Configuring IEEE 802.1X Authentication
The machine can connect to an 802.1X network as a client device. A typical 802.1X network consists of a RADIUS server (authentication server), a LAN switch (authenticator), and client devices with authentication software (supplicants). If a device tries to connect to the 802.1X network, the device must go through user authentication in order to prove that the connection is made by an authorized user. Authentication information is sent to and checked by a RADIUS server, which permits or rejects communication to the network depending on the authentication result. If authentication fails, a LAN switch blocks access from the outside of the network.
TLS
The machine and the authentication server authenticate each other by mutually verifying their certificates. A key pair issued by a certification authority (CA) is required for the client authentication (when authenticating the machine). For the server authentication, a CA certificate installed via the Remote UI can be used in addition to a CA certificate preinstalled in the machine. The TLS method cannot be used with TTLS or PEAP at the same time.
TTLS
This authentication method uses a user name and password for the client authentication and a CA certificate for the server authentication. MSCHAPv2 or PAP can be selected as the internal protocol. TTLS can be used with PEAP at the same time. Enable TLS for the Remote UI communication in advance (
Using TLS for Encrypted Communications).
PEAP
The required settings are almost the same as those of TTLS. MS-CHAPv2 is used as the internal protocol. Enable TLS for the Remote UI communication in advance (
Using TLS for Encrypted Communications).
1
Start the Remote UI and log on in Management Mode.
Starting the Remote UI
2
Click [Settings/Registration].
3
Click [Network]
[IEEE802.1X Settings].
4
Click [Edit].
5
Select the [Use IEEE 802.1X] check box, enter the login name in the [Login Name] text box, and specify the required settings.
[Use IEEE802.1X]
When using the IEEE802.1X authentication in the machine, select the check box. When not using, clear the check box. You can also specify whether to use IEEE802.1X from the operation panel (
IEEE802.1X).
[Login Name]
Enter up to 24 alphanumeric characters for a name (EAP identity) that is used for identifying the user.
Setting TLS
1
|
Select the [Use TLS] check box and click [Key and Certificate].
|
2
|
Select a key from the list of keys and certificates, and click [Default Key Settings].
Viewing details of a key pair or certificateYou can check the details of the certificate or verify the certificate by clicking the corresponding text link under [Key Name], or the certificate icon. Verifying Key Pairs and Digital Certificates
|
Setting TTLS/PEAP
1
|
Select the [Use TTLS] or [Use PEAP] check box.
Internal protocol for TTLS You can select MSCHAPv2 or PAP. If you want to use PAP, select [PAP].
|
2
|
Click [Change User Name/Password].
To specify a user name other than the login name, clear the [Use Login Name as User Name] check box. Select the check box if you want to use the login name as the user name.
|
3
|
Set the user name/password and click [OK].
[User Name]
Enter up to 24 alphanumeric characters for the user name.
[Change Password]
To set or change the password, select the check box and enter up to 24 alphanumeric characters for the password in the [Password] text box. For confirmation, enter the same password in the [Confirm] text box.
|
6
Click [OK].
7
Perform a hard reset.
Click [Device Control], select [Hard Reset], and then click [Execute].
|
The settings are enabled after the hard reset is performed.
|
LINKS