Solution overview
The network door controller can easily be connected to and powered by your existing IP network with no need for special cabling.
Each network door controller is an intelligent device that is easily mounted close to a door. It can power and control up to two readers.
Get started
Find the device on the network
To find Axis devices on the network and assign them IP addresses in Windows®, use AXIS IP Utility or AXIS Device Manager. Both applications are free and can be downloaded from axis.com/support.
For more information about how to find and assign IP addresses, go to How to assign an IP address and access your device.
Browser support
You can use the device with the following browsers:
ChromeTM | Firefox® | EdgeTM | Safari® | |
Windows® | recommended | recommended | ✓ | |
macOS® | recommended | recommended | ✓ | ✓ |
Linux® | recommended | recommended | ✓ | |
Other operating systems | ✓ | ✓ | ✓ | ✓* |
*To use AXIS OS web interface with iOS 15 or iPadOS 15, go to Settings > Safari > Advanced > Experimental Features and disable NSURLSession Websocket.
If you need more information about recommended browsers, go to AXIS OS Portal.
Open the device's web interface
Open a browser and type the IP address or host name of the Axis device.
If you do not know the IP address, use AXIS IP Utility or AXIS Device Manager to find the device on the network.
Type the username and password. If you access the device for the first time, you must set the root password. See Set a new password for the root account.
Set a new password for the root account
The default administrator username is root
. There’s no default password for the root account. You set a password the first time you log in to the device.
Type a password. Follow the instructions about secure passwords. See Secure passwords.
Retype the password to confirm the spelling.
Click Add user.
If you lose the password for the root account, go to Reset to factory default settings and follow the instructions.
Secure passwords
Axis devices send the initially set password in clear text over the network. To protect your device after the first login, set up a secure and encrypted HTTPS connection and then change the password.
The device password is the primary protection for your data and services. Axis devices do not impose a password policy as they may be used in various types of installations.
To protect your data we strongly recommend that you:
Use a password with at least 8 characters, preferably created by a password generator.
Don’t expose the password.
Change the password at a recurring interval, at least once a year.
Verify that no one has tampered with the firmware
- To make sure that the device has its original Axis firmware, or to take full control of the device after a security attack:
Reset to factory default settings. See Reset to factory default settings.
After the reset, secure boot guarantees the state of the device.
Configure and install the device.
Web interface overview
This video gives you an overview of the device’s web interface.
Installation
Configure your device
For how to configure your device, see AXIS Camera Station user manual or third-party solutions.
The device interface
To reach the device interface, type the device’s IP address in a web browser.
Support for the features and settings described in this section varies between devices.
Show or hide the main menu. Access the product help. Change the language. Set light theme or dark theme. The user menu contains:
The context menu contains:
|
Status
Time sync status
Shows NTP synchronization information, including if the device is in sync with an NTP server and the time remaining until the next sync. NTP settings: Click to go to the Date and time page where you can change the NTP settings. |
Device info
Shows device information, including firmware version and serial number. Upgrade firmware: Click to go to the Maintenance page where you can do a firmware upgrade. |
Access control
Alarms
Device motion: Triggers an alarm in your system when device motion of the door controller is detected. Casing open: Triggers an alarm in your system when casing open of the door controller is detected. Turn off this setting for barebone door controllers. External tamper: Turn on to trigger an alarm in your system when external tamper is detected. For example, when the external cabinet is opened or closed.
|
Peripherals
Upgrade readers: Click to upgrade readers to a new firmware version. Only supported readers can be upgraded when they are online. |
System
Date and time
The time format depends on the web browser’s language settings. Note We recommend you to synchronize the device’s date and time with an NTP server. Synchronization: Select an option for synchronizing the device’s date and time.
