AXIS D1110 Video Decoder 4K

Chrome^TM

Firefox^®

Edge^TM

Safari^®

Windows^®

macOS^®

Linux^®

Other operating systems

Show or hide the main menu.

Access the release notes.

Access the product help.

Change the language.

Set light theme or dark theme.

The user menu contains:

• Information about the user who is logged in.

• Change account : Log out from the current account and log in to a new account.

• Log out : Log out from the current account.

The context menu contains:

• Analytics data: Accept to share non-personal browser data.

• Feedback: Share any feedback to help us improve your user experience.

• Legal: View information about cookies and licenses.

• About: View device information, including firmware version and serial number.

• Legacy device interface: Change the device’s web interface to the legacy version.

Upgrade firmware: Upgrade the firmware on your device. Takes you to the Maintenance page where you can do a firmware upgrade.

NTP settings: View and update the NTP settings. Takes you to the Date and time page where you can change the NTP settings.

Hardening guide: Link to AXIS OS Hardening guide where you can learn more about cybersecurity on Axis devices and best practices.

View details: View and update the list of connected clients. The list shows IP address, protocol, port, state, and PID/process of each connection.

Shows information about the sequence.

Joystick: Turn on to be able to use control board to navigate views and operate a camera.

Add sequence: Click to add a sequence.

Name: Enter a name for the sequence.

: Click to select how many sources you want to display.

: Click to add one more .

: Click to play the sequence.

The context menu contains:

Edit sequence

Delete sequence

Audio out

Enable Output: Turn on or off audio from the audio out connector.

Audio out synchronization: Set a time to match the delay difference between the audio out (3.5 mm) port and video stream.

Add a video source: Click to add a new video source.

• Network discovery: Search for an IP address manually or select an Axis device from the list.

• • Streaming protocol: Select which protocol to use

  • Port: Enter the port number.

  • • 554 is the default value for RTSPT

    • 80 is the default value for RTSP over HTTP

    • 443 is the default value for RTSP over HTTPS

  • Username: Enter the username for the device.

  • Password: Enter the password for the device.

• Manual: Add a device manually.

• • Name: Enter the video source’s name.

  • IP address: Enter the device’s IP address.

  • Username: Enter the username for the device.

  • Password: Enter the password for the device.

The context menu contains:

Edit video source: Edit the properties of the video source.

Delete video source: Delete the video source.

Add a media source: Click to add a new media source.

• Upload or drag and drop a media file. You can use .mp4, .mkv, .jpeg or .png files.

• Upload location: Select the location from the drop-down list.

Add app: Install a new app.

Find more apps: Find more apps to install. You will be taken to an overview page of Axis apps.

Allow unsigned apps: Turn on to allow installation of unsigned apps.

Allow root-privileged apps: Turn on to allow apps with root privileges full access to the device.

View the security updates in AXIS OS and ACAP apps.

Use the switch next to the app name to start or stop the app.

Open: Access the app’s settings. The available settings depend on the application. Some applications don’t have any settings.

The context menu can contain one or more of the following options:

• Open-source license: View information about open-source licenses used in the app.

• App log: View a log of the app events. The log is helpful when you contact support.

• Activate license with a key: If the app requires a license, you need to activate it. Use this option if your device doesn’t have internet access.

  If you don’t have a license key, go to axis.com/products/analytics. You need a license code and the Axis product serial number to generate a license key.

• Activate license automatically: If the app requires a license, you need to activate it. Use this option if your device has internet access. You need a license code to activate the license.

• Deactivate the license: Deactivate the license to replace it with another license, for example, when you change from a trial license to a full license. If you deactivate the license, you also remove it from the device.

• Settings: Configure the parameters.

• Delete: Delete the app permanently from the device. If you don’t deactivate the license first, it remains active.

Synchronization: Select an option for the device’s date and time synchronization.

• Automatic date and time (manual NTS KE servers): Synchronize with the secure NTP key establishment servers connected to the DHCP server.

• • Manual NTS KE servers: Enter the IP address of one or two NTP servers. When you use two NTP servers, the device synchronizes and adapts its time based on input from both.

