Setup overview
Get started
Find the device on the network
To find Axis devices on the network and assign them IP addresses in Windows®, use AXIS IP Utility or AXIS Device Manager. Both applications are free and can be downloaded from axis.com/support.
For more information about how to find and assign IP addresses, go to How to assign an IP address and access your device.
Browser support
You can use the device with the following browsers:
ChromeTM | Firefox® | EdgeTM | Safari® | |
Windows® | recommended | recommended | ✓ | |
macOS® | recommended | recommended | ✓ | ✓ |
Linux® | recommended | recommended | ✓ | |
Other operating systems | ✓ | ✓ | ✓ | ✓* |
*To use AXIS OS web interface with iOS 15 or iPadOS 15, go to Settings > Safari > Advanced > Experimental Features and disable NSURLSession Websocket.
If you need more information about recommended browsers, go to AXIS OS Portal.
Open the device's web interface
Open a browser and type the IP address or host name of the Axis device.
If you do not know the IP address, use AXIS IP Utility or AXIS Device Manager to find the device on the network.
Type the username and password. If you access the device for the first time, you must create an administrator account. See Create an administrator account.
For descriptions of all the controls and options in the device’s web interface, see The web interface.
Create an administrator account
The first time you log in to your device, you must create an administrator account.
Enter a username.
Enter a password. See Secure passwords.
Re-enter the password.
Accept the license agreement.
Click Add account.
The device has no default account. If you lose the password for your administrator account, you must reset the device. See Reset to factory default settings.
Secure passwords
Axis devices send the initially set password in clear text over the network. To protect your device after the first login, set up a secure and encrypted HTTPS connection and then change the password.
The device password is the primary protection for your data and services. Axis devices do not impose a password policy as they may be used in various types of installations.
To protect your data we strongly recommend that you:
Use a password with at least 8 characters, preferably created by a password generator.
Don’t expose the password.
Change the password at a recurring interval, at least once a year.
Verify that no one has tampered with the device software
- To make sure that the device has its original AXIS OS, or to take full control of the device after a security attack:
Reset to factory default settings. See Reset to factory default settings.
After the reset, secure boot guarantees the state of the device.
Configure and install the device.
Configure your device
This section covers all the important configurations that an installer needs to do to get the product up and running after the hardware installation has been completed.
Set up direct SIP (P2P)
VoIP (Voice over IP) is a group of technologies that enables voice and multimedia communication over IP networks. For more information, see Voice over IP (VoIP).
In this device VoIP is enabled through the SIP protocol. For more information about SIP, see Session Initiation Protocol (SIP)
There are two types of setups for SIP. Direct or peer-to-peer (P2P) is one of them. Use peer-to-peer when the communication is between a few user agents within the same IP network and there is no need for extra features that a PBX-server could provide. For information on how to set it up, see Peer-to-peer SIP (P2PSIP).
Go to Communication > SIP > Settings and select Enable SIP.
To allow the device to receive incoming calls, select Allow incoming calls.
- NOTICE
When you allow incoming calls, the device accepts calls from any device connected to the network. If the device is accessible from a public network or the internet, we recommend you not to allow incoming calls.
Click Call handling.
In Calling timeout, set the number of seconds that a call will last before it ends if there is no answer.
If you have allowed incoming calls, set the number of seconds before timeout for incoming calls in Incoming call timeout.
Click Ports.
Enter the SIP port number and TLS port number.
- Note
- SIP port – for SIP sessions. Signalling traffic through this port is non-encrypted. The default port number is 5060.
- TLS port – for SIPS and TLS secured SIP sessions. Signalling traffic through this port is encrypted with Transport Layer Security (TLS). The default port number is 5061.
- RTP start port – the port used for the first RTP media stream in a SIP call. The default start port is 4000. Some firewalls can block RTP traffic on certain port numbers. The port number must be between 1024 and 65535.
Click NAT traversal.
Select the protocols you want to enable for NAT traversal.
- Note
Use NAT traversal when the device is connected to the network from behind a NAT router or a firewall. For more information see NAT traversal.
Click Save.
Set up SIP through a server (PBX)
VoIP (Voice over IP) is a group of technologies that enables voice and multimedia communication over IP networks. For more information, see Voice over IP (VoIP).
In this device, VoIP is enabled through the SIP protocol. For more information about SIP, see Session Initiation Protocol (SIP)
There are two types of setups for SIP. A PBX server is one of them. Use a PBX server when the communication should be between an infinite number of user agents within and outside the IP network. Additional features could be added to the setup depending on the PBX provider. For more information, see Private Branch Exchange (PBX).
Request the following information from your PBX provider:
User ID
Domain
Password
Authentication ID
Caller ID
Registrar
RTP start port
Go to Communication > SIP > Accounts and click + Add account.
Enter a Name for the account.
Select Registered.
Select a transport mode.
Add the account information from the PBX provider.
Click Save.
Set up the SIP settings in the same way as for peer-to-peer, see Set up direct SIP (P2P). Use the RTP start port from the PBX provider.
Include video stream from nearby camera in SIP call
If you have an Axis camera mounted close to the intercom, you can include the video stream from the camera in your intercom SIP and VMS calls.
Requirements
An Axis camera with H.264 and 1280x720, 800x800, or 640x480 resolution.
- To connect the intercom to the camera:
Go to System > Edge-to-edge > Pairing.
Under Camera pairing, enter the address, username and password for the Axis camera.
Click Connect.
Create a contact
This example explains how to create a new contact in the contact list. Before you start, enable SIP in Communication > SIP.
To create a new contact:
Go to Communication > Contact list.
Click + Add contact.
Enter the first and last name of the contact.
Enter the contact’s SIP address.
- Note
For information about SIP addresses, see Session Initiation Protocol (SIP).
Select the SIP account to call from.
- Note
Availability options are defined in System > Events > Schedules.
Choose the contact’s Availability. If there’s a call when the contact isn’t available, the call gets canceled unless a there’s a fallback contact.
- Note
A fallback is a contact, to whom the call gets forwarded if the original contact doesn’t reply or isn’t available.
In Fallback, select None.
Click Save.
Configure the call button
By default, the call button is configured to make VMS (video management software) calls. If you want to keep this configuration, you just need to add the Axis intercom to the VMS.
This example explains how to set up the system to call a contact in the contact list when a visitor presses the call button.
Go to Communication > Calls > Call button.
Under Recipients, remove VMS.
Under Recipients, select an existing or create a new contact.
To disable the call button, turn off Enable call button.
Use DTMF to unlock the door for a visitor
When a visitor makes a call from the intercom, the person who answers can use the Dual-Tone Multi-Frequency signaling (DTMF) of his SIP device to unlock the door. The door controller unlocks and locks the door.
- This example explains how to:
define the DTMF signal in the intercom
set up the intercom to:
request the door controller to unlock the door, or
unlock the door using the internal relay.
- You make all settings in the intercom’s webpage.
- Before you start
Allow SIP calls from the device and create a SIP account. See Set up direct SIP (P2P) and Set up SIP through a server (PBX).
- Define the DTMF signal in the intercom
Go to Communication > SIP > DTMF.
Click + Add sequence.
In Sequence, enter
1
.In Description, enter
Unlock door
.In Accounts, select the SIP account.
Click Save.
- Set up the intercom to unlock the door using the internal relay
Go to System > Events > Rules and add a rule.
In the Name field, enter
DTMF unlock door
.From the list of conditions, under Call, select DTMF and Unlock door.
From the list of actions, under I/O, select Toggle I/O once.
From the list of ports, select Relay 1.
Change Duration to
00:00:07
, which means that the door is open for 7 seconds.Click Save.
Allow credential holders to open the door
With Entry list, you can make it possible for credential holders to use their card or PIN to trigger actions, such as opening a door. This example explains how to add a credential holder who can use their card to open the door 10 times.
Prerequisites
Make sure the correct chip type is active in Reader > Chip types.
- Turn on Entry list and add a credential holder:
Go to Reader > Entry list.
Turn on Use Entry list.
Click + Add credential holder.
Enter the credential holder's first and last name. The first name must be unique.
Select Card.
Swipe the credential holder's card on the device and click Get latest.
Keep the event condition Access granted.
Under Valid to, select Number of times.
In Number of times, enter
10
.Click Save.
- Create a rule:
Go to System > Events.
Under Rules, click + Add a rule.
In Name, enter
Open door
.In the list of conditions, select Entry list > Access granted.
In the list of actions, select I/O > Toggle I/O once.