Note The system uses the date and time settings in all recordings, logs and system settings. |
Network
IPv4
Assign IPv4 automatically: Select to let the network router assign an IP address to the device automatically. We recommend automatic IP (DHCP) for most networks. IP address: Enter a unique IP address for the device. Static IP addresses can be assigned at random within isolated networks, provided that each address is unique. To avoid conflicts, we recommend you to contact your network administrator before you assign a static IP address. Subnet mask: Enter the subnet mask to define what addresses are inside the local area network. Any address outside the local area network goes through the router. Router: Enter the IP address of the default router (gateway) used to connect devices that are attached to different networks and network segments. |
IPv6
Assign IPv6 automatically: Select to turn on IPv6 and to let the network router assign an IP address to the device automatically. |
Hostname
Assign hostname automatically: Select to let the network router assign a hostname to the device automatically. Hostname: Enter the hostname manually to use as an alternative way of accessing the device. The hostname is used in the server report and in the system log. Allowed characters are A–Z, a–z, 0–9 and -. |
DNS servers
Assign DNS automatically: Select to let the DHCP server assign search domains and DNS server addresses to the device automatically. We recommend automatic DNS (DHCP) for most networks. Search domains: When you use a hostname that is not fully qualified, click Add search domain and enter a domain in which to search for the hostname used by the device. DNS servers: Click Add DNS server and enter the IP address of the DNS server. This provides the translation of hostnames to IP addresses on your network. |
HTTP and HTTPS
Allow access through: Select if a user is allowed to connect to the device through the HTTP, HTTPS, or both HTTP and HTTPS protocols. HTTPS is a protocol that provides encryption for page requests from users and for the pages returned by the web server. The encrypted exchange of information is governed by the use of an HTTPS certificate, which guarantees the authenticity of the server. To use HTTPS on the device, you must install an HTTPS certificate. Go to System > Security to create and install certificates. Note If you view encrypted web pages through HTTPS, you might experience a drop in performance, especially when you request a page for the first time. HTTP port: Enter the HTTP port to use. Port 80 or any port in the range 1024-65535 are allowed. If you are logged in as an administrator, you can also enter any port in the range 1-1023. If you use a port in this range, you get a warning. HTTPS port: Enter the HTTPS port to use. Port 443 or any port in the range 1024-65535 are allowed. If you are logged in as an administrator, you can also enter any port in the range 1-1023. If you use a port in this range, you get a warning. Certificate: Select a certificate to enable HTTPS for the device. |
Network discovery protocols
Bonjour®: Turn on to allow automatic discovery on the network. Bonjour name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address. UPnP®: Turn on to allow automatic discovery on the network. UPnP name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address. WS-Discovery: Turn on to allow automatic discovery on the network. |
One-click cloud connection
One-click cloud connection (O3C) together with an O3C service provides easy and secure internet access to live and recorded video from any location. For more information, see axis.com/end-to-end-solutions/hosted-services. Allow O3C:
Proxy settings: If needed, enter the proxy settings to connect to the proxy server. Host: Enter the proxy server’s address. Port: Enter the port number used for access. Login and Password: If needed, enter username and password for the proxy server. Authentication method:
Owner authentication key (OAK): Click Get key to fetch the owner authentication key. This is only possible if the device is connected to the internet without a firewall or proxy. |
SNMP
The Simple Network Management Protocol (SNMP) allows remote management of network devices. SNMP: Select the version of SNMP to use.
Note All Axis Video MIB traps are enabled when you turn on SNMP v1 and v2c traps. For more information, see AXIS OS Portal > SNMP.
