Canon network camera VBS30D User Manual

							[Access Control] Setting User Access Privileges
61
4
Setting Page
IPv6 Host Access Restrictions
(1) [Apply Host Access Restrictions] 
Set IPv6 host access restrictions to [Disable] or 
[Enable]. 
(2) [Default Policy] 
If IPv6 host access restrictions are applied, select 
[Authorize Access] or [Prohibit Access] for the default 
policy. 
(3) [Prefix / Prefix Length] 
Create a list of permitted hosts and restricted hosts 
and set IPv6 address access for each host to [Yes] or 
[No]. 
You can specify the prefix length and set access 
restriction by network or host. 
If access is prohibited, access to all ports is 
restricted.  
						

							62
IPsec 
(1) [IPsec] 
Key settings for use with IPsec can be selected as 
[Auto Key Exchange] or [Manual].
Auto Key Exchange Settings
(1) [IPsec SA Encryption Algorithm] 
Set the IPsec SA encryption algorithm to [AES-
>3DES], [AES->3DES->DES] or [AES->3DES->DES-
>NULL]. 
The specified algorithm will be checked for an 
applicable encryption algorithm starting from the left. 
(2) [IPsec SA Authentication Algorithm] 
Set the IPsec SA authentication algorithm to 
[HMAC_SHA1_96] or [HMAC_SHA1_96-> 
HMAC_MD5_96]. 
The specified algorithm will be checked for an 
applicable authentication algorithm starting from the 
left. 
(3) [IPsec SA Validity Period (min)] 
Set the duration of validity for IPsec SA (factory default 
setting is [480]). 
(4) [ISAKMP SA Encryption Algorithm] 
Set the SA encryption algorithm for use with auto key 
exchange protocol IKE to [AES->3DES] or [AES-> 
3DES->DES]. 
(5) [ISAKMP SA Authentication Algorithm] 
Set the SA authentication algorithm for use with auto 
key exchange protocol IKE to [SHA1] or [SHA1-
>MD5]. (6) [DH Group] 
Select [Group 2] or [Group 2->Group 1] for the key 
generation information that will be used in the DH 
algorithm for key exchange via auto key exchange 
protocol IKE.
(7) [ISAKMP SA Validity Period (min)] 
Set the duration of validity for ISAKMP SA (factory 
default setting is [480]). 
IPsec Set (Auto Key Exchange) 
IPsec Sets 1 to 5 are available, and you can specify IPsec 
settings for one communication device for each IPsec Set. 
(1) [IPsec Set] 
Set IPsec Set to [Disable], [Enable in IPv4] or [Enable 
in IPv6]. 
(2) [IPsec Mode] 
Set IPsec mode to [Tunnel Mode] or [Transport 
Mode]. 
(3) [Destination IPv4 Address], [Destination IPv6 Address] 
Enter the IP address of the connection destination. 
(4) [Source IPv4 Address], [Source IPv6 Address] 
Enter the IP address of the source. 
(5) [Security Protocol] 
Set the IPsec protocol to [ESP], [AH] or [ESP and AH]. 
If [ESP] is selected, enter only the setting items 
relating to ESP. 
If [AH] is selected, enter only the setting items relating 
to AH.
If [ESP and AH] is selected, enter all setting items. 
(6) [Security Gateway IPv4 Address], [Security Gateway 
IPv6 Address]
If IPsec mode is set to [Tunnel Mode] in (2), set the IP 
address of the security gateway. 
(7) [Destination Subnet Mask Length] (IPv4), [Destination 
Prefix Length] (IPv6) 
This setting is required only if IPsec mode is set to 
[Tunnel Mode] in (2). 
If IPv6 is used, enter a desired prefix length for the 
connection destination in the range of 16 to 128. 
If IPv4 is used, enter a desired length in the range of 1 
to 32. 
[IPsec] Setting IPsec
The following can be set here. 

Set the IPsec setting method. 
 Auto Key Exchange Settings
Set auto key exchange. 
Set
IP security can be specified through auto key 
exchange or manual setting with up to five 
communicating devices.  
						

