Canon network camera VBS900F User Manual
Have a look at the manual Canon network camera VBS900F User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1335 Canon manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
[Access Control] Setting User Access Privileges 61 4 Setting Page IPv6 Host Access Restrictions (1) [Apply Host Access Restrictions] Set IPv6 host access restrictions to [Disable] or [Enable]. (2) [Default Policy] If IPv6 host access restrictions are applied, select [Authorize Access] or [Prohibit Access] for the default policy. (3) [Prefix / Prefix Length] Create a list of permitted hosts and restricted hosts and set IPv6 address access for each host to [Yes] or [No]. You can specify the prefix length and set access restriction by network or host. If access is prohibited, access to all ports is restricted.
62 IPsec (1) [IPsec] Key settings for use with IPsec can be selected as [Auto Key Exchange] or [Manual]. Auto Key Exchange Settings (1) [IPsec SA Encryption Algorithm] Set the IPsec SA encryption algorithm to [AES- >3DES], [AES->3DES->DES] or [AES->3DES->DES- >NULL]. The specified algorithm will be checked for an applicable encryption algorithm starting from the left. (2) [IPsec SA Authentication Algorithm] Set the IPsec SA authentication algorithm to [HMAC_SHA1_96] or [HMAC_SHA1_96-> HMAC_MD5_96]. The specified algorithm will be checked for an applicable authentication algorithm starting from the left. (3) [IPsec SA Validity Period (min)] Set the duration of validity for IPsec SA (factory default setting is [480]). (4) [ISAKMP SA Encryption Algorithm] Set the SA encryption algorithm for use with auto key exchange protocol IKE to [AES->3DES] or [AES-> 3DES->DES]. (5) [ISAKMP SA Authentication Algorithm] Set the SA authentication algorithm for use with auto key exchange protocol IKE to [SHA1] or [SHA1- >MD5]. (6) [DH Group] Select [Group 2] or [Group 2->Group 1] for the key generation information that will be used in the DH algorithm for key exchange via auto key exchange protocol IKE. (7) [ISAKMP SA Validity Period (min)] Set the duration of validity for ISAKMP SA (factory default setting is [480]). IPsec Set (Auto Key Exchange) IPsec Sets 1 to 5 are available, and you can specify IPsec settings for one communication device for each IPsec Set. (1) [IPsec Set] Set IPsec Set to [Disable], [Enable in IPv4] or [Enable in IPv6]. (2) [IPsec Mode] Set IPsec mode to [Tunnel Mode] or [Transport Mode]. (3) [Destination IPv4 Address], [Destination IPv6 Address] Enter the IP address of the connection destination. (4) [Source IPv4 Address], [Source IPv6 Address] Enter the IP address of the source. (5) [Security Protocol] Set the IPsec protocol to [ESP], [AH] or [ESP and AH]. If [ESP] is selected, enter only the setting items relating to ESP. If [AH] is selected, enter only the setting items relating to AH. If [ESP and AH] is selected, enter all setting items. (6) [Security Gateway IPv4 Address], [Security Gateway IPv6 Address] If IPsec mode is set to [Tunnel Mode] in (2), set the IP address of the security gateway. (7) [Destination Subnet Mask Length] (IPv4), [Destination Prefix Length] (IPv6) This setting is required only if IPsec mode is set to [Tunnel Mode] in (2). If IPv6 is used, enter a desired prefix length for the connection destination in the range of 16 to 128. If IPv4 is used, enter a desired length in the range of 1 to 32. [IPsec] Setting IPsec The following can be set here. Set the IPsec setting method. Auto Key Exchange Settings Set auto key exchange. Set IP security can be specified through auto key exchange or manual setting with up to five communicating devices.