|
Connected clients
View details: Click to show all clients that are connected to the device. |
Security
Certificates
Certificates are used to authenticate devices on a network. The device supports two types of certificates:
These formats are supported:
Important If you reset the device to factory default, all certificates are deleted. Any pre-installed CA certificates are reinstalled. Filter the certificates in the list. Add certificate : Click to add a certificate. The context menu contains:
|
IEEE 802.1x
IEEE 802.1x is an IEEE standard for port-based network admission control providing secure authentication of wired and wireless network devices. IEEE 802.1x is based on EAP (Extensible Authentication Protocol). To access a network protected by IEEE 802.1x, network devices must authenticate themselves. The authentication is performed by an authentication server, typically a RADIUS server (for example FreeRADIUS and Microsoft Internet Authentication Server). Certificates When configured without a CA certificate, server certificate validation is disabled and the device tries to authenticate itself regardless of what network it is connected to. When using a certificate, in Axis' implementation, the device and the authentication server authenticate themselves with digital certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security). To allow the device to access a network protected through certificates, a signed client certificate must be installed on the device. Client certificate: Select a client certificate to use IEEE 802.1x. The authentication server uses the certificate to validate the client’s identity. CA certificate: Select a CA certificate to validate the authentication server’s identity. When no certificate is selected, the device tries to authenticate itself regardless of what network it is connected to. EAP identity: Enter the user identity associated with the client certificate. EAPOL version: Select the EAPOL version that is used in the network switch. Use IEEE 802.1x: Select to use the IEEE 802.1x protocol. |
Prevent brute-force attacks
Blocking: Turn on to block brute-force attacks. A brute-force attack uses trial-and-error to guess login info or encryption keys. Blocking period: Enter the number of seconds to block a brute-force attack. Blocking conditions: Enter the number of authentication failures allowed per second before the block starts. You can set the number of failures allowed both on page level and device level. |
IP address filter
Use filter: Select to filter which IP addresses that are allowed to access the device. Policy: Choose whether to Allow access or Deny access for certain IP addresses. Addresses: Enter the IP numbers that are either allowed or denied access to the device. You can also use the CIDR format. |
Custom-signed firmware certificate
To install test firmware or other custom firmware from Axis on the device, you need a custom-signed firmware certificate. The certificate verifies that the firmware is approved by both the device owner and Axis. The firmware can only run on a specific device which is identified by its unique serial number and chip ID. Custom-signed firmware certificates can only be created by Axis, since Axis holds the key to sign them. Click Install to install the certificate. You need to install the certificate before you install the firmware. |
Users
Add user: Click to add a new user. You can add up to 100 users. Username: Enter a unique username. New password: Enter a password for the user. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example letters, numbers, punctuation, and some symbols. Repeat password: Enter the same password again. Role:
The context menu contains: Update user: Edit the user’s properties. Delete user: Delete the user. You can’t delete the root user. |
MQTT
MQTT (Message Queuing Telemetry Transport) is a standard messaging protocol for the Internet of Things (IoT). It was designed for simplified IoT integration and is used in a wide variety of industries to connect remote devices with a small code footprint and minimal network bandwidth. The MQTT client in Axis device firmware can simplify integration of data and events produced in the device to systems which are not video management systems (VMS). Set up the device as an MQTT client. MQTT communication is based on two entities, the clients and the broker. The clients can send and receive messages. The broker is responsible for routing messages between clients. You can learn more about MQTT in AXIS OS Portal. |
ALPN
ALPN is a TLS/SSL extension that allows for the selection of an application protocol during the handshake phase of the connection between the client and server. This is used to enable MQTT traffic over the same port that is used for other protocols, such as HTTP. In some cases, there might not be a dedicated port open for MQTT communication. A solution in such cases is to use ALPN to negotiate the use of MQTT as the application protocol on a standard port, allowed by the firewalls. |
MQTT client
Connect: Turn on or off the MQTT client. Status: Shows the current status of the MQTT client. Broker Host: Enter the hostname or IP address of the MQTT server. Protocol: Select which protocol to use. Port: Enter the port number.