							[IPsec] Setting IPsec
63
4
Setting Page
(8) [IKE Pre-Shared Key] 
Enter the pre-shared key for IKE (auto key exchange) 
(up to 127 characters). 
Note
If auto key exchange is used, it will take approximately 5 to 10 
seconds before communication with the camera starts. 
IPsec Set (Manual) 
IPsec Sets 1 to 5 are available, and you can specify IPsec 
settings for one communication device for each IPsec Set. 
(1) [IPsec Set] 
Set IPsec Set to [Disable], [Enable in IPv4] or [Enable 
in IPv6]. 
(2) [IPsec Mode] 
Set IPsec mode to [Tunnel Mode] or [Transport 
Mode]. 
(3) [Destination IPv4 Address], [Destination IPv6 Address] 
Enter the IP address of the connection destination. 
(4) [Source IPv4 Address], [Source IPv6 Address] 
Enter the IP address of the source. 
(5) [Security Protocol] 
Set the IPsec protocol to [ESP], [AH] or [ESP and AH]. 
If [ESP] is selected, enter only the setting items 
relating to ESP. 
If [AH] is selected, enter only the setting items relating 
to AH.
If [ESP and AH] is selected, enter all setting items. 
(6) [Security Gateway IPv4 Address], [Security Gateway 
IPv6 Address]
If [IPsec Mode] is set to [Tunnel Mode] in (2), set the 
IP address of the security gateway. (7) [Destination Subnet Mask Length] (IPv4), [Destination 
Prefix Length] (IPv6)
This setting is required only if [IPsec Mode] is set to 
[Tunnel Mode] in (2).
If IPv6 is used, enter a desired prefix length for the 
connection destination in the range of 16 to 128. 
If IPv4 is used, enter a desired length in the range of 1 
to 32. 
zIf [Security Protocol] is set to [ESP] or [ESP and AH] in 
(5), (8) [SA ESP Encryption Algorithm] to (15) [SA ESP 
SPI (inbound)] must be set. 
(8) [SA ESP Encryption Algorithm] 
Set the ESP encryption algorithm to [AES], [3DES], 
[DES] or [NULL] according to the encryption 
algorithm supported by the device to connect to. 
Normally [AES] or [3DES] is recommended. 
(9) [SA ESP Authentication Algorithm] 
Set the ESP authentication algorithm to 
[HMAC_SHA1_96], [HMAC_MD5_96] or [No 
Authentication] according to the authentication 
algorithm supported by the device to connect to. 
If [ESP] is used alone, [No Authentication] cannot be 
selected.
(10)[SA ESP Encryption Key (outbound)] 
Set the SA encryption key for outbound. If [AES], 
[3DES] or [DES] was selected in (8), set a 128-bit, 
192-bit or 64-bit hexadecimal, respectively. This item 
need not be set if [NULL] was selected.
(11)[SA ESP Authentication Key (outbound)] 
Set the SA authentication key for outbound. If 
[HMAC_SHA1_96] or [HMAC_MD5_96] was selected 
in (9), set a 160-bit or 128-bit hexadecimal, 
respectively. This item need not be set if [No 
Authentication] was selected. 
(12)[SA ESP SPI (outbound)] 
Set the SA SPI value for outbound. 
Set a desired value in the range of 256 to 
4294967295.
(13)[SA ESP Encryption Key (inbound)] 
Set the SA encryption key for inbound. 
If [AES], [3DES] or [DES] was selected in (8), set a 
128-bit, 192-bit or 64-bit hexadecimal, respectively. 
This item need not be set if [NULL] was selected.
(14)[SA ESP Authentication Key (inbound)] 
Set the SA authentication key for inbound. 
If [HMAC_SHA1_96] or [HMAC_MD5_96] was 
selected in (9), set a 160-bit or 128-bit hexadecimal, 
respectively. This item need not be set if [No 
Authentication] was selected. 
(15)[SA ESP SPI (inbound)] 
Set the SA SPI value for inbound. 
Set a desired value in the range of 256 to 
4294967295. Since this setting is used as an ID for 
Important
If the camera is rebooted during auto key exchange 
communication, a connection error may result after rebooting. 
In this case, connect again.  
						