In the list of ports, select Door.
Under State, select Active.
Set the duration to
00:00:07
.Click Save.
Set up rules for events
You can create rules to make your device perform an action when certain events occur. A rule consists of conditions and actions. The conditions can be used to trigger the actions. For example, the device can start a recording or send an email when it detects motion, or show an overlay text while the device is recording.
To learn more, check out our guide Get started with rules for events.
Trigger an action
Go to System > Events and add a rule. The rule defines when the device will perform certain actions. You can set up rules as scheduled, recurring, or manually triggered.
Enter a Name.
Select the Condition that must be met to trigger the action. If you specify more than one condition for the rule, all of the conditions must be met to trigger the action.
Select which Action the device should perform when the conditions are met.
If you make changes to an active rule, the rule must be turned on again for the changes to take effect.
The web interface
To reach the device’s web interface, type the device’s IP address in a web browser.
Support for the features and settings described in this section varies between devices. This icon indicates that the feature or setting is only available in some devices.
Show or hide the main menu. Access the release notes. Access the product help. Change the language. Set light theme or dark theme. The user menu contains:
The context menu contains:
|
Status
Device info
Shows the device information, including AXIS OS version and serial number.
Upgrade AXIS OS: Upgrade the software on your device. Takes you to the Maintenance page where you can do the upgrade. |
Time sync status
Shows NTP synchronization information, including if the device is in sync with an NTP server and the time remaining until the next sync.
NTP settings: View and update the NTP settings. Takes you to the Date and time page where you can change the NTP settings. |
Security
Shows what kind of access to the device that is active, what encryption protocols are in use, and if unsigned apps are allowed. Recommendations to the settings are based on the AXIS OS Hardening Guide.
Hardening guide: Link to AXIS OS Hardening guide where you can learn more about cybersecurity on Axis devices and best practices. |
Connected clients
Shows the number of connections and connected clients.
View details: View and update the list of connected clients. The list shows IP address, protocol, port, state, and PID/process of each connection. |
Ongoing recordings
Shows ongoing recordings and their designated storage space.
Recordings: View ongoing and filtered recordings and their source. For more information, see Recordings Shows the storage space where the recording is saved. |
Video
Installation
Capture mode: A capture mode is a preset configuration that defines how the camera captures images. When you change the capture mode, it can affect many other settings, such as view areas and privacy masks. Mounting position: The orientation of the image can change depending on how you mount the camera. Power line frequency: To minimize image flicker, select the frequency your region uses. The American regions usually use 60 Hz. The rest of the world mostly uses 50 Hz. If you're not sure of your region's power line frequency, check with the local authorities. |
Rotate: Select the preferred image orientation. |
Image
Appearance
Scene profile: Select a scene profile that suits your surveillance scenario. A scene profile optimizes image settings, including color level, brightness, sharpness, contrast, and local contrast, for a specific environment or purpose.
Saturation: Use the slider to adjust the color intensity. You can, for example, get a grayscale image. Contrast: Use the slider to adjust the difference between light and dark. Brightness: Use the slider to adjust the light intensity. This can make objects easier to see. Brightness is applied after image capture, and doesn’t affect the information in the image. To get more details from a dark area, it’s usually better to increase gain or exposure time. Sharpness: Use the slider to make objects in the image appear sharper by adjusting the edge contrast. If you increase the sharpness, it may increase the bitrate and the amount of storage space needed as well. |
Wide dynamic range
WDR: Turn on to make both bright and dark areas of the image visible. Local contrast: Use the slider to adjust the contrast of the image. A higher value makes the contrast higher between dark and light areas. Tone mapping: Use the slider to adjust the amount of tone mapping that is applied to the image. If the value is set to zero, only the standard gamma correction is applied, while a higher value increases the visibility of the darkest and brightest parts in the image. |
White balance
When the camera detects the color temperature of the incoming light, it can adjust the image to make the colors look more natural. If this is not sufficient, you can select a suitable light source from the list.
The automatic white balance setting reduces the risk of color flicker by adapting to changes gradually. If the lighting changes, or when the camera is first started, it can take up to 30 seconds to adapt to the new light source. If there is more than one type of light source in a scene, that is, they differ in color temperature, the dominating light source acts as a reference for the automatic white balance algorithm. This behavior can be overridden by choosing a fixed white balance setting that matches the light source you want to use as a reference.
Light environment:
|
Exposure
Select an exposure mode to reduce rapidly changing irregular effects in the image, for example, flicker produced by different types of light sources. We recommend you to use the automatic exposure mode, or the same frequency as your power network.
Exposure mode:
Exposure zone: Use exposure zones to optimize the exposure in a selected part of the scene, for example, the area in front of an entrance door. Note The exposure zones are related to the original image (unrotated), and the names of the zones apply to the original image. This means, for example, that if the video stream is rotated 90°, then the Upper zone becomes the Right zone in the stream, and Left becomes Lower.
Max shutter: Select the shutter speed to provide the best image. Low shutter speeds (longer exposure) might cause motion blur when there is movement, and a too high shutter speed might affect the image quality. Max shutter works with max gain to improve the image. Max gain: Select the suitable max gain. If you increase the max gain, it improves the visible level of detail in dark images, but also increases the noise level. More noise can also result in increased use of bandwidth and storage. If you set the max gain to a high value, images can differ a lot if the light conditions are very different from day to night. Max gain works with max shutter to improve the image. Motion-adaptive exposure: Select to reduce motion blur in low-light conditions. Blur-noise trade-off: Use the slider to adjust the priority between motion blur and noise. If you want to prioritize low bandwidth and have less noise at the expense of details in moving objects, move the slider towards Low noise. If you want to prioritize the preservation of details in moving objects at the expense of noise and bandwidth, move the slider towards Low motion blur. Note You can change the exposure either by adjusting the exposure time or by adjusting the gain. If you increase the exposure time, it results in more motion blur, and if you increase the gain, it results in more noise. If you adjust the Blur-noise trade-off towards Low noise, the automatic exposure will prioritize longer exposure times over increasing gain, and the opposite if you adjust the trade-off towards Low motion blur. Both the gain and exposure time will eventually reach their maximum values in low-light conditions, regardless of the priority set. Lock aperture: Turn on to keep the aperture size set by the Aperture slider. Turn off to allow the camera to automatically adjust the aperture size. You can, for example, lock the aperture for scenes with permanent light conditions. Aperture: Use the slider to adjust the aperture size, that is, how much light passes through the lens. To allow more light to enter the sensor and thereby produce a brighter image in low-light conditions, move the slider towards Open. An open aperture also reduces the depth of field, which means that objects close to or far from the camera can appear unfocused. To allow more of the image to be in focus, move the slider towards Closed. Exposure level: Use the slider to adjust the image exposure. Defog: Turn on to detect the effects of foggy weather and automatically remove them for a clearer image. Note We recommend you not to turn on Defog in scenes with low contrast, large light level variations, or when the autofocus is slightly off. This can affect the image quality, for example, by increasing the contrast. Furthermore, too much light can negatively impact the image quality when defog is active. |
Stream
General
Resolution: Select the image resolution suitable for the surveillance scene. A higher resolution increases bandwidth and storage. Frame rate: To avoid bandwidth problems on the network or reduce storage size, you can limit the frame rate to a fixed amount. If you leave the frame rate at zero, the frame rate is kept at the highest possible rate under the current conditions. A higher frame rate requires more bandwidth and storage capacity. P-frames: A P-frame is a predicted image that shows only the changes in the image from the previous frame. Enter the desired number of P-frames. The higher the number, the less bandwidth is required. However, if there is network congestion, there could be a noticeable deterioration in the video quality. Compression: Use the slider to adjust the image compression. High compression results in a lower bitrate and lower image quality. Low compression improves the image quality, but uses more bandwidth and storage when you record. Signed video: Turn on to add the signed video feature to the video. Signed video protects the video from tampering by adding cryptographic signatures to the video. |
Zipstream
Zipstream is a bitrate reduction technology, optimized for video surveillance, that reduces the average bitrate in an H.264 or H.265 stream in real time. Axis Zipstream applies a high bitrate in scenes where there are multiple regions of interest, for example, in scenes with moving objects. When the scene is more static, Zipstream applies a lower bitrate, and thereby reduces the required storage. To learn more, see Reducing the bit rate with Axis Zipstream
Optimize for storage: Turn on to minimize the bitrate while maintaining quality. The optimization does not apply to the stream shown in the web client. This can only be used if your VMS supports B-frames. Turning on Optimize for storage also turns on Dynamic GOP. Dynamic FPS (frames per second): Turn on to allow the bandwidth to vary based on the level of activity in the scene. More activity requires more bandwidth. Lower limit: Enter a value to adjust the frame rate between minimal fps and the stream default fps based on scene motion. We recommend you to use lower limit in scenes with very little motion, where the fps could drop to 1 or lower. Dynamic GOP (Group of Pictures): Turn on to dynamically adjust the interval between I-frames based on the level of activity in the scene. Upper limit: Enter a maximum GOP length, that is, the maximum number of P-frames between two I-frames. An I-frame is a self-contained image frame that is independent of other frames. |
Bitrate control
|
Orientation
Mirror: Turn on to mirror the image. |
Audio
Include: Turn on to use audio in the video stream. Source: Select what audio source to use. Stereo: Turn on to include built-in audio as well as audio from an external microphone. |
Overlays
: Click to add an overlay. Select the type of overlay from the dropdown list:
Widget: Meter: Show a bar chart that displays the most recently measured data value.