ALPN protocol: Enter the ALPN protocol name provided by your MQTT broker provider. This is only applicable with MQTT over SSL and MQTT over WebSocket Secure. Username: Enter the username that the client will use to access the server. Password: Enter a password for the username. Client ID: Enter a client ID. The client identifier is sent to the server when the client connects to it. Clean session: Controls the behavior at connection and disconnection time. When selected, the state information is discarded at connect and disconnect. Keep alive interval: The keep alive interval enables the client to detect when the server is no longer available without having to wait for the long TCP/IP timeout. Timeout: The time interval in seconds to allow a connect to complete. Default value: 60 Device topic prefix: Used in the default values for the topic in the connect message and LWT message on the MQTT client tab, and in the publication conditions on the MQTT publication tab. Reconnect automatically: Specifies whether the client should reconnect automatically after a disconnect. Connect message Specifies if a message should be sent out when a connection is established. Send message: Turn on to send messages. Use default: Turn off to enter your own default message. Topic: Enter the topic for the default message. Payload: Enter the content for the default message. Retain: Select to keep the state of client on this Topic QoS: Change the QoS layer for the packet flow. Last Will and Testament message The Last Will Testament (LWT) lets a client provide a testament along with its credentials when connecting to the broker. If the client disconnects ungracefully at some point later (maybe because his power source died), it can let the broker deliver a message to other clients. This LWT message has the same form as an ordinary message and gets routed via the same mechanics. Send message: Turn on to send messages. Use default: Turn off to enter your own default message. Topic: Enter the topic for the default message. Payload: Enter the content for the default message. Retain: Select to keep the state of client on this Topic QoS: Change the QoS layer for the packet flow. |
MQTT publication
Use default topic prefix: Select to use the default topic prefix, that is defined in the device topic prefix in the MQTT client tab. Include topic name: Select to include the topic that describes the condition in the MQTT topic. Include topic namespaces: Select to include ONVIF topic namespaces in the MQTT topic. Include serial number: Select to include the device’s serial number in the MQTT payload. Add condition: Click to add a condition. Retain: Defines which MQTT messages are sent as retained.
QoS: Select the desired level for the MQTT publication. |
MQTT subscriptions
Add subscription: Click to add a new MQTT subscription. Subscription filter: Enter the MQTT topic that you want to subscribe to. Use device topic prefix: Add the subscription filter as prefix to the MQTT topic. Subscription type:
QoS: Select the desired level for the MQTT subscription. |
Accessories
I/O ports
Use digital input to connect external devices that can toggle between an open and closed circuit, for example PIR sensors, door or window contacts, and glass break detectors. Use digital output to connect external devices such as relays and LEDs. You can activate connected devices through the VAPIX® Application Programming Interface or in the device interface. Port Name: Edit the text to rename the port. Direction: indicates that the port is an input port. indicates that it’s an output port. If the port is configurable, you can click the icons to change between input and output. Normal state: Click open circuit, and for closed circuit. Current state: Shows the current state of the port. The input or output is activated when the current state is different from the normal state. An input on the device has an open circuit when it’s disconnected or when there is a voltage above 1 V DC. Note During restart the output circuit is open. When the restart is complete, the circuit goes back to the normal position. If you change any settings on this page, the output circuits go back to their normal positions regardless of any active triggers. Supervised: Turn on to make it possible to detect and trigger actions if someone tampers with the connection to digital I/O devices. In addition to detecting if an input is open or closed, you can also detect if someone has tampered with it (that is, cut or shorted). To supervise the connection requires additional hardware (end-of-line resistors) in the external I/O loop. |
Logs
Reports and logs
Reports
Logs
|
Network trace
Important A network trace file might contain sensitive information, for example certificates or passwords. A network trace file can help you troubleshoot problems by recording activity on the network. Select the duration of the trace in seconds or minutes, and click Download. |
Remote system log
Syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, which indicates the software type generating the message, and assigned a severity level. Server: Click to add a new server. Host: Enter the hostname or IP address of the server. Format: Select which syslog message format to use.