							64
identifying the SA, be careful not to specify an 
inbound SPI whose value is already used in the SPI for 
other ESP. 
zIf [Security Protocol] was set to [AH] or [ESP and AH] in 
(5), (16) [SA AH Authentication Algorithm] to (20) [SA 
AH SPI (inbound)] must be set. 
(16)[SA AH Authentication Algorithm] 
Set the AH authentication algorithm to 
[HMAC_SHA1_96] or [HMAC_MD5_96] according to 
the authentication algorithm supported by the device 
to connect to. 
(17)[SA AH Authentication Key (outbound)] 
Set the SA authentication key for outbound. If 
[HMAC_SHA1_96] or [HMAC_MD5_96] was selected 
in (16), set a 160-bit or 128-bit hexadecimal, 
respectively. 
(18)[SA AH SPI (outbound)] 
Set the SA SPI value for outbound. 
Set a desired value in the range of 256 to 
4294967295.
(19)[SA AH Authentication Key (inbound)] 
Set the SA authentication key for inbound. If 
[HMAC_SHA1_96] or [HMAC_MD5_96] was selected 
in (16), set a 160-bit or 128-bit hexadecimal, 
respectively. 
(20)[SA AH SPI (inbound)] 
Set the SA SPI value for inbound. 
Set a desired value in the range of 256 to 
4294967295. Since this setting is used as an ID for 
identifying the SA, be careful not to specify an 
inbound SPI whose value is already used in the SPI for 
another AH. 
Note
If IPsec is used, video transmission performance drops.
Important
 To run this camera with IPsec, the communicating devices 
and network must be set beforehand. Contact your System 
Administrator for these settings. 
 When connecting with IPsec, set the camera IP address 
manually.
For IPv4 addresses, use addresses set with [Network] > 
[IPv4 Address Setting Method] > [Manual].
For IPv6 addresses, use addresses set with [Network] > 
[IPv6 Address (Manual)].
 If any setting is changed from the [IPsec] menu, the camera 
may become inaccessible from the active web browser. 
Check beforehand the precautions in “Important” in “[Reboot 
Item] Setting Items Requiring Rebooting” (p. 72). 
						

							65
Setting Page
4
Certificates
(1) [Create Self-Signed Certificate] 
After entering each of the following settings, click 
[Exec] to create a self-signed certificate. Follow the 
instructions in the message and reboot. The certificate 
created will take effect after rebooting. 
Note
Creating a certificate takes time, so it is recommended that you 
stop video transmission and upload processes.
(2) [Certificate Status] 
If no certificate is installed, [Not Installed] will appear. 
If a certificate is installed, the validity period for the 
certificate will appear. 
(3) [Country (C)] 
Enter the country code. 
(4) [State/Province (ST)], [Locality (L)], [Organization (O)], 
[Organizational Unit (OU)], [Common Name (CN)] 
Enter state/province name, locality, organization 
name, organizational unit and common name in ASCII 
characters (spaces or printable characters). Enter a 
FQDN format host name, etc. to set the common 
name (required). 
(5) [Validity Period Start Date], [Validity Period End Date] 
Set the validity period of the certificate to be created in 
the range of 2001/01/01 to 2031/12/31 (required when 
creating a self-signed certificate). Certificate Management
(1) [Generate Certificate Signing Request] 
Click [Exec] to create server private key and generate 
a certificate signing request. Once processed, the 
certificate signing request will appear in a separate 
window. 
Note
Generating a certificate signing request takes time, so it is 
recommended that you stop video transmission and upload 
processes.
(2) [Display Certificate Signing Request] 
Click [Exec] to view the details of the certificate 
signing request. 
(3) [Install Server Certificate] 
Perform this operation to install a server certificate. 
Click [Browse] to select the certificate file for 
installation, then click [Exec]. The certificate installed 
will take effect after rebooting. 
(4) [Install Intermediate Certificate] 
Perform this operation to install an intermediate 
certificate. Select the certificate file to be installed 
using [Browse] and click [Exec]. The installed 
certificate will take effect after rebooting. 
Note
To install an intermediate certificate and a primary intermediate 
certificate, use a text editor or similar software to place them in 
the same file and install them as an intermediate certificate.
(5) [Delete Certificate] 
Click [Exec] to delete the certificate. However, if SSL 
communications are enabled, the certificate cannot 
be deleted. Set [SSL Communications] to [Disable] 
before deleting a certificate. The deletion will take 
effect after rebooting. 
[SSL/TLS] Setting HTTP Communication Encryption
The following can be set here. 
 Certificates
Create an SSL/TLS certificate. 
 Certificate Management
Manage the SSL/TLS certificate. 
 Encrypted Communications
Set the encrypted communication.Important
With regard to security, it is recommended that you use a self-
signed certificate where complete security does not need to be 
ensured through operation tests, etc. For system operation, 
acquire and install a certificate issued by a CA. 
						