• Automatic date and time (NTP servers using DHCP): Synchronize with the NTP servers connected to the DHCP server.

• • Fallback NTP servers: Enter the IP address of one or two fallback servers.

• Automatic date and time (manual NTP servers): Synchronize with NTP servers of your choice.

• • Manual NTP servers: Enter the IP address of one or two NTP servers. When you use two NTP servers, the device synchronizes and adapts its time based on input from both.

• Custom date and time: Manually set the date and time. Click Get from system to fetch the date and time settings once from your computer or mobile device.

Time zone: Select which time zone to use. Time will automatically adjust to daylight saving time and standard time.

• DHCP: Adopts the time zone of the DHCP server. The device must connected to a DHCP server before you can select this option.

• Manual: Select a time zone from the drop-down list.

Assign IPv4 automatically: Select to let the network router assign an IP address to the device automatically. We recommend automatic IP (DHCP) for most networks.

IP address: Enter a unique IP address for the device. Static IP addresses can be assigned at random within isolated networks, provided that each address is unique. To avoid conflicts, we recommend you contact your network administrator before you assign a static IP address.

Subnet mask: Enter the subnet mask to define what addresses are inside the local area network. Any address outside the local area network goes through the router.

Router: Enter the IP address of the default router (gateway) used to connect devices that are attached to different networks and network segments.

Fallback to static IP address if DHCP isn’t available: Select if you want to add a static IP address to use as fallback if DHCP is unavailable and can’t assign an IP address automatically.

Assign IPv6 automatically: Select to turn on IPv6 and to let the network router assign an IP address to the device automatically.

Assign hostname automatically: Select to let the network router assign a hostname to the device automatically.

Hostname: Enter the hostname manually to use as an alternative way of accessing the device. The server report and system log use the hostname. Allowed characters are A–Z, a–z, 0–9 and -.

Assign DNS automatically: Select to let the DHCP server assign search domains and DNS server addresses to the device automatically. We recommend automatic DNS (DHCP) for most networks.

Search domains: When you use a hostname that is not fully qualified, click Add search domain and enter a domain in which to search for the hostname the device uses.

DNS servers: Click Add DNS server and enter the IP address of the DNS server. This provides the translation of hostnames to IP addresses on your network.

Allow access through: Select if a user is allowed to connect to the device through the HTTP, HTTPS, or both HTTP and HTTPS protocols.

HTTP port: Enter the HTTP port to use. The device allows port 80 or any port in the range 1024-65535. If you are logged in as an administrator, you can also enter any port in the range 1-1023. If you use a port in this range, you get a warning.

HTTPS port: Enter the HTTPS port to use. The device allows port 443 or any port in the range 1024-65535. If you are logged in as an administrator, you can also enter any port in the range 1-1023. If you use a port in this range, you get a warning.

Certificate: Select a certificate to enable HTTPS for the device.

Bonjour^®: Turn on to allow automatic discovery on the network.

Bonjour name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address.

UPnP^®: Turn on to allow automatic discovery on the network.

UPnP name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address.

WS-Discovery: Turn on to allow automatic discovery on the network.

Allow O3C:

• One-click: This is the default setting. Press and hold the control button on the device to connect to an O3C service over the internet. You need to register the device with the O3C service within 24 hours after you press the control button. Otherwise, the device disconnects from the O3C service. Once you register the device, Always is enabled and the device stays connected to the O3C service.

• Always: The device constantly attempts to connect to an O3C service over the internet. Once you register the device, it stays connected to the O3C service. Use this option if the control button on the device is out of reach.

• No: Disables the O3C service.

Proxy settings: If needed, enter the proxy settings to connect to the proxy server.

Host: Enter the proxy server’s address.

Port: Enter the port number used for access.

Login and Password: If needed, enter username and password for the proxy server.

Authentication method:

• Basic: This method is the most compatible authentication scheme for HTTP. It’s less secure than the Digest method because it sends the username and password unencrypted to the server.

• Digest: This method is more secure because it always transfers the password encrypted across the network.