|
Privacy masks
: Click to create a new privacy mask. Privacy masks: Click to change the color of all privacy masks, or to delete all privacy masks permanently. Mask x: Click to rename, disable, or permanently delete the mask. |
Communication
Contact list
Contacts
Click to download the contact list as a json file. Click to import a contact list (json). Add contact: Click to add a new contact to the contact list. First name: Enter the contact’s first name. Last name: Enter the contact’s last name. Speed dial: Enter an available speed dial number for the contact. This number is used to call the contact from the device. SIP address: If you use SIP, enter the contact's IP address or extension. : Click to make a test call. The call will automatically end when answered. SIP account: If you use SIP, select the SIP account to use for the call from the device to the contact. Availability: Select the contact’s availability schedule. If a call is attempted when the contact isn’t available, the call is canceled unless there’s a fallback contact. Fallback: If applicable, select a fallback contact from the list. The context menu contains: Edit contact: Edit the contact’s properties. Delete contact: Delete the contact. |
SIP
Settings
Session Initiation Protocol (SIP) is used for interactive communication sessions between users. The sessions can include audio and video.
SIP setup assistant: Click to set up and configure SIP step by step. Enable SIP: Check this option to make it possible to initiate and receive SIP calls. Allow incoming calls: Check this option to allow incoming calls from other SIP devices.
|
Accounts
All current SIP accounts are listed under SIP accounts. For registered accounts, the colored circle lets you know the status.
The peer to peer (default) account is an automatically created account. You can delete it if you create at least one other account and set that account as default. The default account is always used when a VAPIX® Application Programming Interface (API) call is made without specifying which SIP account to call from.
|
DTMF
Add sequence: Click to create a new dual-tone multifrequency (DTMF) sequence. To create a rule that is activated by touch-tone, go to Events > Rules. Sequence: Enter the characters to activate the rule. Allowed characters: 0–9, A-D, #, and *. Description: Enter a description of the action to be triggered by the sequence. Accounts: Select the accounts that will use the DTMF sequence. If you choose peer-to-peer, all peer-to-peer accounts will share the same DTMF sequence. |
Protocols Select the protocols to use for each account. All peer-to-peer accounts share the same protocol settings. Use RTP (RFC2833): Turn on to allow dual-tone multifrequency (DTMF) signaling, other tone signals and telephony events in RTP packets. Use SIP INFO (RFC2976): Turn to include the INFO method to the SIP protocol. The INFO method adds optional application layer information, generally related to the session. |
Test call
SIP account: Select which account to make the test call from. SIP address: Enter a SIP address and click to make a test call and verify that the account works. |
Access list
Use access list: Turn on to restrict who can make calls to the device.
Add source: Click to create a new entry in the access list. SIP source: Type the caller ID or SIP server address of the source. |
Multicast controller
User multicast controller: Turn on to activate multicast controller. Audio codec: Select an audio codec. Source: Add a new multicast controller source.
The context menu contains: Edit: Edit the multicast controller source. Delete: Delete the multicast controller source. |
Calls
Call button
Enable call button: Turn on to make it possible to use the call button. Standby light: Select an option for the built-in light around the call button.
Recipients: Select or create one or more contacts to call when someone presses the call button. If you add more than one recipient, the call will be placed to all of them at the same time. The maximum number of SIP call recipients is six, while you can have an unlimited number of VMS call recipients. Fallback: Add a fallback contact from the list in case none of the recipients replies. |
General
Audio Note
Ringtone: Select the audio clip to play when someone makes a call to the device. Use the slider to adjust the gain. Ringback tone: Select the audio clip to play when someone makes a call from the device. Use the slider to adjust the gain. |
VMS calls
VMS calls
Allow calls in the video management software (VMS): Select to allow calls from the device to the VMS. You can make VMS calls even if SIP is turned off. Call timeout: Set the maximum duration of an attempted call if no one answers. |
Reader
Connection
External reader (Input)
Use external OSDP reader: Turn on to use the device with an external reader. Connect the reader to the reader connector.
|
Reader protocol
Reader protocol type: Select the protocol to use for the reader functionality.
|
Output format
Select data format: Select in which format to send card data to the access control unit.
Facility code override mode: Select an option for overriding the facility code.
|
PIN
The PIN settings must match the ones configured in the access control unit.
Length (0–32): Enter the number of digits in the PIN. If users aren’t required to use a PIN when they use the reader, set the length to 0. Timeout (seconds, 3–50): Enter the number of seconds that need to pass before the device returns to idle mode when no PIN is received. |
Entry list
With Entry list, you can set up the device to allow credential holders to use their card or PIN to perform different actions, such as opening a door. You store the credentials locally in the device. You can also combine this functionality with an external door controller.
Use Entry list: Turn on to use the Entry list functionality. Use connected door controller: Turn on if the device is already connected to a door controller. If someone presents a credential that doesn’t exist in Entry list, we’ll send the request to the connected door controller. We don’t send credentials that are available in Entry list. Add credential holder: Click to add a new credential holder. First name: Enter a first name. Last name: Enter a last name. Credential type:
Event condition: Select one or more conditions to trigger when the credential holder uses their credential. To set up the resulting action, go to System > Events and create a rule, using the same condition you select here. Valid from: Select Current device time to activate the credential immediately. Clear to specify when to activate the credential. Valid to:
Notes: Enter optional information. Suspend: Select to make the credential temporarily invalid. |
Audio
Device settings
Input: Turn on or off audio input. Shows the type of input.
Noise cancellation: Turn on to improve audio quality by removing background noise. Input type: Select the type of input, for instance, if it’s internal microphone or line. Power type: Select power type for your input. Apply changes: Apply your selection. Echo cancellation: Turn on to remove echoes during two-way communication. Separate gain controls: Turn on to adjust the gain separately for the different input types. Automatic gain control: Turn on to dynamically adapt the gain to changes in the sound. Gain: Use the slider to change the gain. Click the microphone icon to mute or unmute. |
Output: Shows the type of output.
Gain: Use the slider to change the gain. Click the speaker icon to mute or unmute. |
Stream
Encoding: Select the encoding to use for the input source streaming. You can only choose encoding if audio input is turned on. If audio input is turned off, click Enable audio input to turn it on. |
Audio clips
Add clip: Add a new audio clip. You can use .au, .mp3, .opus, .vorbis, .wav files. Play the audio clip. Stop playing the audio clip. The context menu contains:
|
Recordings
Ongoing recordings: Show all ongoing recordings on the device. Start a recording on the device. Choose which storage device to save to. Stop a recording on the device. Triggered recordings will end when manually stopped or when the device is shut down. Continuous recordings will continue until manually stopped. Even if the device is shut down, the recording will continue when the device starts up again. |
Play the recording. Stop playing the recording. Show or hide information and options about the recording. Set export range: If you only want to export part of the recording, enter a time span. Note that if you work in a different time zone than the location of the device, the time span is based on the device’s time zone. Encrypt: Select to set a password for exported recordings. It will not be possible to open the exported file without the password. Click to delete a recording. Export: Export the whole or a part of the recording. |
Click to filter the recordings. From: Show recordings done after a certain point in time. To: Show recordings up until a certain point in time. Source: Show recordings based on source. The source refers to the sensor. Event: Show recordings based on events. Storage: Show recordings based on storage type. |
Apps
Add app: Install a new app. Find more apps: Find more apps to install. You will be taken to an overview page of Axis apps. Allow unsigned apps: Turn on to allow installation of unsigned apps. Allow root-privileged apps: Turn on to allow apps with root privileges full access to the device. View the security updates in AXIS OS and ACAP apps. Note The device’s performance might be affected if you run several apps at the same time. Use the switch next to the app name to start or stop the app. Open: Access the app’s settings. The available settings depend on the application. Some applications don’t have any settings. The context menu can contain one or more of the following options:
|
System
Time and location
Date and time
The time format depends on the web browser’s language settings.