							66
(6) [Display Server Certificate Details] 
Click [Exec] to view the details of the certificate. 
(7) [Display Self CA Certificate] 
Used for the purpose of testing SSL communications, 
but otherwise not normally used. 
(8) [Backup] 
Click [Exec] to perform a backup of the certificates 
and private key. This operation can only be performed 
via SSL communications. 
(9) [Restore] 
Installs the certificates and private key from 
backup. Click [Browse] to select the backup file, 
then click [Exec]. This operation can only be 
performed via SSL communications, and will take 
effect after rebooting. 
Encrypted Communications
(1) [SSL Communications] 
Set SSL communications to [Disable] or [Enable]. The 
setting will take effect after rebooting. 
However, if no certificate is installed, SSL 
communications cannot be changed to [Enable]. 
Note
 It may take a few minutes to generate an SSL key. 
 If SSL communications are used, video transmission 
performance drops.
 Depending on the type of the certificate being installed on the 
camera, a dialog box may appear indicating that the web 
browser has accepted the certificate and a connection can be 
made.
If the dialog box does not appear, register the CA certificate in 
the web browser. 
						

							67
Setting Page
4
802.1X Authentication
(1) [802.1X Authentication]
Set 802.1X authentication to [Disable] or [Enable].
Initially, if [802.1X Authentication] in [802.1X] is set to 
[Enable] and [Apply] clicked, [Before changing the 
setting, set 802.1X authentication to “Disable”. ] will 
be displayed, and input for setting changes, 
certificate installation/deletion, etc. will be unavailable. 
To change settings, first set [802.1X Authentication] to 
[Disable] and click [Apply]. Settings input will be 
activated. Make any appropriate settings, set [802.1X 
Authentication] to [Enable] and click [Apply].
(2) [Authentication Status]
Display the status of 802.1X authentication. There are 
three types of status: [Authenticated], 
[Unauthenticated], and [Stop].
Authentication Method
(1) [Authentication Method]
Select from [EAP-MD5], [EAP-TLS], [EAP-TTLS], and 
[EAP-PEAP] for the 802.1X authentication method.
(2) [User Name]
Enter the user name used for authentication.
(3) [Password]
Enter the required password for authentication.
This is displayed only when [Authentication Method] is 
set to [EAP-MD5], [EAP-TTLS], or [EAP-PEAP].Certificate Information
This is displayed only when [Authentication Method] is set 
to [EAP-TLS], [EAP-TTLS], or [EAP-PEAP].
(1) [CA Certificate Status]
If no CA certificate is installed, [Not Installed] is 
displayed. If a CA certificate is installed, the validity 
period of the certificated is displayed.
(2) [Client Certificate Status]
If no client certificate is installed, [Not Installed] is 
displayed. If a client certificate is installed, the validity 
period of the certificated is displayed. This is 
displayed only when [Authentication Method] is set to 
[EAP-TLS].
(3) [Client Private Key Status]
If no client private key is installed, [Not Installed] is 
displayed. If a client private key is installed, [Installed] 
is displayed. This is displayed only when 
[Authentication Method] is set to [EAP-TLS].
Certificate Management
This is displayed only when [Authentication Method] is set 
to [EAP-TLS], [EAP-TTLS], or [EAP-PEAP].
(1) [Install CA Certificate]
Installs a CA certificate. Select the certificate file to be 
installed using [Browse] and click [Exec].
(2) [Install Client Certificate]
Installs a client certificate. Select the certificate file to 
be installed using [Browse] and click [Exec]. This is 
displayed only when [Authentication Method] is set to 
[EAP-TLS].
(3) [Install Client Private Key]
Installs a client private key. Select the private key file 
to be installed using [Browse] and click [Exec]. This is 
displayed only when [Authentication Method] is set to 
[EAP-TLS].
(4) [Client Private Key Password]
Enter the password for the client private key. Required 
when a password has been configured for the private 
key. This is displayed only when [Authentication 
Method] is set to [EAP-TLS].
[802.1X] Network Port Authentication Settings 
The following can be set here.
 802.1X Authentication
Display the 802.1X authentication enable/disable 
control and status.
 Authentication Method
Set the authentication method used for 802.1X 
authentication.
 Certificate Information
Display the certificate used for 802.1X 
authentication and the private key installation 
status.
 Certificate Management
Manage the certificates and private keys used for 
802.1X authentication. 
						