• Auto: This option lets the device select the authentication method depending on the supported methods. It prioritizes the Digest method over the Basic method.

Owner authentication key (OAK): Click Get key to fetch the owner authentication key. This is only possible if the device is connected to the internet without a firewall or proxy.

SNMP: Select the version of SNMP to use.

• v1 and v2c:

• • Read community: Enter the community name that has read-only access to all supported SNMP objects. The default value is public.

  • Write community: Enter the community name that has read or write access to all supported SNMP objects (except read-only objects). The default value is write.

  • Activate traps: Turn on to activate trap reporting. The device uses traps to send messages for important events or status changes to a management system. In the web interface, you can set up traps for SNMP v1 and v2c. Traps are automatically turned off if you change to SNMP v3 or turn off SNMP. If you use SNMP v3, you can set up traps through the SNMP v3 management application.

  • Trap address: Enter the IP address or host name of the management server.

  • Trap community: Enter the community to use when the device sends a trap message to the management system.

  • Traps:

  • • Cold start: Sends a trap message when the device starts.

    • Warm start: Sends a trap message when you change an SNMP setting.

    • Link up: Sends a trap message when a link changes from down to up.

    • Authentication failed: Sends a trap message when an authentication attempt fails.

• v3: SNMP v3 is a more secure version, which provides encryption and secure passwords. To use SNMP v3, we recommend you to activate HTTPS, as the password is then sent through HTTPS. This also prevents unauthorized parties’ access to unencrypted SNMP v1 and v2c traps. If you use SNMP v3, you can set up traps through the SNMP v3 management application.

• • Password for the account “initial”: Enter the SNMP password for the account named “initial”. Although the password can be sent without activating HTTPS, we don’t recommend it. The SNMP v3 password can only be set once, and preferably only when HTTPS is enabled. Once the password is set, the password field is no longer displayed. To set the password again, you must reset the device to factory default settings.

Certificates are used to authenticate devices on a network. The device supports two types of certificates:

• Client/server certificates

  A client/server certificate validates the device’s identity, and can be self-signed or issued by a Certificate Authority (CA). A self-signed certificate offers limited protection and can be used before a CA-issued certificate has been obtained.

• CA certificates

  You can use a CA certificate to authenticate a peer certificate, for example to validate the identity of an authentication server when the device connects to a network protected by IEEE 802.1X. The device has several pre-installed CA certificates.

These formats are supported:

• Certificate formats: .PEM, .CER, and .PFX

• Private key formats: PKCS#1 and PKCS#12

Add certificate : Click to add a certificate.

• More: Show more fields to fill in or select.

• Secure keystore: Select to use Secure element or Trusted Platform Module 2.0 to securely store the private key. For more information on which secure keystore to select, go to help.axis.com/en-us/axis-os#cryptographic-support.

• Key type: Select the default or a different encryption algorithm from the drop-down list to protect the certificate.

The context menu contains:

• Certificate information: View an installed certificate’s properties.

• Delete certificate: Delete the certificate.

• Create certificate signing request: Create a certificate signing request to send to a registration authority to apply for a digital identity certificate.

Secure keystore:

• Secure element (CC EAL6+): Select to use secure element for secure keystore.

• Trusted Platform Module 2.0 (CC EAL4+, FIPS 140-2 Level 2): Select to use TPM 2.0 for secure keystore.

IEEE 802.1x is an IEEE standard for port-based network admission control providing secure authentication of wired and wireless network devices. IEEE 802.1x is based on EAP (Extensible Authentication Protocol).

To access a network protected by IEEE 802.1x, network devices must authenticate themselves. The authentication is performed by an authentication server, typically a RADIUS server (for example, FreeRADIUS and Microsoft Internet Authentication Server).

Certificates

When configured without a CA certificate, server certificate validation is disabled and the device tries to authenticate itself regardless of what network it is connected to.

When using a certificate, in Axis' implementation, the device and the authentication server authenticate themselves with digital certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security).

To allow the device to access a network protected through certificates, you must install a signed client certificate on the device.