[IPsec] Setting IPsec 63 4 Setting Page (8) [IKE Pre-Shared Key] Enter the pre-shared key for IKE (auto key exchange) (up to 127 characters). Note If auto key exchange is used, it will take approximately 5 to 10 seconds before communication with the camera starts. IPsec Set (Manual) IPsec Sets 1 to 5 are available, and you can specify IPsec settings for one communication device for each IPsec Set. (1) [IPsec Set] Set IPsec Set to [Disable], [Enable in IPv4] or [Enable in IPv6]. (2) [IPsec Mode] Set IPsec mode to [Tunnel Mode] or [Transport Mode]. (3) [Destination IPv4 Address], [Destination IPv6 Address] Enter the IP address of the connection destination. (4) [Source IPv4 Address], [Source IPv6 Address] Enter the IP address of the source. (5) [Security Protocol] Set the IPsec protocol to [ESP], [AH] or [ESP and AH]. If [ESP] is selected, enter only the setting items relating to ESP. If [AH] is selected, enter only the setting items relating to AH. If [ESP and AH] is selected, enter all setting items. (6) [Security Gateway IPv4 Address], [Security Gateway IPv6 Address] If [IPsec Mode] is set to [Tunnel Mode] in (2), set the IP address of the security gateway. (7) [Destination Subnet Mask Length] (IPv4), [Destination Prefix Length] (IPv6) This setting is required only if [IPsec Mode] is set to [Tunnel Mode] in (2). If IPv6 is used, enter a desired prefix length for the connection destination in the range of 16 to 128. If IPv4 is used, enter a desired length in the range of 1 to 32. zIf [Security Protocol] is set to [ESP] or [ESP and AH] in (5), (8) [SA ESP Encryption Algorithm] to (15) [SA ESP SPI (inbound)] must be set. (8) [SA ESP Encryption Algorithm] Set the ESP encryption algorithm to [AES], [3DES], [DES] or [NULL] according to the encryption algorithm supported by the device to connect to. Normally [AES] or [3DES] is recommended. (9) [SA ESP Authentication Algorithm] Set the ESP authentication algorithm to [HMAC_SHA1_96], [HMAC_MD5_96] or [No Authentication] according to the authentication algorithm supported by the device to connect to. If [ESP] is used alone, [No Authentication] cannot be selected. (10)[SA ESP Encryption Key (outbound)] Set the SA encryption key for outbound. If [AES], [3DES] or [DES] was selected in (8), set a 128-bit, 192-bit or 64-bit hexadecimal, respectively. This item need not be set if [NULL] was selected. (11)[SA ESP Authentication Key (outbound)] Set the SA authentication key for outbound. If [HMAC_SHA1_96] or [HMAC_MD5_96] was selected in (9), set a 160-bit or 128-bit hexadecimal, respectively. This item need not be set if [No Authentication] was selected. (12)[SA ESP SPI (outbound)] Set the SA SPI value for outbound. Set a desired value in the range of 256 to 4294967295. (13)[SA ESP Encryption Key (inbound)] Set the SA encryption key for inbound. If [AES], [3DES] or [DES] was selected in (8), set a 128-bit, 192-bit or 64-bit hexadecimal, respectively. This item need not be set if [NULL] was selected. (14)[SA ESP Authentication Key (inbound)] Set the SA authentication key for inbound. If [HMAC_SHA1_96] or [HMAC_MD5_96] was selected in (9), set a 160-bit or 128-bit hexadecimal, respectively. This item need not be set if [No Authentication] was selected. (15)[SA ESP SPI (inbound)] Set the SA SPI value for inbound. Set a desired value in the range of 256 to 4294967295. Since this setting is used as an ID for Important If the camera is rebooted during auto key exchange communication, a connection error may result after rebooting. In this case, connect again.
64 identifying the SA, be careful not to specify an inbound SPI whose value is already used in the SPI for other ESP. zIf [Security Protocol] was set to [AH] or [ESP and AH] in (5), (16) [SA AH Authentication Algorithm] to (20) [SA AH SPI (inbound)] must be set. (16)[SA AH Authentication Algorithm] Set the AH authentication algorithm to [HMAC_SHA1_96] or [HMAC_MD5_96] according to the authentication algorithm supported by the device to connect to. (17)[SA AH Authentication Key (outbound)] Set the SA authentication key for outbound. If [HMAC_SHA1_96] or [HMAC_MD5_96] was selected in (16), set a 160-bit or 128-bit hexadecimal, respectively. (18)[SA AH SPI (outbound)] Set the SA SPI value for outbound. Set a desired value in the range of 256 to 4294967295. (19)[SA AH Authentication Key (inbound)] Set the SA authentication key for inbound. If [HMAC_SHA1_96] or [HMAC_MD5_96] was selected in (16), set a 160-bit or 128-bit hexadecimal, respectively. (20)[SA AH SPI (inbound)] Set the SA SPI value for inbound. Set a desired value in the range of 256 to 4294967295. Since this setting is used as an ID for identifying the SA, be careful not to specify an inbound SPI whose value is already used in the SPI for another AH. Note If IPsec is used, video transmission performance drops. Important To run this camera with IPsec, the communicating devices and network must be set beforehand. Contact your System Administrator for these settings. When connecting with IPsec, set the camera IP address manually. For IPv4 addresses, use addresses set with [Network] > [IPv4 Address Setting Method] > [Manual]. For IPv6 addresses, use addresses set with [Network] > [IPv6 Address (Manual)]. If any setting is changed from the [IPsec] menu, the camera may become inaccessible from the active web browser. Check beforehand the precautions in “Important” in “[Reboot Item] Setting Items Requiring Rebooting” (p. 72).