							68
(5) [Delete Certificate]
Deletes all installed CA certificates, client certificates, 
and client private keys.
Only “CA Certificate” is displayed when [Authentication 
Method] is set to [EAP-TTLS] or [EAP-PEAP], but any 
installed client certificates and client private keys are also 
deleted.
Important
 If any CA certificates, client certificates, and client private 
keys already exist, they are discarded and new versions are 
installed.
 An error occurs if the format of the certificate or private key to 
be installed is incorrect.
 Client certificates and client private keys are checked as a 
pair when installing, and an error occurs if they do not match.
 The certificate and private key used for 802.1X authentication 
must be installed as separate items, irrespective of the 
installation status of certificates for SSL/TLS. 
						

							69
Setting Page
4
Memory Card Operations (unmount status) 
(1) [Mount/Unmount] 
In unmount status, [Mount] will appear. Click [Mount] 
to mount the memory card. 
Note
microSD, microSDHC, and microSDXC memory cards can be 
used with the camera.
When a memory card is inserted in the card slot, it is mounted 
automatically. It is also mounted automatically if inserted in the 
camera at the time of booting. 
For inserting and removing the memory card, see “Installation 
Guide” > “Using a Memory Card”. 
(2) [Operation Settings] 
Set write operations to the memory card to [Save Log] 
or [Save Logs and Videos].
Note
 The following settings and operations will record video on a 
memory card.
- When a network error occurs during recording-mode stream
- When uploading fails
- When [Video Record Action] in the [Event] menu (p. 56) is 
set to [Record to Memory Card], and an event (volume 
detection, external device input or timer) setting is enabled 
and [Enable] is selected for [Video Record]
- When video is recorded due to an intelligent function event 
occurrence (p. 77)
- When manually recorded to memory card from the Admin 
Viewer (p. 140)
 New files cannot be saved to the memory card if there is no free 
space.
(3) [Video Format]
Select the [JPEG] or [H.264(1)] video format to make 
recordings to a memory card. 
Video is recorded with 
the settings defined under [Video] > [H.264(1)] (p. 46). 
[H.264(2)] cannot be used. Video is recorded in this 
format when [Record to Memory Card] is selected in 
[Event] > [Video Record Action] (p. 56).
Note
 When [JPEG] is selected in [Video Format] and an upload error 
occurs, the frame rate of video recorded in JPEG format is 
always 1 fps.
 When a network error occurs during recording-mode stream, 
video is saved in the JPEG format regardless of the [Video 
Format] setting (the frame rate is fixed at 1 fps).
 Video size and quality of the recorded video are made 
according to the settings in the [Video] menu.
(4) [Pre-event Buffer (number of frames)] / [Pre-event 
Buffer (sec)]
Enter the number of frames or seconds of video to be 
buffered before the event. The maximum amount is 
number of frames for a [JPEG] selection and number 
of seconds for an [H.264(1)] selection in [Video 
Format].
(5) [Post-event Buffer (number of frames)] / [Post-event 
Buffer (sec)]
Enter the number of frames or seconds of video to be 
buffered after the event. The maximum amount is 
number of frames for a [JPEG] selection and number 
of seconds for an [H.264(1)] selection in [Video 
Format].
(6) [Overwrite videos]
Select [Enable] or [Disable] for the overwrite setting of 
video that is recorded to a memory card when an 
event occurs. If you select [Enable], videos recorded 
using an event and timer will be overwritten. 
Overwriting is performed when the number of 
recordings that can be stored (100,000 files) for each 
of events and timers is exceeded. Overwriting is not 
performed when there is insufficient space on the 
memory card.
(7) [Format] 
Click [Exec] to format the memory card. Formatting 
erases all video and logs on the memory card.
[Memory Card] Memory Card Operations and Settings 
The following can be set here. 
 Memory Card Operations
Perform memory card operations.
 Memory Card Information
Display information about the memory card. 
Important
 When an H.264 video is saved to a memory card, the 
following restrictions apply to [H.264(1)] of [Video] (p. 46).
- Only [Use bit rate control] can be selected for [Bit Rate 
Control].
- Only [3072] or less can be selected for [Target Bit Rate 
(kbps)].
- Only one of [0.5], [1], and [1.5] can be selected for [I 
Frame Interval (sec)].
 Since the [Pre-event Buffer] and [Post-event Buffer] set the 
maximum value, it may not be possible to record the 
specified number of frames or seconds of video depending 
on conditions. 
						