We recommend you synchronize the device’s date and time with an NTP server.
Synchronization: Select an option for the device’s date and time synchronization.
Time zone: Select which time zone to use. Time will automatically adjust to daylight saving time and standard time.
Note The system uses the date and time settings in all recordings, logs, and system settings. |
Device location
Enter where the device is located. Your video management system can use this information to place the device on a map.
|
Configuration check
Interactive device image: Click the buttons in the image to simulate real key presses. This allows you to try out configurations or troubleshoot the hardware without having physical access to the device. Latest credentials: Shows information about the credentials that were last registered. Show the latest credentials data. The context menu contains:
Check credentials: Enter a UID or a PIN and submit to check the credentials. The system will respond in the same way as if you used the credentials at the device. If both UID and PIN is required, start by entering the UID. |
Network
IPv4
Assign IPv4 automatically: Select to let the network router assign an IP address to the device automatically. We recommend automatic IP (DHCP) for most networks. IP address: Enter a unique IP address for the device. Static IP addresses can be assigned at random within isolated networks, provided that each address is unique. To avoid conflicts, we recommend you contact your network administrator before you assign a static IP address. Subnet mask: Enter the subnet mask to define what addresses are inside the local area network. Any address outside the local area network goes through the router. Router: Enter the IP address of the default router (gateway) used to connect devices that are attached to different networks and network segments. Fallback to static IP address if DHCP isn’t available: Select if you want to add a static IP address to use as fallback if DHCP is unavailable and can’t assign an IP address automatically. Note If DHCP isn’t available and the device uses a static address fallback, the static address is configured with a limited scope. |
IPv6
Assign IPv6 automatically: Select to turn on IPv6 and to let the network router assign an IP address to the device automatically. |
Hostname
Assign hostname automatically: Select to let the network router assign a hostname to the device automatically. Hostname: Enter the hostname manually to use as an alternative way of accessing the device. The server report and system log use the hostname. Allowed characters are A–Z, a–z, 0–9 and -. |
DNS servers
Assign DNS automatically: Select to let the DHCP server assign search domains and DNS server addresses to the device automatically. We recommend automatic DNS (DHCP) for most networks. Search domains: When you use a hostname that is not fully qualified, click Add search domain and enter a domain in which to search for the hostname the device uses. DNS servers: Click Add DNS server and enter the IP address of the DNS server. This provides the translation of hostnames to IP addresses on your network. |
HTTP and HTTPS
HTTPS is a protocol that provides encryption for page requests from users and for the pages returned by the web server. The encrypted exchange of information is governed by the use of an HTTPS certificate, which guarantees the authenticity of the server.
To use HTTPS on the device, you must install an HTTPS certificate. Go to System > Security to create and install certificates.
Allow access through: Select if a user is allowed to connect to the device through the HTTP, HTTPS, or both HTTP and HTTPS protocols. Note If you view encrypted web pages through HTTPS, you might experience a drop in performance, especially when you request a page for the first time. HTTP port: Enter the HTTP port to use. The device allows port 80 or any port in the range 1024-65535. If you are logged in as an administrator, you can also enter any port in the range 1-1023. If you use a port in this range, you get a warning. HTTPS port: Enter the HTTPS port to use. The device allows port 443 or any port in the range 1024-65535. If you are logged in as an administrator, you can also enter any port in the range 1-1023. If you use a port in this range, you get a warning. Certificate: Select a certificate to enable HTTPS for the device. |
Network discovery protocols
Bonjour®: Turn on to allow automatic discovery on the network. Bonjour name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address. UPnP®: Turn on to allow automatic discovery on the network. UPnP name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address. WS-Discovery: Turn on to allow automatic discovery on the network. LLDP and CDP: Turn on to allow automatic discovery on the network. Turning LLDP and CDP off can impact the PoE power negotiation. To resolve any issues with the PoE power negotiation, configure the PoE switch for hardware PoE power negotiation only. |
Global proxies
Http proxy: Specify a global proxy host or IP address according to the allowed format. Https proxy: Specify a global proxy host or IP address according to the allowed format.
Note Restart the device to apply the global proxy settings.
|
One-click cloud connection
One-click cloud connection (O3C) together with an O3C service provides easy and secure internet access to live and recorded video from any location. For more information, see axis.com/end-to-end-solutions/hosted-services.
Allow O3C:
Proxy settings: If needed, enter the proxy settings to connect to the proxy server. Host: Enter the proxy server’s address. Port: Enter the port number used for access. Login and Password: If needed, enter username and password for the proxy server. Authentication method:
Owner authentication key (OAK): Click Get key to fetch the owner authentication key. This is only possible if the device is connected to the internet without a firewall or proxy. |
SNMP
The Simple Network Management Protocol (SNMP) allows remote management of network devices.
SNMP: Select the version of SNMP to use.
Note All Axis Video MIB traps are enabled when you turn on SNMP v1 and v2c traps. For more information, see AXIS OS Portal > SNMP.
|
Security
Certificates
Certificates are used to authenticate devices on a network. The device supports two types of certificates:
These formats are supported:
Important If you reset the device to factory default, all certificates are deleted. Any pre-installed CA certificates are reinstalled. Add certificate : Click to add a certificate.
The context menu contains:
Secure keystore:
|
Network access control and encryption
IEEE 802.1x IEEE 802.1x is an IEEE standard for port-based network admission control providing secure authentication of wired and wireless network devices. IEEE 802.1x is based on EAP (Extensible Authentication Protocol). To access a network protected by IEEE 802.1x, network devices must authenticate themselves. The authentication is performed by an authentication server, typically a RADIUS server (for example, FreeRADIUS and Microsoft Internet Authentication Server). IEEE 802.1AE MACsec IEEE 802.1AE MACsec is an IEEE standard for media access control (MAC) security that defines connectionless data confidentiality and integrity for media access independent protocols. Certificates When configured without a CA certificate, server certificate validation is disabled and the device tries to authenticate itself regardless of what network it is connected to. When using a certificate, in Axis' implementation, the device and the authentication server authenticate themselves with digital certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security). To allow the device to access a network protected through certificates, you must install a signed client certificate on the device. Authentication method: Select an EAP type used for authentication. Client certificate: Select a client certificate to use IEEE 802.1x. The authentication server uses the certificate to validate the client’s identity. CA certificates: Select CA certificates to validate the authentication server’s identity. When no certificate is selected, the device tries to authenticate itself regardless of what network it is connected to. EAP identity: Enter the user identity associated with the client certificate. EAPOL version: Select the EAPOL version that is used in the network switch. Use IEEE 802.1x: Select to use the IEEE 802.1x protocol. These settings are only available if you use IEEE 802.1x PEAP-MSCHAPv2 as the authentication method:
These settings are only available if you use IEEE 802.1ae MACsec (Static CAK/Pre-Shared Key) as the authentication method:
|
Prevent brute-force attacks
Blocking: Turn on to block brute-force attacks. A brute-force attack uses trial-and-error to guess login info or encryption keys. Blocking period: Enter the number of seconds to block a brute-force attack. Blocking conditions: Enter the number of authentication failures allowed per second before the block starts. You can set the number of failures allowed both on page level and device level. |
Firewall
Activate: Turn on the firewall.
To make exceptions to the default policy, you can create rules that allows or denies connections to the device from specific addresses, protocols, and ports.
: Click to create another rule.
