Axis Communications Axis 211A User Manual

43

AXIS 210A/211A - System Options

Clients and servers in an 802.1x network may need to authenticate each other by some

means. In the Axis implementation this is done with the help of digital certificates

provided by a Certification Authority. These are then validated by a third-party entity,

such as a RADIUS server, examples of which are Free Radius and Microsoft Internet

Authentication Service.

To perform the authentication, the RADIUS server uses various EAP methods/protocols, of

which there are many. The one used in the Axis implementation is EAP-TLS

(EAP-Transport Layer Security).

The AXIS network video device presents its certificate to the network switch, which in turn

forwards this to the RADIUS server. The RADIUS server validates or rejects the certificate

and responds to the switch, and sends its own certificate to the client for validation. The

switch then allows or denies network access accordingly, on a preconfigured port.