65 Setting Page 4 Certificates (1) [Create Self-Signed Certificate] After entering each of the following settings, click [Exec] to create a self-signed certificate. Follow the instructions in the message and reboot. The certificate created will take effect after rebooting. Note Creating a certificate takes time, so it is recommended that you stop video transmission and upload processes. (2) [Certificate Status] If no certificate is installed, [Not Installed] will appear. If a certificate is installed, the validity period for the certificate will appear. (3) [Country (C)] Enter the country code. (4) [State/Province (ST)], [Locality (L)], [Organization (O)], [Organizational Unit (OU)], [Common Name (CN)] Enter state/province name, locality, organization name, organizational unit and common name in ASCII characters (spaces or printable characters). Enter a FQDN format host name, etc. to set the common name (required). (5) [Validity Period Start Date], [Validity Period End Date] Set the validity period of the certificate to be created in the range of 2001/01/01 to 2031/12/31 (required when creating a self-signed certificate). Certificate Management (1) [Generate Certificate Signing Request] Click [Exec] to create server private key and generate a certificate signing request. Once processed, the certificate signing request will appear in a separate window. Note Generating a certificate signing request takes time, so it is recommended that you stop video transmission and upload processes. (2) [Display Certificate Signing Request] Click [Exec] to view the details of the certificate signing request. (3) [Install Server Certificate] Perform this operation to install a server certificate. Click [Browse] to select the certificate file for installation, then click [Exec]. The certificate installed will take effect after rebooting. (4) [Install Intermediate Certificate] Perform this operation to install an intermediate certificate. Select the certificate file to be installed using [Browse] and click [Exec]. The installed certificate will take effect after rebooting. Note To install an intermediate certificate and a primary intermediate certificate, use a text editor or similar software to place them in the same file and install them as an intermediate certificate. (5) [Delete Certificate] Click [Exec] to delete the certificate. However, if SSL communications are enabled, the certificate cannot be deleted. Set [SSL Communications] to [Disable] before deleting a certificate. The deletion will take effect after rebooting. [SSL/TLS] Setting HTTP Communication Encryption The following can be set here. Certificates Create an SSL/TLS certificate. Certificate Management Manage the SSL/TLS certificate. Encrypted Communications Set the encrypted communication.Important With regard to security, it is recommended that you use a self- signed certificate where complete security does not need to be ensured through operation tests, etc. For system operation, acquire and install a certificate issued by a CA.
66 (6) [Display Server Certificate Details] Click [Exec] to view the details of the certificate. (7) [Display Self CA Certificate] Used for the purpose of testing SSL communications, but otherwise not normally used. (8) [Backup] Click [Exec] to perform a backup of the certificates and private key. This operation can only be performed via SSL communications. (9) [Restore] Installs the certificates and private key from backup. Click [Browse] to select the backup file, then click [Exec]. This operation can only be performed via SSL communications, and will take effect after rebooting. Encrypted Communications (1) [SSL Communications] Set SSL communications to [Disable] or [Enable]. The setting will take effect after rebooting. However, if no certificate is installed, SSL communications cannot be changed to [Enable]. Note It may take a few minutes to generate an SSL key. If SSL communications are used, video transmission performance drops. Depending on the type of the certificate being installed on the camera, a dialog box may appear indicating that the web browser has accepted the certificate and a connection can be made. If the dialog box does not appear, register the CA certificate in the web browser.