Protocol: Select the protocol and port to use:
Severity: Select which messages to send when triggered. CA certificate set: See the current settings or add a certificate. |
Maintenance
Restart: Restart the device. This does not affect any of the current settings. Running applications restart automatically. Restore: Return most settings to the factory default values. Afterwards you must reconfigure the device and apps, reinstall any apps that didn’t come preinstalled, and recreate any events and PTZ presets. Important The only settings saved after restore are:
Factory default: Return all settings to the factory default values. Afterwards you must reset the IP address to make the device accessible. Note All Axis device firmware is digitally signed to ensure that you only install verified firmware on your device. This further increases the overall minimum cybersecurity level of Axis devices. For more information, see the white paper “Signed firmware, secure boot, and security of private keys” at axis.com. Firmware upgrade: Upgrade to a new firmware version. New firmware releases can contain improved functionality, bug fixes, and completely new features. We recommend you to always use the latest release. To download the latest release, go to axis.com/support.
Firmware rollback: Revert to the previously installed firmware version. |
Learn more
Security
Signed firmware
Signed firmware is implemented by the software vendor signing the firmware image with a private key. When a firmware has this signature attached to it, a device will validate the firmware before accepting to install it. If the device detects that the firmware integrity is compromised, the firmware upgrade will be rejected.
Secure boot
Secure boot is a boot process that consists of an unbroken chain of cryptographically validated software, starting in immutable memory (boot ROM). Being based on the use of signed firmware, secure boot ensures that a device can boot only with authorized firmware.
Axis Edge Vault
Axis Edge Vault is a secure cryptographic compute module which can be used for cryptographic operations on securely stored certificates. Edge Vault provides tamper protected storage, enabling each device to protect its secrets. It sets a foundation for safe implementation of more advanced security features.
Axis device ID
Axis device ID works like a digital passport, unique for each device unit. It is securely and permanently stored in Edge Vault as a certificate signed by Axis root certificate. Axis device ID is designed to prove the origin of the device, enabling a new level of device trust through the life cycle of the product.
To learn more about cybersecurity features in Axis devices, go to axis.com/learning/white-papers and search for cybersecurity.
Specifications
Product overview
- Network connector
- Grounding position
- Relay jumper
- Power connector
- Relay connector
- Door connector
- Reader connector
- Auxiliary connector
- External connectors
- Control button
LED indicators
LED | Color | Indication |
Network | Green | Steady for connection to a 100 MBit/s network. Flashes for network activity. |
Amber | Steady for connection to a 10 MBit/s network. Flashes for network activity. | |
Unlit | No network connection. | |
Status | Green | Steady green for normal operation. |
Amber | Steady during startup and when restoring settings. | |
Red | Slow flash for failed upgrade. | |
Power | Green | Normal operation. |
Amber | Flashes green/amber during firmware upgrade. | |
Relay | Green | Relay active.(1) |
Unlit | Relay inactive. |
- Relay is active when COM is connected to NO.
Buttons
Control button
- The control button is used for:
Resetting the product to factory default settings. See Reset to factory default settings.
Connectors
Network connector
RJ45 Ethernet connector with Power over Ethernet Plus (PoE+).
UL: Power over Ethernet (PoE) shall be over Ethernet IEEE 802.3af/802.3at Type 1 Class 3 or Power over Ethernet Plus (PoE+) IEEE 802.3at Type 2 Class 4 power limited injector that provides 44–57 V DC, 15.4 W / 30 W. Power over Ethernet (PoE) has been evaluated by UL with AXIS T8133 Midspan 30 W 1-port.
This device can be powered by either PoE or DC input. When both are connected, PoE gets the priority. When PoE is dropped off, it automatically falls back to DC input. See Power connector.
Reader connector
One 8-pin terminal block supporting both OSDP and Wiegand protocols for communication with the reader.
It can connect up to two OSDP readers (multi-drop) or one Wiegand reader. 500 mA at 12 V DC is reserved for all readers connected to the door controller.
