Configuring IEEE 802.1X Authentication

IEEE 802.1X is an authentication function that can be used with both wired and wireless networks. Authentication is performed by the authentication server (RADIUS server).

You can select 4 types of EAP authentication method: EAP-TLS, LEAP, EAP-TTLS and PEAP. Note that each EAP authentication method has different configuration settings and authentication procedures.

Types and requirements of certificates are as follows:

EAP type

Required certificates

EAP-TLS

Root certificate, Device certificate (IEEE 802.1X Client Certificate)

LEAP

-

EAP-TTLS

Root certificate

PEAP

Root certificate

PEAP (Phase 2 is for TLS only)

Root certificate, Device certificate (IEEE 802.1X Client Certificate)
Installing a Root Certificate

Install a root certificate (root CA certificate) for verifying the reliability of the authentication server. You need to have at least a certificate issued by the certificate authority who signed the server certificate or a certificate from a higher certificate authority.

Only PEM (Base64-encoded X.509) root certificates can be imported.

  1. Log in as the network administrator from Web Image Monitor.
    For details on how to log in, see User Guide of your device.

  2. Point to [Device Management], and then click [Configuration].

  3. Click [Root Certificate] under "Security".

  4. Click [Browse] for "Root Certificate to Import", and then select the CA certificate you obtained.

  5. Click [Open].

  6. Click [Import].

  7. Check that the imported certificate's [Status] shows "Trustworthy".
    If [Root Certificate Check] shows [Active], and the [Status] of the certificate shows [Untrustworthy], communication might not be possible.

  8. Click [OK].

  9. Log out.

Section Top

Selecting the Device Certificate

Select the certificate you want to use under IEEE 802.1X from among the device certificates created and installed in advance on the machine. For details about creating and installing a device certificate, see User Guide of your device.

  1. Log in as the network administrator from Web Image Monitor.
    For details on how to log in, see User Guide of your device.

  2. Point to [Device Management], and then click [Configuration].

  3. Click [Device Certificate] under "Security".

  4. Select the certificate to be used for IEEE 802.1X from the drop-down list box in "IEEE 802.1X" under "Certification".

  5. Click [OK].

  6. Updating... appears. Wait for about 1 or 2 minutes, and then click [OK].
    If the previous screen does not appear again after you click [OK], wait for a while, and then click the web browser's refresh button.

  7. Log out.

Section Top

Setting Items of IEEE 802.1X for Ethernet

  1. Log in as the network administrator from Web Image Monitor.
    For details on how to log in, see User Guide of your device.

  2. Point to [Device Management], and then click [Configuration].

  3. Click [IEEE 802.1X] under "Security".

  4. In "User Name", enter the user name set in the RADIUS server.

  5. Enter the domain name in "Domain Name".

  6. Select "EAP Type". Configurations differ according to the EAP Type.
    EAP-TLS

    • Make the following settings according to the operating system you are using:

      • Select [On] or [Off] in "Authenticate Server Certificate".

      • Select [On] or [Off] in "Trust Intermediate Certificate Authority".

      • Enter the host name of the RADIUS server on "Server ID".

      • Select [On] or [Off] in "Permit Sub-domain".

    LEAP

    • Click [Change] in "Password", and then enter the password set in the RADIUS server.

    EAP-TTLS

    • Click [Change] in "Password", and then enter the password set in the RADIUS server.

    • Click [Change] in "Phase 2 User Name", and then enter the user name set in the RADIUS server.

    • Select [CHAP], [MSCHAP], [MSCHAPv2], [PAP], or [MD5] in "Phase 2 Method".
      Certain methods might not be available, depending on the RADIUS server you want to use.

    • Make the following settings according to the operating system you are using:

      • Select [On] or [Off] in "Authenticate Server Certificate".

      • Select [On] or [Off] in "Trust Intermediate Certificate Authority".

      • Enter the host name of the RADIUS server in "Server ID".

      • Select [On] or [Off] in "Permit Sub-domain".

    PEAP

    • Click [Change] in "Password", and then enter the password set in the RADIUS server.
      If [TLS] is selected for "Phase 2 Method", you do not need to specify a password.

    • Click [Change] on "Phase 2 User Name", and then enter the user name set in the RADIUS server.

    • Select [MSCHAPv2] or [TLS] in "Phase 2 Method".
      When you select [TLS], you must install "IEEE 802.1X Client Certificate".

    • Make the following settings according to the operating system you are using:

      • Select [On] or [Off] in "Authenticate Server Certificate".

      • Select [On] or [Off] in "Trust Intermediate Certificate Authority".

      • Enter the host name of the RADIUS server on "Server ID".

      • Select [On] or [Off] in "Permit Sub-domain".

  7. Click [OK].

  8. Updating... appears. Wait for about 1 or 2 minutes, and then click [OK].
    If the previous screen does not appear again after you click [OK], wait for a while, and then click the web browser's refresh button.

