802.1X - Network Admission Control - Axis 243Q Blade User Manual

AXIS 243Q Blade - System options
37

802.1x - Network Admission Control

IEEE 802.1x is an IEEE standard for port-based Network Admission Control. It provides
authentication to devices attached to a network port (wired or wireless), establishing a
point-to-point connection, or, if authentication fails, preventing access on that port.
802.1x is based on EAP (Extensible Authentication Protocol).
In a 802.1x enabled network switch, clients equipped with the correct software can be
authenticated and allowed or denied network access at the Ethernet level.
Clients and servers in an 802.1x network may need to authenticate each other by some
means. In the Axis implementation this is done with the help of digital certificates
provided by a Certification Authority. These are then validated by a third-party entity,
such as a RADIUS server, examples of which are Free Radius and Microsoft Internet
Authentication Service.
To perform the authentication, the RADIUS server uses various EAP methods/protocols, of
which there are many. The one used in the Axis implementation is EAP-TLS
(EAP-Transport Layer Security).
The AXIS network video device presents its certificate to the network switch, which in turn
forwards this to the RADIUS server. The RADIUS server validates or rejects the certificate
and responds to the switch, and sends its own certificate to the client for validation. The
switch then allows or denies network access accordingly, on a preconfigured port.