Pending rules: An overview of the latest tested rules that you are yet to confirm. Note The rules that have a time limit appear under Active rules until the displayed timer runs out, or until you confirm them. If you don't confirm them, they will appear under Pending rules once the timer runs out, and the firewall will revert to the previously defined settings. If you confirm them, they will replace the current active rules. Confirm rules: Click to activate the pending rules. Active rules: An overview of the rules you are currently running on the device. : Click to delete an active rule. : Click to delete all rules, both pending and active. |
Custom signed AXIS OS certificate
To install test software or other custom software from Axis on the device, you need a custom signed AXIS OS certificate. The certificate verifies that the software is approved by both the device owner and Axis. The software can only run on a specific device which is identified by its unique serial number and chip ID. Only Axis can create custom signed AXIS OS certificates, since Axis holds the key to sign them. Install: Click to install the certificate. You need to install the certificate before you install the software. The context menu contains:
|
Accounts
Accounts
Add account: Click to add a new account. You can add up to 100 accounts. Account: Enter a unique account name. New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols. Repeat password: Enter the same password again. Privileges:
The context menu contains: Update account: Edit the account properties. Delete account: Delete the account. You can’t delete the root account. |
Anonymous access
Allow anonymous viewing: Turn on to allow anyone access the device as a viewer without logging in with an account. Allow anonymous PTZ operating: Turn on to allow anonymous users to pan, tilt, and zoom the image. |
SSH accounts
Add SSH account: Click to add a new SSH account.
Account: Enter a unique account name. New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols. Repeat password: Enter the same password again. Comment: Enter a comment (optional). The context menu contains: Update SSH account: Edit the account properties. Delete SSH account: Delete the account. You can’t delete the root account. |
Virtual host
Add virtual host: Click to add a new virtual host. Enabled: Select to use this virtual host. Server name: Enter the name of the server. Only use numbers 0-9, letters A-Z, and hyphen (-). Port: Enter the port the server is connected to. Type: Select the type of authentication to use. Select between Basic, Digest, and Open ID. The context menu contains:
Disabled: The server is disabled. |
OpenID Configuration
If you can't use OpenID to sign in, use the Digest or Basic credentials you used when you configured OpenID to sign in.
Client ID: Enter the OpenID username. Outgoing Proxy: Enter the proxy address for the OpenID connection to use a proxy server. Admin claim: Enter a value for the admin role. Provider URL: Enter the web link for the API endpoint authentication. Format should be https://[insert URL]/.well-known/openid-configuration Operator claim: Enter a value for the operator role. Require claim: Enter the data that should be in the token. Viewer claim: Enter the value for the viewer role. Remote user: Enter a value to identify remote users. This assists to display the current user in the device’s web interface. Scopes: Optional scopes that could be part of the token. Client secret: Enter the OpenID password Save: Click to save the OpenID values. Enable OpenID: Turn on to close current connection and allow device authentication from the provider URL. |
Events
Rules
A rule defines the conditions that triggers the product to perform an action. The list shows all the currently configured rules in the product.
You can create up to 256 action rules.
Add a rule: Create a rule. Name: Enter a name for the rule. Wait between actions: Enter the minimum time (hh:mm:ss) that must pass between rule activations. It is useful if the rule is activated by, for example, day-night mode conditions, to avoid that small light changes during sunrise and sunset activate the rule repeatedly. Condition: Select a condition from the list. A condition must be met for the device to perform an action. If multiple conditions are defined, all of them must be met to trigger the action. For information about specific conditions, see Get started with rules for events. Use this condition as a trigger: Select to make this first condition function only as a starting trigger. It means that once the rule is activated, it remains active for as long as all the other conditions are met, no matter the state of the first condition. If you don’t select this option, the rule will simply be active whenever all the conditions are met. Invert this condition: Select if you want the condition to be the opposite of your selection. Add a condition: Click to add an additional condition. Action: Select an action from the list and enter its required information. For information about specific actions, see Get started with rules for events. |
Recipients
You can set up your device to notify recipients about events or send files.
If you set up your device to use FTP or SFTP, don’t change or remove the unique sequence number that’s added to the file names. If you do that, only one image per event can be sent.
The list shows all the recipients currently configured in the product, along with information about their configuration.
You can create up to 20 recipients.
Add a recipient: Click to add a recipient. Name: Enter a name for the recipient. Type: Select from the list:
Test: Click to test the setup. The context menu contains: View recipient: Click to view all the recipient details. Copy recipient: Click to copy a recipient. When you copy, you can make changes to the new recipient. Delete recipient: Click to delete the recipient permanently. |
Schedules
Schedules and pulses can be used as conditions in rules. The list shows all the schedules and pulses currently configured in the product, along with information about their configuration. Add schedule: Click to create a schedule or pulse. |
Manual triggers
You can use the manual trigger to manually trigger a rule. The manual trigger can, for example, be used to validate actions during product installation and configuration. |
MQTT
MQTT (Message Queuing Telemetry Transport) is a standard messaging protocol for the Internet of Things (IoT). It was designed for simplified IoT integration and is used in a wide variety of industries to connect remote devices with a small code footprint and minimal network bandwidth. The MQTT client in Axis device software can simplify integration of data and events produced in the device to systems which are not video management software (VMS). Set up the device as an MQTT client. MQTT communication is based on two entities, the clients and the broker. The clients can send and receive messages. The broker is responsible for routing messages between clients. You can learn more about MQTT in AXIS OS Portal. |
ALPN
ALPN is a TLS/SSL extension that allows for the selection of an application protocol during the handshake phase of the connection between the client and server. This is used to enable MQTT traffic over the same port that is used for other protocols, such as HTTP. In some cases, there might not be a dedicated port open for MQTT communication. A solution in such cases is to use ALPN to negotiate the use of MQTT as the application protocol on a standard port, allowed by the firewalls. |
MQTT client
Connect: Turn on or off the MQTT client. Status: Shows the current status of the MQTT client. Broker Host: Enter the hostname or IP address of the MQTT server. Protocol: Select which protocol to use. Port: Enter the port number.
ALPN protocol: Enter the ALPN protocol name provided by your MQTT broker provider. This is only applicable with MQTT over SSL and MQTT over WebSocket Secure. Username: Enter the username that the client will use to access the server. Password: Enter a password for the username. Client ID: Enter a client ID. The client identifier is sent to the server when the client connects to it. Clean session: Controls the behavior at connection and disconnection time. When selected, the state information is discarded at connect and disconnect. HTTP proxy: A URL with a maximum length of 255 bytes. You can leave the field empty if you don't want to use an HTTP proxy. HTTPS proxy: A URL with a maximum length of 255 bytes. You can leave the field empty if you don't want to use an HTTPS proxy. Keep alive interval: Enables the client to detect when the server is no longer available without having to wait for the long TCP/IP timeout. Timeout: The time interval in seconds to allow a connect to complete. Default value: 60 Device topic prefix: Used in the default values for the topic in the connect message and LWT message on the MQTT client tab, and in the publication conditions on the MQTT publication tab. Reconnect automatically: Specifies whether the client should reconnect automatically after a disconnect. Connect message Specifies if a message should be sent out when a connection is established. Send message: Turn on to send messages. Use default: Turn off to enter your own default message. Topic: Enter the topic for the default message. Payload: Enter the content for the default message. Retain: Select to keep the state of client on this Topic QoS: Change the QoS layer for the packet flow. Last Will and Testament message The Last Will Testament (LWT) lets a client provide a testament along with its credentials when connecting to the broker. If the client disconnects ungracefully at some point later (maybe because his power source died), it can let the broker deliver a message to other clients. This LWT message has the same form as an ordinary message and gets routed via the same mechanics. Send message: Turn on to send messages. Use default: Turn off to enter your own default message. Topic: Enter the topic for the default message. Payload: Enter the content for the default message. Retain: Select to keep the state of client on this Topic QoS: Change the QoS layer for the packet flow. |
MQTT publication
Use default topic prefix: Select to use the default topic prefix, that is defined in the device topic prefix in the MQTT client tab. Include topic name: Select to include the topic that describes the condition in the MQTT topic. Include topic namespaces: Select to include ONVIF topic namespaces in the MQTT topic. Include serial number: Select to include the device’s serial number in the MQTT payload. Add condition: Click to add a condition. Retain: Defines which MQTT messages are sent as retained.
QoS: Select the desired level for the MQTT publication. |
MQTT subscriptions
Add subscription: Click to add a new MQTT subscription. Subscription filter: Enter the MQTT topic that you want to subscribe to. Use device topic prefix: Add the subscription filter as prefix to the MQTT topic. Subscription type:
QoS: Select the desired level for the MQTT subscription. |
MQTT overlays
Note Connect to an MQTT broker before you add MQTT overlay modifiers. Add overlay modifier: Click to add a new overlay modifier. Topic filter: Add the MQTT topic that contains the data you want to show in the overlay. Data field: Specify the key for the message payload that you want to show in the overlay, assuming the message is in JSON format.
|
Storage
Network storage
Ignore: Turn on to ignore network storage. Add network storage: Click to add a network share where you can save recordings.