Authentication method: Select an EAP type used for authentication. The default option is EAP-TLS. EAP-PEAP/MSCHAPv2 is a more secure option.

Client certificate: Select a client certificate to use IEEE 802.1x. The authentication server uses the certificate to validate the client’s identity.

CA certificate: Select CA certificates to validate the authentication server’s identity. When no certificate is selected, the device tries to authenticate itself regardless of what network it is connected to.

EAP identity: Enter the user identity associated with the client certificate.

EAPOL version: Select the EAPOL version that is used in the network switch.

Use IEEE 802.1x: Select to use the IEEE 802.1x protocol.

IEEE 802.1AE MACsec

IEEE 802.1AE MACsec is an IEEE standard for media access control (MAC) security that defines connectionless data confidentiality and integrity for media access independent protocols.

The settings are only available if you use EAP-TLS as the authentication method:

Mode

• Dynamic CAK / EAP-TLS: The default option. After a secured connection, the device checks for MACsec on the network.

• Static CAK / pre-shared key (PSK): Select to set the key name and value to connect to the network.

The settings are only available if you use EAP-PEAP/MSCHAPv2 as the authentication method:

• Password: Enter the password for your user identity.

• Peap version: Select the Peap version that is used in the network switch.

• Label: Select 1 to use client EAP encryption; select 2 to use client PEAP encryption. Select the Label that the network switch uses when using Peap version 1.

Blocking: Turn on to block brute-force attacks. A brute-force attack uses trial-and-error to guess login info or encryption keys.

Blocking period: Enter the number of seconds to block a brute-force attack.

Blocking conditions: Enter the number of authentication failures allowed per second before the block starts. You can set the number of failures allowed both on page level and device level.

Activate: Turn on the firewall.

• Default Policy: Select the default state for the firewall.

• Allow: Allows all connections to the device. This option is set by default.

• Deny: Denies all connections to the device.

To make exceptions to the default policy, you can create rules that allows or denies connections to the device from specific addresses, protocols, and ports.

• Address: Enter an address in IPv4/IPv6 or CIDR format that you want to allow or deny access to.

• Protocol: Select a protocol that you want to allow or deny access to.

• Port: Enter a port number that you want to allow or deny access to. You can add a port number between 1 and 65535.

• Policy: Select the policy of the rule.

: Click to create another rule.

• Add rules: Click to add the rules that you have defined.

• Time in seconds: Set a time limit for testing the rules. The default time limit is set to 300 seconds. To activate the rules straight away, set the time to 0 seconds.

• Confirm rules: Confirm the rules and their time limit. If you have set a time limit of more than 1 second, the rules will be active during this time. If you have set the time to 0, the rules will be active straight away.

Pending rules: An overview of the latest tested rules that you are yet to confirm.

Confirm rules: Click to activate the pending rules.

Active rules: An overview of the rules you are currently running on the device.

: Click to delete an active rule.

: Click to delete all rules, both pending and active.

To install test firmware or other custom firmware from Axis on the device, you need a custom signed firmware certificate. The certificate verifies that the firmware is approved by both the device owner and Axis. The firmware can only run on a specific device which is identified by its unique serial number and chip ID. Only Axis can create custom signed firmware certificates, since Axis holds the key to sign them.

Install: Click to install the certificate. You need to install the certificate before you install the firmware.

The context menu contains:

• Delete certificate: Delete the certificate.

Add account: Click to add a new account. You can add up to 100 accounts.

Account: Enter a unique account name.

New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols.

Repeat password: Enter the same password again.

Privileges:

• Administrator: Has full access to all settings. Administrators can also add, update, and remove other accounts.

• Operator: Has access to all settings except:

• • All System settings.

  • Adding apps.

• Viewer: Has access to:

• • Watch and take snapshots of a video stream.

  • Watch and export recordings.

  • Pan, tilt, and zoom; with PTZ user access.

The context menu contains:

Update account: Edit the account properties.

Delete account: Delete the account. You can’t delete the root account.

Allow anonymous viewing: Turn on to allow anyone access the device as a viewer without logging in with an account.

