Protected network
Axis network video product
Q: Certificate OK?
Certificate
Authority (CA)
3
1
2
4
A: OK
RADIUS
server
Network
switch
Q: Certificate OK?
A: OK
Certificate
Certificate
1. A CA server provides the required signed certificates.
2. The Axis network video product requests access to the protected network at the network switch. The
switch forwards the product’s CA certificate to the RADIUS server, which then replies to the switch.
3. The switch forwards the RADIUS server’s CA certificate to the product, which also replies to the switch.
4. The switch keeps track of all responses to the validation requests. If all certificates are validated, the
Axis network video product is allowed access to the protected network via a preconfigured port.