67 Setting Page 4 802.1X Authentication (1) [802.1X Authentication] Set 802.1X authentication to [Disable] or [Enable]. Initially, if [802.1X Authentication] in [802.1X] is set to [Enable] and [Apply] clicked, [Before changing the setting, set 802.1X authentication to “Disable”. ] will be displayed, and input for setting changes, certificate installation/deletion, etc. will be unavailable. To change settings, first set [802.1X Authentication] to [Disable] and click [Apply]. Settings input will be activated. Make any appropriate settings, set [802.1X Authentication] to [Enable] and click [Apply]. (2) [Authentication Status] Display the status of 802.1X authentication. There are three types of status: [Authenticated], [Unauthenticated], and [Stop]. Authentication Method (1) [Authentication Method] Select from [EAP-MD5], [EAP-TLS], [EAP-TTLS], and [EAP-PEAP] for the 802.1X authentication method. (2) [User Name] Enter the user name used for authentication. (3) [Password] Enter the required password for authentication. This is displayed only when [Authentication Method] is set to [EAP-MD5], [EAP-TTLS], or [EAP-PEAP].Certificate Information This is displayed only when [Authentication Method] is set to [EAP-TLS], [EAP-TTLS], or [EAP-PEAP]. (1) [CA Certificate Status] If no CA certificate is installed, [Not Installed] is displayed. If a CA certificate is installed, the validity period of the certificated is displayed. (2) [Client Certificate Status] If no client certificate is installed, [Not Installed] is displayed. If a client certificate is installed, the validity period of the certificated is displayed. This is displayed only when [Authentication Method] is set to [EAP-TLS]. (3) [Client Private Key Status] If no client private key is installed, [Not Installed] is displayed. If a client private key is installed, [Installed] is displayed. This is displayed only when [Authentication Method] is set to [EAP-TLS]. Certificate Management This is displayed only when [Authentication Method] is set to [EAP-TLS], [EAP-TTLS], or [EAP-PEAP]. (1) [Install CA Certificate] Installs a CA certificate. Select the certificate file to be installed using [Browse] and click [Exec]. (2) [Install Client Certificate] Installs a client certificate. Select the certificate file to be installed using [Browse] and click [Exec]. This is displayed only when [Authentication Method] is set to [EAP-TLS]. (3) [Install Client Private Key] Installs a client private key. Select the private key file to be installed using [Browse] and click [Exec]. This is displayed only when [Authentication Method] is set to [EAP-TLS]. (4) [Client Private Key Password] Enter the password for the client private key. Required when a password has been configured for the private key. This is displayed only when [Authentication Method] is set to [EAP-TLS]. [802.1X] Network Port Authentication Settings The following can be set here. 802.1X Authentication Display the 802.1X authentication enable/disable control and status. Authentication Method Set the authentication method used for 802.1X authentication. Certificate Information Display the certificate used for 802.1X authentication and the private key installation status. Certificate Management Manage the certificates and private keys used for 802.1X authentication.
68 (5) [Delete Certificate] Deletes all installed CA certificates, client certificates, and client private keys. Only “CA Certificate” is displayed when [Authentication Method] is set to [EAP-TTLS] or [EAP-PEAP], but any installed client certificates and client private keys are also deleted. Important If any CA certificates, client certificates, and client private keys already exist, they are discarded and new versions are installed. An error occurs if the format of the certificate or private key to be installed is incorrect. Client certificates and client private keys are checked as a pair when installing, and an error occurs if they do not match. The certificate and private key used for 802.1X authentication must be installed as separate items, irrespective of the installation status of certificates for SSL/TLS.
69 Setting Page 4 Memory Card Operations (unmount status) (1) [Mount/Unmount] In unmount status, [Mount] will appear. Click [Mount] to mount the memory card. Note microSD, microSDHC, and microSDXC memory cards can be used with the camera. When a memory card is inserted in the card slot, it is mounted automatically. It is also mounted automatically if inserted in the camera at the time of booting. For inserting and removing the memory card, see “Installation Guide” > “Using a Memory Card”. (2) [Operation Settings] Set write operations to the memory card to [Save Log] or [Save Logs and Videos]. Note The following settings and operations will record video on a memory card. - When a network error occurs during recording-mode stream - When uploading fails - When [Video Record Action] in the [Event] menu (p. 56) is set to [Record to Memory Card], and an event (volume detection, external device input or timer) setting is enabled and [Enable] is selected for [Video Record] - When video is recorded due to an intelligent function event occurrence (p. 77) - When manually recorded to memory card from the Admin Viewer (p. 140) New files cannot be saved to the memory card if there is no free space. (3) [Video Format] Select the [JPEG] or [H.264(1)] video format to make recordings to a memory card. Video is recorded with the settings defined under [Video] > [H.264(1)] (p. 