Allow anonymous PTZ operating: Turn on to allow anonymous users to pan, tilt, and zoom the image.

Add a rule: Create a rule.

Name: Enter a name for the rule.

Wait between actions: Enter the minimum time (hh:mm:ss) that must pass between rule activations. It is useful if the rule is activated by, for example, day-night mode conditions, to avoid that small light changes during sunrise and sunset activate the rule repeatedly.

Condition: Select a condition from the list. A condition must be met for the device to perform an action. If multiple conditions are defined, all of them must be met to trigger the action. For information about specific conditions, see Get started with rules for events.

Use this condition as a trigger: Select to make this first condition function only as a starting trigger. It means that once the rule is activated, it remains active for as long as all the other conditions are met, no matter the state of the first condition. If you don’t select this option, the rule will simply be active whenever all the conditions are met.

Invert this condition: Select if you want the condition to be the opposite of your selection.

Add a condition: Click to add an additional condition.

Action: Select an action from the list and enter its required information. For information about specific actions, see Get started with rules for events.

Add a recipient: Click to add a recipient.

Name: Enter a name for the recipient.

Type: Select from the list:

• FTP

• • Host: Enter the server's IP address or hostname. If you enter a hostname, make sure that a DNS server is specified under System > Network > IPv4 and IPv6.

  • Port: Enter the port number used by the FTP server. The default is 21.

  • Folder: Enter the path to the directory where you want to store files. If this directory doesn’t already exist on the FTP server, you will get an error message when uploading files.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

  • Use temporary file name: Select to upload files with temporary, automatically generated filenames. The files get renamed to the desired names when the upload completes. If the upload is aborted/interrupted, you don’t get any corrupt files. However, you probably still get the temporary files. This way you know that all files that have the desired name are correct.

  • Use passive FTP: Under normal circumstances, the product simply requests the target FTP server to open the data connection. The device actively initiates both the FTP control and data connections to the target server. This is normally needed if there is a firewall between the device and the target FTP server.

• HTTP

• • URL: Enter the network address to the HTTP server and the script that will handle the request. For example, http://192.168.254.10/cgi-bin/notify.cgi.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

  • Proxy: Turn on and enter the required information if a proxy server must be passed to connect to the HTTP server.

• HTTPS

• • URL: Enter the network address to the HTTPS server and the script that will handle the request. For example, https://192.168.254.10/cgi-bin/notify.cgi.

  • Validate server certificate: Select to validate the certificate that was created by HTTPS server.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

  • Proxy: Turn on and enter the required information if a proxy server must be passed to connect to the HTTPS server.

• Network storage

  You can add network storage such as NAS (network-attached storage) and use it as a recipient to store files. The files are stored in the Matroska (MKV) file format.

• • Host: Enter the IP address or hostname for the network storage.

  • Share: Enter the name of the share on the host.

  • Folder: Enter the path to the directory where you want to store files.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

• SFTP

• • Host: Enter the server's IP address or hostname. If you enter a hostname, make sure that a DNS server is specified under System > Network > IPv4 and IPv6.

  • Port: Enter the port number used by the SFTP server. The default is 22.

  • Folder: Enter the path to the directory where you want to store files. If this directory doesn’t already exist on the SFTP server, you will get an error message when uploading files.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

  • SSH host public key type (MD5): Enter the fingerprint of the remote host’s public key (a 32-digit hexadecimal string). The SFTP client supports SFTP servers using SSH-2 with RSA, DSA, ECDSA, and ED25519 host key types. RSA is the preferred method during negotiation, followed by ECDSA, ED25519, and DSA. Make sure to enter the right MD5 host key that is used by your SFTP server. While the Axis device supports both MD5 and SHA-256 hash keys, we recommend using SHA-256 due to stronger security over MD5. For more information on how to configure an SFTP server with an Axis device, go to the AXIS OS Portal.