Remove network storage: Click to unmount, unbind, and remove the connection to the network share. This removes all settings for the network share. Unbind: Click to unbind and disconnect the network share. Unmount: Click to unmount the network share. Write protect: Turn on to stop writing to the network share and protect recordings from being removed. You can’t format a write-protected network share. Retention time: Select how long to keep recordings, to limit the amount of old recordings, or to comply with regulations regarding data storage. If the network storage becomes full, old recordings are removed before the selected time period passes. Tools
|
Onboard storage
Important Risk of data loss and corrupted recordings. Do not remove the SD card while the device is running. Unmount the SD card before you remove it. Unmount: Click to safely remove the SD card. Write protect: Turn on to stop writing to the SD card and protect recordings from being removed. You can’t format a write-protected SD card. Autoformat: Turn on to automatically format a newly inserted SD card. It formats the file system into ext4. Ignore: Turn on to stop storing recordings on the SD card. When you ignore the SD card, the device no longer recognizes that the card exists. The setting is only available to administrators. Retention time: Select how long to keep recordings to limit the amount of old recordings or comply with data storage regulations. When the SD card is full, it deletes old recordings before their retention time has passed. Tools
Wear trigger: Set a value for the SD card wear level at which you want to trigger an action. The wear level ranges from 0–200%. A new SD card that has never been used has a wear level of 0%. A wear level of 100% indicates that the SD card is close to its expected lifetime. When the wear-level reaches 200%, there is a high risk of the SD card malfunctioning. We recommend setting the wear trigger between 80–90%. This gives you time to download any recordings as well as replace the SD card in time before it potentially wears out. The wear trigger allows you to set up an event and get a notification when the wear level reaches your set value. |
Stream profiles
A stream profile is a group of settings that affect the video stream. You can use stream profiles in different situations, for example, when you create events and use rules to record.
Add stream profile: Click to create a new stream profile. Preview: A preview of the video stream with the stream profile settings you select. The preview updates when you change the settings on the page. If your device has different view areas, you can change the view area in the drop-down in the bottom left corner of the image. Name: Add a name for your profile. Description: Add a description of your profile. Video codec: Select the video codec that should apply for the profile. Resolution: See Stream for a description of this setting. Frame rate: See Stream for a description of this setting. Compression: See Stream for a description of this setting. Zipstream: See Stream for a description of this setting. Optimize for storage: See Stream for a description of this setting. Dynamic FPS: See Stream for a description of this setting. Dynamic GOP: See Stream for a description of this setting. Mirror: See Stream for a description of this setting. GOP length: See Stream for a description of this setting. Bitrate control: See Stream for a description of this setting. Include overlays: Select what type of overlays to include. See Overlays for information about how to add overlays. Include audio: See Stream for a description of this setting. |
ONVIF
ONVIF accounts
ONVIF (Open Network Video Interface Forum) is a global interface standard that makes it easier for end-users, integrators, consultants, and manufacturers to take advantage of the possibilities offered by network video technology. ONVIF enables interoperability between different vendor products, increased flexibility, reduced cost and future-proof systems.
When you create an ONVIF account, you automatically enable ONVIF communication. Use the account name and password for all ONVIF communication with the device. For more information see the Axis Developer Community at axis.com.
Add accounts: Click to add a new ONVIF account. Account: Enter a unique account name. New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols. Repeat password: Enter the same password again. Role:
The context menu contains: Update account: Edit the account properties. Delete account: Delete the account. You can’t delete the root account. |
ONVIF media profiles
An ONVIF media profile consists of a set of configurations that you can use to change media stream settings. You can create new profiles with your own set of configurations or use preconfigured profiles for a quick setup.
Add media profile: Click to add a new ONVIF media profile. Profile name: Add a name for the media profile. Video source: Select the video source for your configuration.
Video encoder: Select the video encoding format for your configuration.
Note Enable audio in the device to get the option to select an audio source and audio encoder configuration. Audio source: Select the audio input source for your configuration.
Audio encoder: Select the audio encoding format for your configuration.
Audio decoder: Select the audio decoding format for your configuration.
Audio output: Select the audio output format for your configuration.
Metadata: Select the metadata to include in your configuration.
PTZ: Select the PTZ settings for your configuration.
Create: Click to save your settings and create the profile. Cancel: Click to cancel the configuration and clear all settings. profile_x: Click on the profile name to open and edit the preconfigured profile. |
Analytics metadata
Metadata producers
Lists the apps that stream metadata and the channels they use.
Producer: The app that produces the metadata. Below the app is a list of the types of metadata the app streams from the device. Channel: The channel that the app uses. Select to enable the metadata stream. Deselect for compatibility or resource management reasons. |
Detectors
Camera tampering
The camera tampering detector generates an alarm when the scene changes, for example, when the lens is covered, sprayed or severely put out of focus, and the time in Trigger delay has passed. The tampering detector only activates when the camera has not moved for at least 10 seconds. During this period, the detector sets up a scene model to use as a comparison to detect tampering in current images. For the scene model to be set up properly, make sure that the camera is in focus, the lighting conditions are correct, and the camera doesn’t point at a scene that lacks contours, for example, a blank wall. Camera tampering can be used as a condition to trigger actions.
Trigger delay: Enter the minimum time that the tampering conditions must be active before the alarm triggers. This can help prevent false alarms for known conditions that affect the image. Trigger on dark images: It is very difficult to generate alarms when the camera lens is sprayed, since it is impossible to distinguish that event from other situations where the image turns dark in a similar way, for example, when the lighting conditions change. Turn on this parameter to generate alarms for all cases where the image turns dark. When it’s turned off, the device doesn’t generate any alarm when the image turns dark. Note For detection of tampering attempts in static and non-crowded scenes. |
Audio detection
These settings are available for each audio input. Sound level: Adjust the sound level to a value from 0–100, where 0 is the most sensitive and 100 the least sensitive. Use the activity indicator as a guide when you set the sound level. When you create events, you can use the sound level as a condition. You can choose to trigger an action if the sound level rises above, falls below or passes the set value. |
Shock detection
Shock detector: Turn on to generate an alarm if the device is hit by an object or if it is tampered with. Sensitivity level: Move the slider to adjust the sensitivity level at which the device should generate an alarm. A low value means that the device only generates an alarm if the hit is powerful. A high value means that the device generates an alarm even with mild tampering. |
Accessories
I/O ports
Use digital input to connect external devices that can toggle between an open and closed circuit, for example, PIR sensors, door or window contacts, and glass break detectors.
Use digital output to connect external devices such as relays and LEDs. You can activate connected devices through the VAPIX® Application Programming Interface or the web interface.
Port Name: Edit the text to rename the port. Usage: The default option for the relay port is Door. For devices with indicator icons, turns green when the state changes and the door is unlocked. If you use the relay for something other than a door and don’t want the icon to light up when the state changes, you can select one of the other options for the port. Direction: indicates that the port is an input port. indicates that it’s an output port. If the port is configurable, you can click the icons to change between input and output. Normal state: Click for open circuit, and for closed circuit. Current state: Shows the current state of the port. The input or output is activated when the current state is different from the normal state. An input on the device has an open circuit when it’s disconnected or when there is a voltage above 1 V DC. Note During restart, the output circuit is open. When the restart is complete, the circuit goes back to the normal position. If you change any settings on this page, the output circuits go back to their normal positions regardless of any active triggers. Supervised: Turn on to make it possible to detect and trigger actions if someone tampers with the connection to digital I/O devices. In addition to detecting if an input is open or closed, you can also detect if someone has tampered with it (that is, cut or shorted). To supervise the connection requires additional hardware (end-of-line resistors) in the external I/O loop. |
Edge-to-edge
Camera pairing allows you to pair an Axis intercom with a compatible Axis camera, to include the camera’s live stream in SIP and VMS calls.
Camera pairing Address: Enter the host name or IP address of the camera. Username: Enter the username for the camera. Password: Enter the password for the camera. Disconnect: Click to disconnect the already connected camera. Connect: Click to connect the camera. |
Logs
Reports and logs
Reports
Logs
|
Network trace
Important A network trace file might contain sensitive information, for example certificates or passwords. A network trace file can help you troubleshoot problems by recording activity on the network. Trace time: Select the duration of the trace in seconds or minutes, and click Download. |
Remote system log
Syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, which indicates the software type generating the message, and assigned a severity level.
Server: Click to add a new server. Host: Enter the hostname or IP address of the server. Format: Select which syslog message format to use.