Configured for one OSDP reader
Function | Pin | Note | Specifications |
DC ground (GND) | 1 | 0 V DC | |
DC output (+12 V) | 2 | Supplies power to reader. | 12 V DC, max 500 mA |
A | 3 | Half duplex | |
B | 4 | Half duplex |
Configured for two OSDP readers (multi-drop)
Function | Pin | Note | Specifications |
DC ground (GND) | 1 | 0 V DC | |
DC output (+12 V) | 2 | Supplies power to both readers. | 12 V DC, max 500 mA combined for both readers |
A | 3 | Half duplex | |
B | 4 | Half duplex |
- When the reader is powered by the controller, the qualified cable length is up to 200 m (656 ft). Verified only for Axis readers.
- When the reader is not powered by the controller, the qualified cable length for reader data is up to 1000 m (3280,8 ft) if the following cable requirements are met: 1 twisted pair with shield, AWG 24, 120 ohm impedance. Verified only for Axis readers.
Configured for one Wiegand reader
Function | Pin | Note | Specifications |
DC ground (GND) | 1 | 0 V DC | |
DC output (+12 V) | 2 | Supplies power to reader. | 12 V DC, max 500 mA |
D0 | 3 | ||
D1 | 4 | ||
LED 1 | 5 | Red LED | |
LED 2 | 6 | Green LED | |
TAMPER | 7 | Digital input — Connect to pin 1 to activate, or leave floating (unconnected) to deactivate. | 0 to max 30 V DC |
BUZZER | 8 | Digital output — If used with an inductive load, e.g., a relay, connect a diode in parallel with the load, to protect against voltage transients. | 0 to max 30 V DC, open drain, 100 mA |
- When the reader is powered by the controller, the qualified cable length is up to 150 m (500 ft).
- When the reader is not powered by the controller, the qualified cable length for reader data is up to 150 m (500 ft) if the following cable requirement is met: AWG 22.
Door connector
One 4-pin terminal block for door monitoring devices (digital input).
Only door monitor supports supervision with end of line resistors. If the connection is interrupted, an alarm is triggered. To use supervised inputs, install end of line resistors. Use the connection diagram for supervised inputs. See Supervised inputs.

Function | Pin | Notes | Specifications |
DC ground | 1, 3 | 0 V DC | |
Input | 2, 4 | For communicating with door monitor. Digital input or Supervised input — Connect to pin 1 or 3 respectively to activate, or leave floating (unconnected) to deactivate. | 0 to max 30 V DC |
The qualified cable length is up to 200 m (656 ft) if the following cable requirement is met: AWG 24.
Relay connector
One 4-pin terminal block for form C relays that can be used, for example, to control a lock or an interface to a gate.

Function | Pin | Notes | Specifications |
DC ground (GND) | 1 | 0 V DC | |
NO | 2 | Normally open. For connecting relay devices. Connect a fail-secure lock between NO and DC ground. The two relay pins are galvanically separated from the rest of the circuitry if the jumpers are not used. | Max current = 2 A Max voltage = 30 V DC |
COM | 3 | Common | |
NC | 4 | Normally closed. For connecting relay devices. Connect a fail-safe lock between NC and DC ground. The two relay pins are galvanically separated from the rest of the circuitry if the jumpers are not used. |
Relay power jumper
When the relay power jumper is fitted, it connects 12 V DC or 24 V DC to the relay COM pin.
It can be used to connect a lock between the GND and NO, or GND and NC pins.
Power source | Max power at 12 V DC | Max power at 24 V DC |
DC IN | 1 600 mA | 800 mA |
PoE | 900 mA | 450 mA |
If the lock is non-polarized, we recommend you to add an external flyback diode.
Auxiliary connector
Use the auxiliary connector with external devices in combination with, for example, motion detection, event triggering, and alarm notifications. In addition to the 0 V DC reference point and power (DC output), the auxiliary connector provides the interface to:
- Digital input –
- For connecting devices that can toggle between an open and closed circuit, for example PIR sensors, door/window contacts, and glass break detectors.
