Canon network camera VBC500D User Manual

							1-37
1
1Detailed Settings
Setting User Acces
s Privileges (Access Control) 
Authorized User Account
(1) [User Name], [Password] 
Enter the user name and password and then click [ Add]. The authorized user will be added to 
the user list. 
The user name can consist of up to eight (single-byte ) characters of A to Z, a to z, 0 to 9, - 
(hyphen) and _ (underber). 
The password can consist of up to eight (singl e-byte) ASCII characters (space or printable 
characters).
(2) [User List] A list of authorized users is shown. User privileges can be set fo r these users. Up to 50 users 
can be registered other than the Administrator (root). 
Also, the user list can be sorted using the S  and T buttons on the right. 
To delete a user, select the applicable  user from the user list and then click [Delete]. 
You can set the following items. 
z
Authorized User Account
Register users who can access this camera. 
z User Authority 
Set the privileges of author ized users and guest users. 
z Host Access Control 
Specify the hosts from which ac cess is permit and restricted.
COPY  
						

							1-38
Setting User Access Privileges (Access Control)
User Authority 
[Privileged Camera Control], [Camera Control], [Image Distribution], [Audio Distribution] 
Set the user privileges of authorized user s and guest users. Select the check boxes 
corresponding to the items you want to permit for each user. 
Host Access Restriction 
(1) [Host List]
A list of hosts from which access is  permitted and restricted is shown. 
(2) [Apply the list to HTTP Server] If [Ye s ] is selected, the host list is applied to HTTP server access. Not only access from 
various viewers, but access to the top  page and setting pages is also limited. 
The list is also applied when distributing image and audio. 
(3) [Apply the list to Image Transmission] If [Ye s ] is selected, the host list is applied w hen the image distribution function is used. 
Access from various viewers can be restricted. 
The list is also applied when distributing audio. 
(4) [Apply the list to Audio Transmission] If [Ye s ] is selected, the host list is applied w hen the audio distribution function is used. 
Utilization of audio can be restricted. 
Tip
Authorized users can have higher  privileges than guest users. 
COPY  
						

							1-39
Setting User Access Privileges (Access Control)
1
1Detailed Settings
Note
z
If no host list is available, acces s is permitted to all hosts. 
z If a host list is given that indi cates prohibition of all accesses,  the host restriction function is 
disabled and access is permitted to all hosts. 
z To prohibit access via a proxy server in HTTP connection, a proxy server address must 
be set. 
z If Host Access Restriction is set wrongly, access to the setting pages itself may be 
prohibited, in which case restoring the factory settings will become the only means for 
recovery. 
z If host access control is implemented, th is camera cannot be accessed by IPv6. 
z If the [ Host List ] or [Apply the list to HTTP Server ] setting is changed, the camera may 
become no longer accessible from the active  browser. Check beforehand the precautions 
explained in Notes in Setting the Items Requiring Rebooting (Reboot Item) (  P. 1-46). 
Tip
The Host Access Restriction function restricts t he hosts on which the viewer and other client 
applications are running, where access is rest ricted using a list containing one or more 
entries in the following format. 
Listing Format 
[!] addr [ -addr2 ]
z addr conforms to the standard IP address format. 
z addr and addr2 give a range of IP addresses, and if IP address A is addr or larger 
but addr2 or smaller, A is included in t he range of addr to addr2. addr2 can be 
omitted, in which case value of addr2 becomes the same as that of addr. 
z If the entry starts with !, access is prohibi ted. If ! does not precede the entry, 
access is permitted. 
z If a given host address corresponds to mult iple entries, whether access is permitted 
or prohibited is determined by the setting of the first applicable entry after the 
beginning of the host list. Accordingly, take note that in Examples 3 to 5 below, an 
entry of permitted address must be specified in an entry of prohibited address. 
z Redundant and conflicting entries in the list  are automatically deleted from the list. 
z If the host address does not belong  to any entry, access is permitted. 
COPY  
						