  9. Click [Interface Settings] under "Interface".

  10. Select [Active] in "Ethernet Security".

  11. Click [OK].

  12. Updating... appears. Wait for about 1 or 2 minutes, and then click [OK].
    If the previous screen does not reappear after you click [OK], wait for a while, and then click the web browser's refresh button.

  13. Log out.

Note

  • If there is a problem with settings, you might not be able to communicate with the machine. In such cases, access the following items on the control panel, and then print the network summary to check the status.

    • Settings screen type: Standard
      [Network/Interface] [Print List]

    • Settings screen type: Classic
      [Interface Settings] [Print List]

  • If you cannot identify the problem, execute the following item on the control panel, and then repeat the procedure.

    • Settings screen type: Standard
      [Network/Interface] [IEEE 802.1X Authentication] [Restore IEEE 802.1X Authentication to Defaults]

    • Settings screen type: Classic
      [Interface Settings] [Network] [Restore IEEE 802.1X Authentication to Defaults]

Section Top

Setting Items of IEEE 802.1X for Wireless LAN

  1. Log in as the network administrator from Web Image Monitor.
    For details on how to log in, see User Guide of your device.

  2. Point to [Device Management], and then click [Configuration].

  3. Click [IEEE 802.1X] under "Security".

  4. In "User Name", enter the user name set in the RADIUS server.

  5. Enter the domain name in "Domain Name".

  6. Select "EAP Type". Configurations differ according to the EAP Type.
    EAP-TLS

    • Make the following settings according to the operating system you are using:

      • Select [On] or [Off] in "Authenticate Server Certificate".

      • Select [On] or [Off] in "Trust Intermediate Certificate Authority".

      • Enter the host name of the RADIUS server on "Server ID".

      • Select [On] or [Off] in "Permit Sub-domain".

    LEAP

    • Click [Change] in "Password", and then enter the password set in the RADIUS server.

    EAP-TTLS

    • Click [Change] in "Password", and then enter the password set in the RADIUS server.

    • Click [Change] in "Phase 2 User Name", and then enter the user name set in the RADIUS server.

    • Select [CHAP], [MSCHAP], [MSCHAPv2], [PAP], or [MD5] in "Phase 2 Method".
      Certain methods might not be available, depending on the RADIUS server you want to use.

    • Make the following settings according to the operating system you are using:

      • Select [On] or [Off] in "Authenticate Server Certificate".

      • Select [On] or [Off] in "Trust Intermediate Certificate Authority".

      • Enter the host name of the RADIUS server in "Server ID".

      • Select [On] or [Off] in "Permit Sub-domain".

    PEAP

    • Click [Change] in "Password", and then enter the password set in the RADIUS server.
      If [TLS] is selected for "Phase 2 Method", you do not need to specify a password.

    • Click [Change] on "Phase 2 User Name", and then enter the user name set in the RADIUS server.

    • Select [MSCHAPv2] or [TLS] in "Phase 2 Method".
      When you select [TLS], you must install "IEEE 802.1X Client Certificate".

    • Make the following settings according to the operating system you are using:

      • Select [On] or [Off] in "Authenticate Server Certificate".

      • Select [On] or [Off] in "Trust Intermediate Certificate Authority".

      • Enter the host name of the RADIUS server on "Server ID".

      • Select [On] or [Off] in "Permit Sub-domain".

  7. Click [OK].

  8. Updating... appears. Wait for about 1 or 2 minutes, and then click [OK].
    If the previous screen does not appear again after you click [OK], wait for a while, and then click the web browser's refresh button.

  9. Click [Wireless LAN Settings] under "Interface".

  10. Select [Wireless LAN] in "LAN Type".

  11. Select [Infrastructure Mode] in "Communication Mode".

  12. Enter the alphanumeric characters (a-z, A-Z, or 0-9) in [SSID] according to the access point you want to use.

  13. Select [WPA2] in "Security Method".

  14. Select [WPA2] in "WPA2 Authentication Method".

  15. Click [OK].

  16. Updating... appears. Wait for about 1 or 2 minutes, and then click [OK].
    If the previous screen does not appear again after you click [OK], wait for a while, and then click the web browser's refresh button.

  17. Log out.

Note

  • If there is a problem with settings, you might not be able to communicate with the machine. In such cases, access the following items on the control panel, and then print the network summary to check the status.

    • Settings screen type: Standard
      [Network/Interface] [Print List]

    • Settings screen type: Classic
      [Interface Settings] [Print List]

  • If you cannot identify the problem, execute the following item on the control panel, and then repeat the procedure.

    • Settings screen type: Standard
      [Network/Interface] [IEEE 802.1X Authentication] [Restore IEEE 802.1X Authentication to Defaults]

    • Settings screen type: Classic
      [Interface Settings] [Network] [Restore IEEE 802.1X Authentication to Defaults]

Section Top

x

QR Code