e-ManualTopSite mapHelpGlossary

Category Top

Optional Equipment and System Requirements

Printing or Sending a Fax from a Computer

Using E-Mail/I-Fax

Sending Data

Checking Your Network Environment

Network Environment Setup Procedures

Connecting the Machine to a Computer or Network

Specifying Network Settings from the Touch Panel Display

Interface Settings

Communication Environment Setup

IEEE802.1X Authentication Settings

Selecting the IEEE802.1X Authentication Method

TCP/IP Network Setup Procedures

Protocol Settings

TCP/IPv4 Settings

TCP/IPv6 Settings

Settings Common to TCP/IPv4 and TCP/IPv6

Confirming TCP/IPv4 Settings (PING Command)

Confirming TCP/IPv6 Settings (PING Command)

Setting the Key Pair Used With SSL Encrypted Communications

IPSec Settings

Registering a Security Policy
Editing a Security Policy

Startup Time Settings

Setting Up a Computer for Printing/Sending a Fax

Printer Connection Method (LPD/Raw)

Windows 2000/XP/Server 2003/Server 2008/Vista/7/Server 2008 R2
Mac OS X 10.3.9 or Later
UNIX

Printer Connection Method (IPP/IPPS)

Printer Connection Method (FTP)

Printer Connection Method (WSD)

Setting Up a Computer as a File Server

FTP Server Settings

WebDAV Server Settings

NetWare Network Setup Procedures

NetWare Print Service Settings

Setup Using NetWare Administrator or PCONSOLE

Protocol Settings

Setting Up a Computer for Printing/Sending a Fax

SMB/CIFS Network Setup Procedures

Protocol Settings

Setting Up a Computer for Printing/Sending a Fax

Connecting to a TCP/IP Network

Connecting to an SMB/CIFS Network

Printer Connection Method

Setting Up a Computer as a File Server

Connecting to a TCP/IP Network

Connecting to an SMB/CIFS Network and Configuring a Shared Folder

AppleTalk Network Setup Procedures

Protocol Settings

Setting Up a Computer for Printing

Network Connection Problems and Remedies

Printing Problems and Remedies

Data Sending/File Sharing Problems and Remedies

Encrypted SSL Data Communication Problems and Remedies

Confirming Settings

Checking the Block Log

Obtaining the Public Key of the Machine to Use SSL with Windows Server 2008/Vista/7/Server 2008 R2

Top » Network » Network Environment Setup Procedures » IEEE802.1X Authentication Settings
IEEE802.1X Authentication Settings
06RH-1UL
This section describes how to set IEEE802.1X authentication.
For IEEE802.1X, the RADIUS server requires user authentication from the supplicant (the machine) when connecting to a network. EAPOL (EAP over LAN) is used for communication between the supplicant and the authenticator (LAN switch) that performs access control of the terminal based on the authentication results. Authentication information is managed collectively with the RADIUS (Remote Authentication Dial In User Service) server, and then the supplicant is authenticated. Invalid access can be prevented because this authentication method permits only supplicants authenticated by the RADIUS server to connect to the network via an authenticator. The authenticator blocks communication from supplicants not authenticated by the RADIUS server.
The machine supports the following methods of authentications:
EAP-TLS (Extensible Authentication Protocol-Transport Level Security)
For the EAP-TLS method, authentication is performed by issuing a digital certificate bilaterally to both the client and the RADIUS server. The key pair and client certificate sent from the machine are verified using the CA certificate on the RADIUS server. The server certificate sent from the RADIUS server is verified using the CA certificate on the client (the machine). The CA certificate used to verify the server certificate must be registered. For information on installing the CA certificate file using the Remote UI, see "Installing a CA Certificate File." For instructions on registering the installed CA certificate file, see "Registering/Editing a CA Certificate File."
Also, the settings for the user login name (to be authenticated by IEEE802.1X authentication), as well as the settings for the key pair (in PKCS#12 format) and the client certificate, are necessary to use EAP-TLS with the machine. After installing the key pair file and client certificate file using the Remote UI (see "Installing a Key Pair File and Server Certificate"), set the key pair and client certificate for EAP-TLS as the default key with the control panel of the machine.
EAP-TTLS (EAP-Tunneled TLS)
For the EAP-TTLS method, only the RADIUS server issues a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client. The CA certificate used to verify the server certificate must be registered. For information on installing the CA certificate file using the Remote UI, see "Installing a CA Certificate File." For instructions on registering the installed CA certificate file, see "Registering/Editing a CA Certificate File."
Furthermore, the name of the user/login user to be authenticated with IEEE802.1X authentication and the password need to be set to use EAP-TTLS with the machine.
The user can select two types of internal authentication protocol supported by EAP-TTLS: MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol Version 2), or PAP (Password Authentication Protocol). You cannot set both MS-CHAPv2 and PAP simultaneously.
PEAP (Protected EAP)
For the PEAP method, only the RADIUS server issues a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client. The CA certificate used to verify the server certificate must be registered. For information on installing the CA certificate file using the Remote UI, see "Installing a CA Certificate File." For instructions on registering the installed CA certificate file, see "Registering/Editing a CA Certificate File."
Furthermore, the name of the user/login user to be authenticated with IEEE802.1X authentication and the password need to be set to use PEAP with the machine.
The only internal authentication protocol supported by PEAP is MS-CHAPv2.

IMPORTANT
You cannot set the EAP-TLS method and the EAP-TTLS/PEAP method at the same time.