Protocol: Select the protocol to use:
Port: Edit the port number to use a different port. Severity: Select which messages to send when triggered. CA certificate set: See the current settings or add a certificate. |
Plain config
Plain config is for advanced users with experience of Axis device configuration. Most parameters can be set and edited from this page. |
Maintenance
Restart: Restart the device. This does not affect any of the current settings. Running applications restart automatically. Restore: Return most settings to the factory default values. Afterwards you must reconfigure the device and apps, reinstall any apps that didn’t come preinstalled, and recreate any events and presets. Important The only settings saved after restore are:
Factory default: Return all settings to the factory default values. Afterwards you must reset the IP address to make the device accessible. Note All Axis device software is digitally signed to ensure that you only install verified software on your device. This further increases the overall minimum cybersecurity level of Axis devices. For more information, see the white paper “Axis Edge Vault” at axis.com. AXIS OS upgrade: Upgrade to a new AXIS OS version. New releases can contain improved functionality, bug fixes, and completely new features. We recommend you to always use the latest AXIS OS release. To download the latest release, go to axis.com/support.
AXIS OS rollback: Revert to the previously installed AXIS OS version. |
Learn more
Voice over IP (VoIP)
Voice over IP (VoIP) is a group of technologies that enables voice communication and multimedia sessions over IP networks, such as the internet. In traditional phone calls, analog signals are sent through circuit transmissions over the Public Switched Telephone Network (PSTN). In a VoIP call, analog signals are turned into digital signals to make it possible to send them in data packets across local IP networks or the internet.
In the Axis product, VoIP is enabled through the Session Initiation Protocol (SIP) and Dual-Tone Multi-Frequency (DTMF) signaling.
Example
When you press the call button on an Axis intercom, a call is initiated to one or more predefined recipients. When a recipient replies, a call is established. The voice and video is transferred through VoIP technologies.
Session Initiation Protocol (SIP)
The Session Initiation Protocol (SIP) is used to set up, maintain and terminate VoIP calls. You can make calls between two or more parties, called SIP user agents. To make a SIP call you can use, for example, SIP phones, softphones or SIP-enabled Axis devices.
The actual audio or video is exchanged between the SIP user agents with a transport protocol, for example RTP (Real-Time Transport Protocol).
You can make calls on local networks using a peer-to-peer setup, or across networks using a PBX.
Peer-to-peer SIP (P2PSIP)
The most basic type of SIP communication takes place directly between two or more SIP user agents. This is called peer-to-peer SIP (P2PSIP). If it takes place on a local network, all that’s needed are the SIP addresses of the user agents. A typical SIP address in this case would be sip:<local-ip>
.
Example
You can set up the Axis intercom to call for example a SIP-enabled phone on the same network using a peer-to-peer SIP setup.
Private Branch Exchange (PBX)
When you make SIP calls outside your local IP network, a Private Branch Exchange (PBX) can act as a central hub. The main component of a PBX is a SIP server, which is also referred to as a SIP proxy or a registrar. A PBX works like a traditional switchboard, showing the client's current status and allowing for example call transfers, voicemail, and redirections.
The PBX SIP server can be set up as a local entity or offsite. It can be hosted on an intranet or by a third party provider. When you make SIP calls between networks, calls are routed through a set of PBXs, that query the location of the SIP address to be reached.
Each SIP user agent registers with the PBX, and can then reach the others by dialing the correct extension. A typical SIP address in this case would be sip:<user>@<domain>
or sip:<user>@<registrar-ip>
. The SIP address is independent of its IP address and the PBX makes the device accessible as long as it is registered to the PBX.
Example
When you press the call button on an Axis intercom, the call is forwarded through one or more PBXs to a SIP address either on the local IP network or over the internet.
NAT traversal
Use NAT (Network Address Translation) traversal when the Axis device is located on an private network (LAN) and you want to access it from outside of that network.
The router must support NAT traversal and UPnP®.
Each NAT traversal protocol can be used separately or in different combinations depending on the network environment.
ICE The ICE Interactive Connectivity Establishment) protocol increases the chances of finding the most efficient path to successful communication between peer devices. If you also enable STUN and TURN, you improve the ICE protocol’s chances.
STUN - STUN (Session Traversal Utilities for NAT) is a client-server network protocol that lets the Axis device determine if it is located behind a NAT or firewall, and if so obtain the mapped public IP address and port number allocated for connections to remote hosts. Enter the STUN server address, for example, an IP address.
TURN - TURN (Traversal Using Relays around NAT) is a protocol that lets a device behind a NAT router or firewall receive incoming data from other hosts over TCP or UDP. Enter TURN server address and the login information.
Cybersecurity
For product-specific information about cybersecurity, see the product's datasheet at axis.com.
For in-depth information about cybersecurity in AXIS OS, read the AXIS OS Hardening guide.
Axis security notification service
Axis provides a notification service with information about vulnerability and other security related matters for Axis devices. To receive notifications, you can subscribe at axis.com/security-notification-service.
Vulnerability management
To minimize customers' risk of exposure, Axis, as a Common Vulnerability and Exposures (CVE) numbering authority (CNA), follows industry standards to manage and respond to discovered vulnerabilities in our devices, software, and services. For more information about Axis vulnerability management policy, how to report vulnerabilities, already disclosed vulnerabilities, and corresponding security advisories, see axis.com/vulnerability-management.
Secure operation of Axis devices
Axis devices with factory default settings are pre-configured with secure default protection mechanisms. We recommend using more security configuration when installing the device. To find out more about Axis hardening guides and other cyber security related documentation, go to axis.com/support/cybersecurity/resources.
Applications
With applications, you can get more out of your Axis device. AXIS Camera Application Platform (ACAP) is an open platform that makes it possible for third parties to develop analytics and other applications for Axis devices. Applications can be preinstalled on the device, available for download for free, or for a license fee.
To find the user manuals for Axis applications, go to help.axis.com.
Specifications
Product overview
Front panel indicators and controls
When you connect the product to power, the front panel indicators light up for a few seconds.
Indicator icons
Icon | Indication |
Steady amber when outgoing call initiated. Flashes amber when incoming call initiated. | |
Steady blue for ongoing call. | |
Steady green when door is open. |
LED indicators
Status LED | Indication |
Green | Steady green for normal operation. |
SD card slot
- Risk of damage to SD card. Don’t use sharp tools, metal objects, or excessive force when inserting or removing the SD card. Use your fingers to insert and remove the card.
- Risk of data loss and corrupted recordings. Unmount the SD card from the device’s web interface before removing it. Don’t remove the SD card while the product is running.
This device supports microSD/microSDHC/microSDXC cards.
For SD card recommendations, see axis.com.
microSD, microSDHC, and microSDXC Logos are trademarks of SD-3C LLC. microSD, microSDHC, microSDXC are trademarks or registered trademarks of SD-3C, LLC in the United States, other countries or both.
Buttons
Control button
- The control button is used for:
Resetting the product to factory default settings. See Reset to factory default settings.
Connecting to a one-click cloud connection (O3C) service over the internet. To connect, press and hold the button for about 3 seconds until the status LED flashes green.
Connectors
Network connector
RJ45 Ethernet connector with Power over Ethernet (PoE).
Audio connector
4-pin terminal block for audio input and output.
Function | Pin | Notes |
Line in | 1 | Line in (mono) |
GND | 2 | Audio ground |
Line out | 3 | Line out (mono) |
GND | 4 | Audio ground |
I/O, reader, and relay connector
You can use this connector for I/O and relay, or for reader connectivity.
6-pin terminal block
Function | Pin | Notes | Specifications |
DC ground | 1 | 0 V DC | |
DC output | 2 | Can be used to power auxiliary equipment. Note: This pin can only be used as power out. | 12 V DC I/O : Max load = 50 mA Reader/relay : Max load = 350 mA |
I/O: Configurable (Input or Output) Reader: A | 3 | I/O: Digital input – Connect to pin 1 to activate, or leave floating (unconnected) to deactivate. Digital output – Internally connected to pin 1 (DC ground) when active, and floating (unconnected) when inactive. If used with an inductive load, e.g., a relay, connect a diode in parallel with the load, to protect against voltage transients. Reader: RS485 – A | I/O : input – 0 to max 30 V DC output – 0 to max 30 V DC, open drain, 100 mA |
I/O: Configurable (Input or Output) Reader: B | 4 | I/O: same as pin 3 Reader: RS485 – B | I/O: same as pin 3 |
Relay: COM | 5 | Common | |
Relay: NO/NC | 6 | Normally open/normally closed. For connecting relay devices. The two relay pins are galvanically separated from the rest of the circuitry. | Max current 700 mA, max voltage 30 V DC |
I/O connector
One option is to use the connector as an I/O connector with external devices in combination with, for example, motion detection, event triggering, and alarm notifications. In addition to the 0 V DC reference point and power (12 V DC output), the I/O connector provides the interface to:
- Digital input
- For connecting devices that can toggle between an open and closed circuit, for example PIR sensors, door/window contacts, and glass break detectors.