							70
Memory Card Operations (mount status) 
(1) [Mount/Unmount] 
In mount status, [Unmount] will appear. Click 
[Unmount] to unmount the memory card. 
(2) [Operation Settings], [Video Format], [Pre-event 
Buffer], [Post-event Buffer], [Overwrite videos]
These settings are the same as in “Memory Card 
Operations (unmount status)”.
(3) [Delete Videos] 
Click [Exec] to delete videos from the memory card. 
During deletion, an indicator will appear to the right of 
[Exec]. 
Note
 It may take 40 minutes or more to delete videos from the 
memory card. 
 Deleting videos takes time, so it is recommended that you stop 
video transmission and upload processes.
(4) [Recreate Video Management Information] 
Click [Exec] to recreate the video management 
information. 
During re-creation, an indicator will appear to the right 
of [Exec]. The memory card is inaccessible during this 
time. 
Note
 It may take 90 minutes or more to recreate video management 
information.
 Recreating video management information takes time, so it is 
recommended that you stop video transmission and upload 
processes.
Memory Card Information
(1) [Memory Card Recognition] 
Displays the status of the memory card. The three 
status messages are [Memory Card Not Inserted], 
[Not Mounted] and [Mounted].
(2) [Memory Card Operation Status] 
Displays the operation status of the memory card. The 
three status messages are as follows. 
 [Operable]: This status indicates that any operation 
may be performed. 
 [Recreating video management information]: This 
status indicates that video management information 
is being recreated. Other operations cannot be 
performed. 
 [Deleting videos]: This status indicates that videos 
are being deleted. Other operations cannot be 
performed. 
(3) [Video Management Information Status] 
Displays the status of the video management 
information. The two status messages are as follows. 
 [Normal]: This status indicates that video 
management information is normal. 
 [Video Management Information Recreation 
Required]: This status indicates that management 
files are corrupted or not consistent with saved 
video files. It is necessary to click [Exec] in 
[Recreate Video Management Information] to 
recreate video management information.
(4) [Video Saving] 
Displays whether or not videos can be saved to the 
memory card. 
 [Can Save]: Indicates that videos can be saved to 
the memory card.
 [Cannot Save]: Indicates that videos cannot be 
saved to the memory card. This status may be 
caused when the memory card is not mounted, the 
video file count upper limit has been reached, the 
video management file is corrupted or the card is 
write-protected. 
(5) [Memory Card Capacity (KB)] 
Displays the memory card storage capacity. 
(6) [Used Capacity (KB)] 
Displays information about storage used on the 
memory card.
Important
Be sure to perform the unmount process when turning off the 
power to the camera or removing the memory card. Failing to 
unmount first may result in management file problems or the 
memory card becoming inaccessible. 
You can use the Memory Card Unmount Tool (p. 15) to mount/
unmount memory cards from multiple cameras at the same 
time.