  • SSH host public key type (SHA256): Enter the fingerprint of the remote host’s public key (a 43-digit Base64 encoded string). The SFTP client supports SFTP servers using SSH-2 with RSA, DSA, ECDSA, and ED25519 host key types. RSA is the preferred method during negotiation, followed by ECDSA, ED25519, and DSA. Make sure to enter the right MD5 host key that is used by your SFTP server. While the Axis device supports both MD5 and SHA-256 hash keys, we recommend using SHA-256 due to stronger security over MD5. For more information on how to configure an SFTP server with an Axis device, go to the AXIS OS Portal.

  • Use temporary file name: Select to upload files with temporary, automatically generated filenames. The files get renamed to the desired names when the upload completes. If the upload is aborted or interrupted, you don’t get any corrupt files. However, you probably still get the temporary files. This way, you know that all files that have the desired name are correct.

• SIP or VMS:

  SIP: Select to make a SIP call.

  VMS: Select to make a VMS call.

• • From SIP account: Select from the list.

  • To SIP address: Enter the SIP address.

  • Test: Click to test that your call settings works.

• Email

• • Send email to: Enter the email address to send emails to. To enter multiple addresses, use commas to separate them.

  • Send email from: Enter the email address of the sending server.

  • Username: Enter the username for the mail server. Leave this field empty if the mail server does not require authentication.

  • Password: Enter the password for the mail server. Leave this field empty if the mail server does not require authentication.

  • Email server (SMTP): Enter the name of the SMTP server, for example, smtp.gmail.com, smtp.mail.yahoo.com.

  • Port: Enter the port number for the SMTP server, using values in the range 0-65535. The default value is 587.

  • Encryption: To use encryption, select either SSL or TLS.

  • Validate server certificate: If you use encryption, select to validate the identity of the device. The certificate can be self-signed or issued by a Certificate Authority (CA).

  • POP authentication: Turn on to enter the name of the POP server, for example, pop.gmail.com.

  • Note

    Some email providers have security filters that prevent users from receiving or viewing large amount of attachments, from receiving scheduled emails and similar. Check the email provider's security policy to avoid your email account being locked or missing out on your expected emails.

• TCP

• • Host: Enter the server's IP address or hostname. If you enter a hostname, make sure that a DNS server is specified under System > Network > IPv4 and IPv6.

  • Port: Enter the port number used to access the server.

Test: Click to test the setup.

The context menu contains:

View recipient: Click to view all the recipient details.

Copy recipient: Click to copy a recipient. When you copy, you can make changes to the new recipient.

Delete recipient: Click to delete the recipient permanently.

Schedules and pulses can be used as conditions in rules. The list shows all the schedules and pulses currently configured in the product, along with information about their configuration.

Add schedule: Click to create a schedule or pulse.

You can use the manual trigger to manually trigger a rule. The manual trigger can, for example, be used to validate actions during product installation and configuration.

MQTT (Message Queuing Telemetry Transport) is a standard messaging protocol for the Internet of Things (IoT). It was designed for simplified IoT integration and is used in a wide variety of industries to connect remote devices with a small code footprint and minimal network bandwidth. The MQTT client in Axis device firmware can simplify integration of data and events produced in the device to systems which are not video management software (VMS).

Set up the device as an MQTT client. MQTT communication is based on two entities, the clients and the broker. The clients can send and receive messages. The broker is responsible for routing messages between clients.

You can learn more about MQTT in AXIS OS Portal.

ALPN is a TLS/SSL extension that allows for the selection of an application protocol during the handshake phase of the connection between the client and server. This is used to enable MQTT traffic over the same port that is used for other protocols, such as HTTP. In some cases, there might not be a dedicated port open for MQTT communication. A solution in such cases is to use ALPN to negotiate the use of MQTT as the application protocol on a standard port, allowed by the firewalls.

Connect: Turn on or off the MQTT client.

Status: Shows the current status of the MQTT client.

Broker

Host: Enter the hostname or IP address of the MQTT server.

Protocol: Select which protocol to use.

Port: Enter the port number.

• 1883 is the default value for MQTT over TCP

• 8883 is the default value for MQTT over SSL

• 80 is the default value for MQTT over WebSocket

• 443 is the default value for MQTT over WebSocket Secure

ALPN protocol: Enter the ALPN protocol name provided by your MQTT broker provider. This is only applicable with MQTT over SSL and MQTT over WebSocket Secure.