46). [H.264(2)] cannot be used. Video is recorded in this format when [Record to Memory Card] is selected in [Event] > [Video Record Action] (p. 56). Note When [JPEG] is selected in [Video Format] and an upload error occurs, the frame rate of video recorded in JPEG format is always 1 fps. When a network error occurs during recording-mode stream, video is saved in the JPEG format regardless of the [Video Format] setting (the frame rate is fixed at 1 fps). Video size and quality of the recorded video are made according to the settings in the [Video] menu. (4) [Pre-event Buffer (number of frames)] / [Pre-event Buffer (sec)] Enter the number of frames or seconds of video to be buffered before the event. The maximum amount is number of frames for a [JPEG] selection and number of seconds for an [H.264(1)] selection in [Video Format]. (5) [Post-event Buffer (number of frames)] / [Post-event Buffer (sec)] Enter the number of frames or seconds of video to be buffered after the event. The maximum amount is number of frames for a [JPEG] selection and number of seconds for an [H.264(1)] selection in [Video Format]. (6) [Overwrite videos] Select [Enable] or [Disable] for the overwrite setting of video that is recorded to a memory card when an event occurs. If you select [Enable], videos recorded using an event and timer will be overwritten. Overwriting is performed when the number of recordings that can be stored (100,000 files) for each of events and timers is exceeded. Overwriting is not performed when there is insufficient space on the memory card. (7) [Format] Click [Exec] to format the memory card. Formatting erases all video and logs on the memory card. [Memory Card] Memory Card Operations and Settings The following can be set here. Memory Card Operations Perform memory card operations. Memory Card Information Display information about the memory card. Important When an H.264 video is saved to a memory card, the following restrictions apply to [H.264(1)] of [Video] (p. 46). - Only [Use bit rate control] can be selected for [Bit Rate Control]. - Only [3072] or less can be selected for [Target Bit Rate (kbps)]. - Only one of [0.5], [1], and [1.5] can be selected for [I Frame Interval (sec)]. Since the [Pre-event Buffer] and [Post-event Buffer] set the maximum value, it may not be possible to record the specified number of frames or seconds of video depending on conditions.
70 Memory Card Operations (mount status) (1) [Mount/Unmount] In mount status, [Unmount] will appear. Click [Unmount] to unmount the memory card. (2) [Operation Settings], [Video Format], [Pre-event Buffer], [Post-event Buffer], [Overwrite videos] These settings are the same as in “Memory Card Operations (unmount status)”. (3) [Delete Videos] Click [Exec] to delete videos from the memory card. During deletion, an indicator will appear to the right of [Exec]. Note It may take 40 minutes or more to delete videos from the memory card. Deleting videos takes time, so it is recommended that you stop video transmission and upload processes. (4) [Recreate Video Management Information] Click [Exec] to recreate the video management information. During re-creation, an indicator will appear to the right of [Exec]. The memory card is inaccessible during this time. Note It may take 90 minutes or more to recreate video management information. Recreating video management information takes time, so it is recommended that you stop video transmission and upload processes. Memory Card Information (1) [Memory Card Recognition] Displays the status of the memory card. The three status messages are [Memory Card Not Inserted], [Not Mounted] and [Mounted]. (2) [Memory Card Operation Status] Displays the operation status of the memory card. The three status messages are as follows. [Operable]: This status indicates that any operation may be performed. [Recreating video management information]: This status indicates that video management information is being recreated. Other operations cannot be performed. [Deleting videos]: This status indicates that videos are being deleted. Other operations cannot be performed. (3) [Video Management Information Status] Displays the status of the video management information. The two status messages are as follows. [Normal]: This status indicates that video management information is normal. [Video Management Information Recreation Required]: This status indicates that management files are corrupted or not consistent with saved video files. It is necessary to click [Exec] in [Recreate Video Management Information] to recreate video management information. (4) [Video Saving] Displays whether or not videos can be saved to the memory card. [Can Save]: Indicates that videos can be saved to the memory card. [Cannot Save]: Indicates that videos cannot be saved to the memory card. This status may be caused when the memory card is not mounted, the video file count upper limit has been reached, the video management file is corrupted or the card is write-protected. (5) [Memory Card Capacity (KB)] Displays the memory card storage capacity. (6) [Used Capacity (KB)] Displays information about storage used on the memory card. Important Be sure to perform the unmount process when turning off the power to the camera or removing the memory card. Failing to unmount first may result in management file problems or the memory card becoming inaccessible. You can use the Memory Card Unmount Tool (p. 15) to mount/ unmount memory cards from multiple cameras at the same time.