							1-40
Setting User Access Privileges (Access Control)
Example of description  Example 1. Prohibit access from a given access 
!172.20.0.10
Access from the host whose address is 172.20.0.10 is prohibited. 
Example 2. Prohibit access from hosts in a given range 
!172.20.0.0-172.20.0.20
Access from the hosts whose address is in a range of 172.20.0.0 to 172.20.0.20 is 
prohibited. 
Example 3. Permit access from hosts in a gi ven range and prohibit access from all other 
hosts 
172.20.0.10-172.20.0.12
!0.0.0.0-255.255.255.0
Access is permitted only from the hosts whose address is in a range of 172.20.0.10 to 
172.20.0.12. 
Example 4. Prohibit access from hosts in a given range, but permit access from hosts at 
certain addresses within that range 
172.20.0.10
!172.20.0.0-172.20.0.20
Access from the hosts whose address is in a range of 172.20.0.0 to 172.20.0.20 is 
prohibited, but access is permitted only from the host whose address is 172.20.0.10. 
Example 5. Prohibit access from hosts in a  given range, but permit access from hosts in 
a given range within that range 
172.20.0.10-172.20.0.15
!172.20.0.0-172.20.0.20
Access from the hosts whose address is in a range of 172.20.0.0 to 172.20.0.20 is 
prohibited, but access is permitted from t he hosts whose address is in a range of 
172.20.0.10 to 172.20.0.15. 
COPY  
						

							1-41
1
1Detailed Settings
IPsec Settings (IPsec)
IPsec Set
IPsec Sets 1 to 5 are available, where IP
sec settings for each communication using each IPsec 
Set. 
(1) [IPsec]
Select [ Manual] if IPsec will be used. Select [ Disable] if IPsec will not be used. 
(2) [IPsec Mode] Select [ Tunnel Mode ] or [Transport Mode ] as the IPsec operation mode. 
(3) [Destination Address (IPv4/IPv6)]
Enter the IP address of the connection destination.
(4) [Source Address (IPv4/IPv6)] Enter the IP address of the sender.
(5) [Security Protocol] Select [ ESP], [AH] or [ESP and AH ] as the IPsec protocol to be used. 
If [ ESP] is selected, enter only the setting items relating to ESP. 
If [ AH ] is selected, enter only the setting items relating to AH. 
If [ ESP and AH ] is selected, enter all setting items. 
(6) [Security Gateway Address (IPv4/IPv6)]
If the IPsec operation mode was set to [ Tunnel Mode] in (2), set the IP address of the 
security gateway. 
(7) [Destination Prefix Length] This setting is required only when the IPsec operation mode was set to [ Tunnel Mode] in (2). 
Enter a desired prefix length for connection destination in a range of 0 to 128. 
If IPv4 is used, enter a desired length in a range of 0 to 32.  You can set the following items. 
z
Various settings can be specified for up to five communicating devices.
COPY  
						

							1-42
IPsec Settings (IPsec)
„If [ ESP] or [ ESP and AH ] was set under [ Security Protocol ] in (5), the following items must be 
set. 
(8) [SA ESP Encryption Algorithm] Select [ AES], [3DES], [DES ] or [ NULL] as the ESP encryption algorithm according to the 
encryption algorithm supported by the device to connect to.
Normally [ AES] or [ 3DES] is recommended.
(9) [SA ESP Authentication Algorithm] Select [ HMAC_SHA1_96], [HMAC_MD5_96] or [ No Authentication]as the ESP authentication 
algorithm according to the authentication algori thm supported by the device to connect to.
If [ ESP] is used alone, [ No Authentication] cannot be selected. 
(10)[SA ESP Encryption key (outbound)]
Set the SA encryption key for outbound . If [ AES], [3DES ] or [DES] was selected in (8), set a 
128-bit, 192-bit or 64- bit hexadecimal, respectively. [This item need not be set if [ NULL] was 
selected. 
(11)[SA ESP Authentication key (outbound)]
Set the SA authentication key for outbound . If [ HMAC_SHA1_96] or [HMAC_MD5_96] was 
set in (9), set a 160-bit or 128-bit hexadecimal,  respectively. This item need not be set if [No 
Authentication ] was selected.
(12)[SA ESP SPI (outbound)]
Set the SA SPI value for outbound. Set a desired value in a range of 256 to 4294967295.
(13)[SA ESP Encryption key (inbound)]
Set the SA encryption key for inbound. If [ AES], [3DES] or [DES] was selected in (8), set a 
128-bit, 192-bit or 64-bit hexadecimal, respectively. This item need not be set if [ NULL] was 
selected. 
COPY  
						