- Supervised input –
- Enables possibility to detect tampering on a digital input.
- Digital output –
- For connecting external devices such as relays and LEDs. Connected devices can be activated by the VAPIX® Application Programming Interface or from the product’s webpage.
4-pin terminal block

Function | Pin | Notes | Specifications |
DC ground | 1 | 0 V DC | |
DC output | 2 | Can be used to power auxiliary equipment. Note: This pin can only be used as power out. | 12 V DC Max load = 50 mA in total |
Configurable (Input or Output) | 3–4 | Digital input or supervised input – Connect to pin 1 to activate, or leave floating (unconnected) to deactivate. To use supervised input, install end-of-line resistors. See connection diagram for information about how to connect the resistors. | 0 to max 30 V DC |
Digital output – Internally connected to pin 1 (DC ground) when active, and floating (unconnected) when inactive. If used with an inductive load, e.g., a relay, connect a diode in parallel with the load, to protect against voltage transients. Each I/O is capable of driving 12 V DC, 50 mA (max) external load, if internal 12 V DC output (pin 2) is used. In the case of using open drain connections in combination with an external power supply, then the I/Os can manage DC supply of 0–30 V DC, 100 mA. | 0 to max 30 V DC, open drain, 100 mA |

- DC ground
- DC output 12 V
- I/O configured as input
- I/O configured as output
External connector
Two 2-pin terminal blocks for external devices, for example glass break or fire detectors.
UL: The connector has not been evaluated by UL for burglar or fire alarm use.

Function | Pin | Notes | Specifications |
DC ground | 1 | 0 V DC | |
TAMPER | 2 | Digital input – Connect to pin 1 to activate, or leave floating (unconnected) to deactivate. | 0 to max 30 V DC |

Function | Pin | Notes | Specifications |
DC ground | 1 | 0 V DC | |
ALARM | 2 | Digital input – Connect to pin 1 to activate, or leave floating (unconnected) to deactivate. | 0 to max 30 V DC |
Power connector
2-pin terminal block for DC power input. Use a Safety Extra Low Voltage (SELV) compliant limited power source (LPS) with either a rated output power limited to ≤100 W or a rated output current limited to ≤5 A.

Function | Pin | Notes | Specifications |
DC ground (GND) | 1 | 0 V DC | |
DC input | 2 | For powering controller when not using Power over Ethernet. Note: This pin can only be used as power in. | 12 V DC, max 36 W |
UL: DC power to be supplied by a UL 603 listed power supply, depending on application, with appropriate ratings.
Supervised inputs
To use supervised inputs, install end of line resistors according to the diagram below.
Parallel first connection
The resistor values must be 4.7 kΩ and 22 kΩ.
Serial first connection
The resistor values must be the same and possible values are 1 kΩ, 2.2 kΩ, 4.7 kΩ and 10 kΩ.
It is recommended to use twisted and shielded cables. Connect shielding to 0 V DC.
Troubleshooting
Reset to factory default settings
Reset to factory default should be used with caution. A reset to factory default resets all settings, including the IP address, to the factory default values.
To reset the product to the factory default settings:
Disconnect power from the product.
Press and hold the control button while reconnecting power. See Product overview.
Keep the control button pressed for 25 seconds until the status LED indicator turns amber for the second time.
Release the control button. The process is complete when the status LED indicator turns green. The product has been reset to the factory default settings. If no DHCP server is available on the network, the default IP address is
192.168.0.90
.Use the installation and management software tools, assign an IP address, set the password, and access the product.
You can also reset parameters to factory default through the device’s web interface. Go to Maintenance > Factory default and click Default.
Firmware options
Axis offers product firmware management according to either the active track or the long-term support (LTS) tracks. Being on the active track means continuously getting access to all the latest product features, while the LTS tracks provide a fixed platform with periodic releases focused mainly on bug fixes and security updates.
