Table of Contents
Advertisement
AXIS C1111-E Cabinet Speaker
The web interface
• Key type: Select the default or a different encryption algorithm from the drop-down list to protect the certificate.
The context menu contains:
• Certificate information: View an installed certificate's properties.
• Delete certificate: Delete the certificate.
• Create certificate signing request: Create a certificate signing request to send to a registration authority to apply
for a digital identity certificate.
Secure keystore
:
• Secure element (CC EAL6+): Select to use secure element for secure keystore.
• Trusted Platform Module 2.0 (CC EAL4+, FIPS 140-2 Level 2): Select to use TPM 2.0 for secure keystore.
IEEE 802.1x and IEEE 802.1AE MACsec
IEEE 802.1x is an IEEE standard for port-based network admission control providing secure authentication of wired and wireless
network devices. IEEE 802.1x is based on EAP (Extensible Authentication Protocol).
To access a network protected by IEEE 802.1x, network devices must authenticate themselves. The authentication is performed by
an authentication server, typically a RADIUS server (for example, FreeRADIUS and Microsoft Internet Authentication Server).
Certificates
When configured without a CA certificate, server certificate validation is disabled and the device tries to authenticate itself
regardless of what network it is connected to.
When using a certificate, in Axis' implementation, the device and the authentication server authenticate themselves with digital
certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security).
To allow the device to access a network protected through certificates, you must install a signed client certificate on the device.
Authentication method: Select an EAP type used for authentication. The default option is EAP-TLS. EAP-PEAP/MSCHAPv2 is a
more secure option.
Client certificate: Select a client certificate to use IEEE 802.1x. The authentication server uses the certificate to validate the
client's identity.
CA certificate: Select CA certificates to validate the authentication server's identity. When no certificate is selected, the device
tries to authenticate itself regardless of what network it is connected to.
EAP identity: Enter the user identity associated with the client certificate.
EAPOL version: Select the EAPOL version that is used in the network switch.
Use IEEE 802.1x: Select to use the IEEE 802.1x protocol.
IEEE 802.1AE MACsec
IEEE 802.1AE MACsec is an IEEE standard for media access control (MAC) security that defines connectionless data confidentiality
and integrity for media access independent protocols.
The settings are only available if you use EAP-TLS as the authentication method:
Mode
• Dynamic CAK / EAP-TLS: The default option. After a secured connection, the device checks for MACsec on the network.
• Static CAK / pre-shared key (PSK): Select to set the key name and value to connect to the network.
The settings are only available if you use EAP-PEAP/MSCHAPv2 as the authentication method:
• Password: Enter the password for your user identity.
• Peap version: Select the Peap version that is used in the network switch.
• Label: Select 1 to use client EAP encryption; select 2 to use client PEAP encryption. Select the Label that the network
switch uses when using Peap version 1.
25
Advertisement
Table of Contents
