e-ManualTopSite mapHelp

Category Top

Preventing Unauthorized Access

Increasing Security

Restricting Access by Authentication

Administrator Settings

Specifying the System Manager Settings

Department ID Management

Specifying Department ID Management

Checking/Printing/Clearing Page Totals

Accepting Jobs with Unknown Department IDs

Accepting B&W Copy and Print Jobs without Entering a Department ID

Specifying Authentication Method for Rights Management Server

Network Security

IEEE 802.1X Authentication Settings

Key Pair and Server Certificate Settings for Encrypted SSL Communication

Generating a Key Pair and Server Certificate

Registering a Key Pair File and Server Certificate File Installed from a Computer

Setting the Key Pair Used With SSL Encrypted Communications

Editing Key Pairs and Server Certificates

Registering/Editing a CA Certificate File

Verifying Certificate Validity Using Certificate Revocation List

IPSec Settings

Preventing Information Leakage

Digital Signatures

Setting/Confirming a Key Pair and Device Certificate

Checking a Device Signature Certificate

Setting a Rights Management Server

Copy Set Numbering Options

Restricting the Send Function

Setting the Address Book

Mail Box Settings

Specifying Settings for All Mail Boxes

Specifying the Mail Box Security Settings

Setting the Control Panel Display

Specifying Management Settings for the Hard Disk

Completely Erasing Unnecessary Data from the Hard Disk

Initializing All Data/Settings

TPM Settings

Device Management

Device Information Settings

Specifying Device Information Delivery Settings

Registering/Deleting/Printing Delivery Destinations

Setting Automatic Delivery

Setting Manual Delivery

Setting the Receiving Machine

Checking/Printing the Communication Log

Limiting Functions

Remote UI

Clearing the Message Board

Retrieving Audit Logs

Saving a Log of Key Operations

Available Administrator Settings Table (Touch Panel Display)

Top » Security » Network Security » IEEE 802.1X Authentication Settings
IEEE 802.1X Authentication Settings
0S9Y-1L8
This section describes how to set IEEE 802.1X authentication.
For IEEE 802.1X, the RADIUS server requires user authentication from the supplicant (the machine) when connecting to a network. EAPOL (EAP over LAN) is used for communication between the supplicant and the authenticator (LAN switch) that performs access control of the terminal based on the authentication results. Authentication information is managed collectively with the RADIUS (Remote Authentication Dial In User Service) server, and then the supplicant is authenticated. Invalid access can be prevented because this authentication method permits only supplicants authenticated by the RADIUS server to connect to the network via an authenticator. The authenticator blocks communication from supplicants not authenticated by the RADIUS server.
The machine supports the following methods of authentications:
EAP-TLS (Extensible Authentication Protocol-Transport Level Security)
For the EAP-TLS method, authentication is performed by issuing a digital certificate bilaterally to both the client and the RADIUS server. The key pair and client certificate sent from the machine are verified using the CA certificate on the RADIUS server. The server certificate sent from the RADIUS server is verified using the CA certificate on the client (the machine). The CA certificate used to verify the server certificate must be registered. For information on installing the CA certificate file using the Remote UI, see "Installing a CA Certificate File." For instructions on registering the installed CA certificate file, see "Registering/Editing a CA Certificate File."
Also, the settings for the user login name (to be authenticated by IEEE 802.1X authentication), as well as the settings for the key pair (in PKCS#12 format) and the client certificate, are necessary to use EAP-TLS with the machine. After installing the key pair file and client certificate file using the Remote UI (see "Installing a Key Pair File and Server Certificate"), set the key pair and client certificate for EAP-TLS as the default key with the control panel of the machine.
EAP-TTLS (EAP-Tunneled TLS)
For the EAP-TTLS method, only the RADIUS server issues a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client. The CA certificate used to verify the server certificate must be registered. For information on installing the CA certificate file using the Remote UI, see "Installing a CA Certificate File." For instructions on registering the installed CA certificate file, see "Registering/Editing a CA Certificate File."
Furthermore, the name of the user/login user to be authenticated with IEEE 802.1X authentication and the password need to be set to use EAP-TTLS with the machine.
The user can select two types of internal authentication protocol supported by EAP-TTLS: MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol Version 2), or PAP (Password Authentication Protocol). You cannot set both MS-CHAPv2 and PAP simultaneously.
PEAP (Protected EAP)
For the PEAP method, only the RADIUS server issues a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client. The CA certificate used to verify the server certificate must be registered. For information on installing the CA certificate file using the Remote UI, see "Installing a CA Certificate File." For instructions on registering the installed CA certificate file, see "Registering/Editing a CA Certificate File."
Furthermore, the name of the user/login user to be authenticated with IEEE 802.1X authentication and the password need to be set to use PEAP with the machine.
The only internal authentication protocol supported by PEAP is MS-CHAPv2.
For details on network settings, see the manual provided with the imagePRESS Server.

IMPORTANT
You cannot set the EAP-TLS method and the EAP-TTLS/PEAP method at the same time.