Using firmware from the active track is recommended if you want to access the newest features, or if you use Axis end-to-end system offerings. The LTS tracks are recommended if you use third-party integrations, which are not continuously validated against the latest active track. With LTS, the products can maintain cybersecurity without introducing any significant functional changes or affecting any existing integrations. For more detailed information about Axis product firmware strategy, go to axis.com/support/firmware.
Check the current firmware version
Firmware is the software that determines the functionality of network devices. When you troubleshoot a problem, we recommend you to start by checking the current firmware version. The latest firmware version might contain a correction that fixes your particular problem.
To check the current firmware:
Go to the device’s web interface > Status.
See the firmware version under Device info.
Upgrade the firmware
- Preconfigured and customized settings are saved when you upgrade the firmware (provided that the features are available in the new firmware) although this is not guaranteed by Axis Communications AB.
- Make sure the device remains connected to the power source throughout the upgrade process.
When you upgrade the device with the latest firmware in the active track, the product receives the latest functionality available. Always read the upgrade instructions and release notes available with each new release before you upgrade the firmware. To find the latest firmware and the release notes, go to axis.com/support/firmware.
Because the database of users, groups, credentials, and other data are updated after a firmware upgrade, the first start-up could take a few minutes to complete. The time required is dependent on the amount of data.
Download the firmware file to your computer, available free of charge at axis.com/support/firmware.
Log in to the device as an administrator.
Go to Maintenance > Firmware upgrade and click Upgrade.
- When the upgrade has finished, the product restarts automatically.
When the product has been restarted, clear the web browser's cache.
Technical issues, clues, and solutions
If you can’t find what you’re looking for here, try the troubleshooting section at axis.com/support.
Problems upgrading the firmware | |
Firmware upgrade failure | If the firmware upgrade fails, the device reloads the previous firmware. The most common reason is that the wrong firmware file has been uploaded. Check that the name of the firmware file corresponds to your device and try again. |
Problems after firmware upgrade | If you experience problems after a firmware upgrade, roll back to the previously installed version from the Maintenance page. |
Problems setting the IP address | |
The device is located on a different subnet | If the IP address intended for the device and the IP address of the computer used to access the device are located on different subnets, you cannot set the IP address. Contact your network administrator to obtain an IP address. |
The IP address is being used by another device | Disconnect the Axis device from the network. Run the ping command (in a Command/DOS window, type
|
Possible IP address conflict with another device on the same subnet | The static IP address in the Axis device is used before the DHCP server sets a dynamic address. This means that if the same default static IP address is also used by another device, there may be problems accessing the device. |
The device can’t be accessed from a browser | |
Can’t log in | When HTTPS is enabled, ensure that the correct protocol (HTTP or HTTPS) is used when attempting to log in. You may need to manually type If the password for the user root is lost, the device must be reset to the factory default settings. See Reset to factory default settings. |
The IP address has been changed by DHCP | IP addresses obtained from a DHCP server are dynamic and may change. If the IP address has been changed, use AXIS IP Utility or AXIS Device Manager to locate the device on the network. Identify the device using its model or serial number, or by the DNS name (if the name has been configured). If required, a static IP address can be assigned manually. For instructions, go to axis.com/support. |
Certificate error when using IEEE 802.1X | For authentication to work properly, the date and time settings in the Axis device must be synchronized with an NTP server. Go to System > Date and time. |
The device is accessible locally but not externally | |
To access the device externally, we recommend you to use one of the following applications for Windows®:
For instructions and download, go to axis.com/vms. |
Can’t connect over port 8883 with MQTT over SSL | |
The firewall blocks traffic using port 8883 as it’s deemed insecure. | In some cases the server/broker might not provide a specific port for MQTT communication. It may still be possible to use MQTT over a port normally used for HTTP/HTTPS traffic.
|
Contact support
Contact support at axis.com/support.