Filter
Top Products
33
AXIS Q7401 - System Options
In a 802.1X enabled network switch, clients equipped with the correct software can be authenticated and allowed or denied
network access at the Ethernet level.
Clients and servers in an 802.1X network may need to authenticate eac
h other by some means. In the Axis implementation
this is done with the help of digital certificates provided by a Certification Authority. These are then validated by a
third-party entity, such as a RADIUS server, examples of which are Free Radius and Microsoft Internet Authentication Service.
To perform the authentication, the RADIUS server uses va
rious EAP methods/protocols, of which there are many. The one used
in the Axis implementation is EAPOL using EAP-TLS (EAP-Transport Layer Security).
The Axis network video device presents its certificate to the network swi
tch, which in turn forwards this to the RADIUS server.
The RADIUS server validates or rejects the certificate and responds to the switch, and sends its own certificate to the client for
validation. The switch then allows or denies network access accordingly, on a preconfigured port.
The authentication process
Certificates
CA Certificate - This certificate is created by the Certification Authority for the purpose of validating itself, so the AXIS
Q7401 needs this certificate to check the server's identity. Provide the path to the certificate directly, or use the Browse...
button to locate it. Then click the Upload button. To remove a certificate, click the Remove button.
Client certificate/private key - AXIS Q7401 must also authenticate itself, using a client certificate and a private key.
Provide the path to the certificate in the first field, or use the Browse... button to locate it. Then click the Upload button. To
remove a certificate, click the Remove button.
Protected network
Axis video device
Q: Certificate OK?
Certificate
Authority (CA)
3
1
2
4
A: OK
RADIUS
server
Network
switch
Q: Certificate OK?
A: OK
Certificate
Certificate
1. A CA server provides the required signed certificates.
2. The Axis video device requests access to the protected network at the network switch. The switch
forwards the video device’s CA certificate to the RADIUS server, which then replies to the switch.
3. The switch forwards the RADIUS server’s CA certificate to the video device, which also replies to the
switch.
4. The switch keeps track of all responses to the validation requests. If all certificates are validated, the
Axis video device is allowed access to the protected network via a preconfigured port.