- Digital output
- For connecting external devices such as relays and LEDs. Connected devices can be activated by the VAPIX® Application Programming Interface, through an event or from the device interface.
Example
Relay connector
In combination with I/O, you can use the connector as a relay connector to connect a solid state relay, and use it:
as a standard relay that opens and closes auxiliary circuits,
to control a lock directly,
to control a lock through a safety relay. Using a safety relay on the secure side of the door prevents hotwiring.
Reader connector
A third option is to use the connector as a reader connector to connect an external reader.
Connect equipment
Relay powered by PoE (12V)
To check relay state, go to System > Accessories and find the relay port.
Set Normal state to:
for a fail-secure lock.
for a fail-safe lock.
Relay powered by separate power supply
To check relay state, go to System > Accessories and find the relay port.
Set Normal state to:
for a fail-secure lock.
for a fail-safe lock.
Potential-free relay
To check relay state, go to System > Accessories and find the relay port.
Set Normal state to:
for a fail-secure lock.
for a fail-safe lock.
12V Fail-secure lock powered by PoE from intercom
To check relay state, go to System > Accessories and find the relay port.
Set Normal state to:
for a fail-secure lock.
for a fail-safe lock.
12V Fail-secure lock powered by external power supply
To check relay state, go to System > Accessories and find the relay port.
Set Normal state to:
for a fail-secure lock.
for a fail-safe lock.
Troubleshooting
Reset to factory default settings
Reset to factory default should be used with caution. A reset to factory default resets all settings, including the IP address, to the factory default values.
To reset the product to the factory default settings:
Disconnect power from the product.
Press and hold the control button while reconnecting power. See Product overview.
Keep the control button pressed for 15–30 seconds until the status LED indicator flashes amber.
Release the control button. The process is complete when the status LED indicator turns green. If no DHCP server is available on the network, the device IP address will default to one of the following:
Devices with AXIS OS 12.0 and later: Obtained from the link-local address subnet (169.254.0.0/16)
Devices with AXIS OS 11.11 and earlier: 192.168.0.90/24
Use the installation and management software tools to assign an IP address, set the password, and access the device.
The installation and management software tools are available from the support pages on axis.com/support.
You can also reset parameters to factory default through the device’s web interface. Go to Maintenance > Factory default and click Default.
AXIS OS options
Axis offers device software management according to either the active track or the long-term support (LTS) tracks. Being on the active track means continuously getting access to all the latest product features, while the LTS tracks provide a fixed platform with periodic releases focused mainly on bug fixes and security updates.
Using AXIS OS from the active track is recommended if you want to access the newest features, or if you use Axis end-to-end system offerings. The LTS tracks are recommended if you use third-party integrations, which are not continuously validated against the latest active track. With LTS, the products can maintain cybersecurity without introducing any significant functional changes or affecting any existing integrations. For more detailed information about Axis device software strategy, go to axis.com/support/device-software.
Check the current AXIS OS version
AXIS OS determines the functionality of our devices. When you troubleshoot a problem, we recommend that you to start by checking the current AXIS OS version. The latest version might contain a correction that fixes your particular problem.
To check the current AXIS OS version:
Go to the device’s web interface > Status.
Under Device info, see the AXIS OS version.
Upgrade AXIS OS
- Preconfigured and customized settings are saved when you upgrade the device software (provided that the features are available in the new AXIS OS) although this is not guaranteed by Axis Communications AB.
- Make sure the device remains connected to the power source throughout the upgrade process.
When you upgrade the device with the latest AXIS OS version in the active track, the product receives the latest functionality available. Always read the upgrade instructions and release notes available with each new release before you upgrade. To find the latest AXIS OS version and the release notes, go to axis.com/support/device-software.
Download the AXIS OS file to your computer, available free of charge at axis.com/support/device-software.
Log in to the device as an administrator.
Go to Maintenance > AXIS OS upgrade and click Upgrade.
- When the upgrade has finished, the product restarts automatically.
Technical issues, clues, and solutions
If you can’t find what you’re looking for here, try the troubleshooting section at axis.com/support.
Problems upgrading AXIS OS | |
AXIS OS upgrade failure | If the upgrade fails, the device reloads the previous version. The most common reason is that the wrong AXIS OS file has been uploaded. Check that the name of the AXIS OS file corresponds to your device and try again. |
Problems after AXIS OS upgrade | If you experience problems after the upgrade, roll back to the previously installed version from the Maintenance page. |
Problems setting the IP address | |||||
The device is located on a different subnet | If the IP address intended for the device and the IP address of the computer used to access the device are located on different subnets, you cannot set the IP address. Contact your network administrator to obtain an IP address. | ||||
The IP address is being used by another device | Disconnect the Axis device from the network. Run the ping command (in a Command/DOS window, type
| ||||
Possible IP address conflict with another device on the same subnet | The static IP address in the Axis device is used before the DHCP server sets a dynamic address. This means that if the same default static IP address is also used by another device, there may be problems accessing the device. |
The device can’t be accessed from a browser | ||||||||||||
Can’t log in | When HTTPS is enabled, ensure that the correct protocol (HTTP or HTTPS) is used when attempting to log in. You may need to manually type If the password for the root account is lost, the device must be reset to the factory default settings. See Reset to factory default settings. | |||||||||||
The IP address has been changed by DHCP | IP addresses obtained from a DHCP server are dynamic and may change. If the IP address has been changed, use AXIS IP Utility or AXIS Device Manager to locate the device on the network. Identify the device using its model or serial number, or by the DNS name (if the name has been configured). If required, a static IP address can be assigned manually. For instructions, go to axis.com/support. | |||||||||||
Certificate error when using IEEE 802.1X | For authentication to work properly, the date and time settings in the Axis device must be synchronized with an NTP server. Go to System > Date and time. |
The device is accessible locally but not externally | |||||||||||||||||||
To access the device externally, we recommend you to use one of the following applications for Windows®:
For instructions and download, go to axis.com/vms. |
Can’t connect over port 8883 with MQTT over SSL | |||||||||||||||||||||
The firewall blocks traffic using port 8883 as it’s deemed insecure. | In some cases the server/broker might not provide a specific port for MQTT communication. It may still be possible to use MQTT over a port normally used for HTTP/HTTPS traffic.
|
Performance considerations
When setting up your system, it is important to consider how various settings and situations affect the performance. Some factors affect the amount of bandwidth (the bitrate) required, others can affect the frame rate, and some affect both. If the load on the CPU reaches its maximum, this also affects the frame rate.
The following factors are the most important to consider:
High image resolution or lower compression levels result in images containing more data which in turn affects the bandwidth.
Access by large numbers of Motion JPEG or unicast H.264 clients affects the bandwidth.
Simultaneous viewing of different streams (resolution, compression) by different clients affects both frame rate and bandwidth.
Use identical streams wherever possible to maintain a high frame rate. Stream profiles can be used to ensure that streams are identical.
Accessing Motion JPEG and H.264 video streams simultaneously affects both frame rate and bandwidth.
Heavy usage of event settings affects the product’s CPU load which in turn affects the frame rate.
Using HTTPS may reduce frame rate, in particular if streaming Motion JPEG.
Heavy network utilization due to poor infrastructure affects the bandwidth.
Viewing on poorly performing client computers lowers perceived performance and affects frame rate.
Running multiple AXIS Camera Application Platform (ACAP) applications simultaneously may affect the frame rate and the general performance.
Contact support
If you need more help, go to axis.com/support.
Safety information
Hazard levels
Indicates a hazardous situation which, if not avoided, will result in death or serious injury.
Indicates a hazardous situation which, if not avoided, could result in death or serious injury.
Indicates a hazardous situation which, if not avoided, could result in minor or moderate injury.
Indicates a situation which, if not avoided, could result in damage to property.
Other message levels
Indicates significant information which is essential for the product to function correctly.
Indicates useful information which helps in getting the most out of the product.