Username: Enter the username that the client will use to access the server.

Password: Enter a password for the username.

Client ID: Enter a client ID. The client identifier is sent to the server when the client connects to it.

Clean session: Controls the behavior at connection and disconnection time. When selected, the state information is discarded at connect and disconnect.

HTTP proxy: A URL with a maximum length of 255 bytes. You can leave the field empty if you don't want to use an HTTP proxy.

HTTPS proxy: A URL with a maximum length of 255 bytes. You can leave the field empty if you don't want to use an HTTPS proxy.

Keep alive interval: Enables the client to detect when the server is no longer available without having to wait for the long TCP/IP timeout.

Timeout: The time interval in seconds to allow a connect to complete. Default value: 60

Device topic prefix: Used in the default values for the topic in the connect message and LWT message on the MQTT client tab, and in the publication conditions on the MQTT publication tab.

Reconnect automatically: Specifies whether the client should reconnect automatically after a disconnect.

Connect message

Specifies if a message should be sent out when a connection is established.

Send message: Turn on to send messages.

Use default: Turn off to enter your own default message.

Topic: Enter the topic for the default message.

Payload: Enter the content for the default message.

Retain: Select to keep the state of client on this Topic

QoS: Change the QoS layer for the packet flow.

Last Will and Testament message

The Last Will Testament (LWT) lets a client provide a testament along with its credentials when connecting to the broker. If the client disconnects ungracefully at some point later (maybe because his power source died), it can let the broker deliver a message to other clients. This LWT message has the same form as an ordinary message and gets routed via the same mechanics.

Send message: Turn on to send messages.

Use default: Turn off to enter your own default message.

Topic: Enter the topic for the default message.

Payload: Enter the content for the default message.

Retain: Select to keep the state of client on this Topic

QoS: Change the QoS layer for the packet flow.

Use default topic prefix: Select to use the default topic prefix, that is defined in the device topic prefix in the MQTT client tab.

Include topic name: Select to include the topic that describes the condition in the MQTT topic.

Include topic namespaces: Select to include ONVIF topic namespaces in the MQTT topic.

Include serial number: Select to include the device’s serial number in the MQTT payload.

Add condition: Click to add a condition.

Retain: Defines which MQTT messages are sent as retained.

• None: Send all messages as non-retained.

• Property: Send only stateful messages as retained.

• All: Send both stateful and stateless messages as retained.

QoS: Select the desired level for the MQTT publication.

Add subscription: Click to add a new MQTT subscription.

Subscription filter: Enter the MQTT topic that you want to subscribe to.

Use device topic prefix: Add the subscription filter as prefix to the MQTT topic.

Subscription type:

• Stateless: Select to convert MQTT messages into a stateless message.

• Stateful: Select to convert MQTT messages into a condition. The payload is used as the state.

QoS: Select the desired level for the MQTT subscription.

Unmount: Click to safely remove the SD card.

Write protect: Turn on to stop writing to the SD card and protect recordings from being removed. You can’t format a write-protected SD card.

Autoformat: Turn on to automatically format a newly inserted SD card. It formats the file system into ext4.

Ignore: Turn on to stop storing recordings on the SD card. When you ignore the SD card, the device no longer recognizes that the card exists. The setting is only available for administrators.

Retention time: Select how long to keep recordings, to limit the amount of old recordings, or to comply with regulations regarding data storage. If the SD card becomes full, old recordings are removed before the selected time period has passed.

Tools

• Check: Check for errors on the SD card. This only works for the ext4 file system.

• Repair: Repair errors in the ext4 file system. To repair an SD card with the VFAT file system, eject the SD card, insert it in a computer, and perform a disk repair.

• Format: Format the SD card, for example, when you need to change the file system or quickly erase all data. VFAT and ext4 are the two available file system options. The recommended format is ext4, due to its resilience against data loss if the card is ejected or if there is an abrupt power loss. However, you need a third-party ext4 driver or application to access the file system from Windows®.