							1-43
IPsec Settings (IPsec)
1
1Detailed Settings
(14)[SA ESP Authentication key (inbound)]
Set the SA authentication key for inbound. If [
HMAC_SHA1_96] or [HMAC_MD5_96] was 
set in (9), set a 160-bit or 128-bit hexadecimal, respectively. This item need not be set if [ No 
Authentication ] was selected.
(15)[SA ESP SPI (inbound)]
Set the SA SPI value for inbound. Set a desired value in a range of 256 to 4294967295. Since 
this setting is used as an ID for identifying  the SA, be careful not to specify an inbound SPI 
whose value is already used the SPI for other ESP. 
„ If [ AH ] or [ ESP and AH ] was set under [ Security Protocol ] in (5), the following items must be 
set. 
(16)[SA AH Authentication Algorithm]
Select [ HMAC_SHA1_96] or [HMAC_MD5_96] as the AH authentication algorithm according 
to the authentication algorithm supported by the device to connect to.
(17)[SA AH Authentication key (outbound)]
Set the SA authentication key for outbound . If [ HMAC_SHA1_96] or [HMAC_MD5_96] was 
set in (16), set a 160-bit or 128- bit hexadecimal, respectively. 
(18)[SA AH SPI (outbound)]
Set the SA SPI value for outbound. Set a desired value in a range of 256 to 4294967295.
(19)[SA AH Authentication key (inbound)]
Set the SA authentication key for inbound. If [ HMAC_SHA1_96] or [HMAC_MD5_96] was set 
in (16), set a 160-bit or 128-bi t hexadecimal, respectively. 
COPY  
						

							1-44
IPsec Settings (IPsec)
(20)[SA AH SPI (inbound)]
Set the SA SPI value for inbound. Set a desired value in a range of 256 to 4294967295. Since 
this setting is used as an ID for identifying the SA, be careful not to specify an inbound SPI 
whose value is already used the SPI for other AH. 
Note
z To use this camera using IPsec, the communi cating destinations and network must be set 
beforehand. For these settings, contact your System Administrator. 
z If any setting is changed from the [ IPsec] menu, the camera may no longer become 
accessible from the active browser. Check befo rehand the precautions explained in Notes 
in Setting the Items Requiring Rebooting (Reboot Item) (  P. 1-46).
COPY  
						

							1-45
1
1Detailed Settings
Setting the Items Requirin
g Rebooting (Reboot Item) 
(1) [LAN]
IP address and other settings required for LAN Connection (  P. 1-8)
(2) [IPv6] Settings relating to use of IPv6 (  P. 1-9)
(3) [Installation Conditions] Settings relating to camera installation conditions (  P. 1-17)
(4) [MPEG-4] Settings relating to image size and frame rate in MPEG-4 (  P. 1-19)
(5) [HTTP Server] HTTP port number settings (  P. 1-31)
The following items that require rebooting, if changed, are gathered here. 
z
LAN, IPv6, Installation Conditions, MPEG-4, HTTP Server 
COPY  
						

							1-46
Setting the Items Requiring Rebooting (Reboot Item)
Note
These settings relate to network connection. If any setting is changed to a value that may 
disable camera connection from the active browser, the following dialog box is displayed to 
alert the user. 
To apply the new setting, click [ OK]. 
Depending on the new setting, it may not be possible to connect to the camera again after 
rebooting. In this case, a candidate URI is displayed as shown below, 
if available, to facilitate reconnection to the camera. 
If you want to connect to the camera again, try using the displayed URI.
If the camera cannot be connected using the displayed URI, contact your System 
Administrator. 
*In the [ Reboot Item ] menu, the [ IP Address Setting ], [IP Address ], [Subnet Mask ], 
[ Default Gateway Address ], and [HTTP Port] settings relate to network connection.
COPY