• Encrypt: Use this tool to format the SD card and enable encryption. Encrypt deletes all data stored on the SD card. After using Encrypt, the data that’s stored on the SD card is protected using encryption.

• Decrypt: Use this tool to format the SD card without encryption. Decrypt deletes all data stored on the SD card. After using Decrypt, the data that’s stored on the SD card is not protected using encryption.

• Change password: Change the password required to encrypt the SD card.

• Use tool: Click to activate the selected tool.

Wear trigger: Set a value for the SD card wear level at which you want to trigger an action. The wear level ranges from 0–200%. A new SD card that has never been used has a wear level of 0%. A wear level of 100% indicates that the SD card is close to its expected lifetime. When the wear-level reaches 200%, there is a high risk of the SD card malfunctioning. We recommend setting the wear trigger between 80–90%. This gives you time to download any recordings as well as replace the SD card in time before it potentially wears out. The wear trigger allows you to set up an event and get a notification when the wear level reaches your set value.

Add accounts: Click to add a new ONVIF account.

Account: Enter a unique account name.

New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols.

Repeat password: Enter the same password again.

Role:

• Administrator: Has full access to all settings. Administrators can also add, update, and remove other accounts.

• Operator: Has access to all settings except:

• • All System settings.

  • Adding apps.

• Media account: Allows access to the video stream only.

The context menu contains:

Update account: Edit the account properties.

Delete account: Delete the account. You can’t delete the root account.

Reports

• View the device server report: View information about the product status in a pop-up window. The Access Log is automatically included in the Server Report.

• Download the device server report: It creates a .zip file that contains a complete server report text file in UTF–8 format, as well as a snapshot of the current live view image. Always include the server report .zip file when you contact support.

• Download the crash report: Download an archive with detailed information about the server's status. The crash report contains information that is in the server report as well as detailed debug information. This report might contain sensitive information such as network traces. It can take several minutes to generate the report.

Logs

• View the system log: Click to show information about system events such as device startup, warnings, and critical messages.

• View the access log: Click to show all failed attempts to access the device, for example, when a wrong login password is used.

A network trace file can help you troubleshoot problems by recording activity on the network.

Trace time: Select the duration of the trace in seconds or minutes, and click Download.

Server: Click to add a new server.

Host: Enter the hostname or IP address of the server.

Format: Select which syslog message format to use.

• Axis

• RFC 3164

• RFC 5424

Protocol: Select the protocol to use:

• UDP (Default port is 514)

• TCP (Default port is 601)

• TLS (Default port is 6514)

Port: Edit the port number to use a different port.

Severity: Select which messages to send when triggered.

CA certificate set: See the current settings or add a certificate.

Plain config is for advanced users with experience of Axis device configuration. Most parameters can be set and edited from this page.

Restart: Restart the device. This does not affect any of the current settings. Running applications restart automatically.

Restore: Return most settings to the factory default values. Afterwards you must reconfigure the device and apps, reinstall any apps that didn’t come preinstalled, and recreate any events and presets.

Factory default: Return all settings to the factory default values. Afterwards you must reset the IP address to make the device accessible.

Firmware upgrade: Upgrade to a new firmware version. New firmware releases can contain improved functionality, bug fixes, and completely new features. We recommend you to always use the latest release. To download the latest release, go to axis.com/support.

• When you upgrade, you can choose between three options:

• Standard upgrade: Upgrade to the new firmware version.

• Factory default: Upgrade and return all settings to the factory default values. When you choose this option, you can’t revert to the previous firmware version after the upgrade.

• Autorollback: Upgrade and confirm the upgrade within the set time. If you don’t confirm, the device reverts to the previous firmware version.

Firmware rollback: Revert to the previously installed firmware version.

Steady during startup, during reset to factory default or when restoring settings.

Flashes during startup, and if network connection is unavailable or lost.

Shows steady green for 10 seconds for normal operation after startup completed.

When the LED turns off after being green, the device is running.

Flashes for identification purposes.

Channel 1, unbalanced line, mono

Channel 1, unbalanced line, mono

Ground