Configuring IEEE 802.1X Authentication

The machine can connect to an 802.1X network as a client device. A typical 802.1X network consists of a RADIUS server (authentication server), LAN switch (authenticator), and client devices with authentication software (supplicants). If a device tries to connect to the 802.1X network, the device must go through user authentication in order to prove that the connection is made by an authorized user. Authentication information is sent to and checked by a RADIUS server, which permits or rejects communication to the network depending on the authentication result. If authentication fails, a LAN switch (or an access point) blocks access from the outside of the network.
Select the authentication method from the options below. If necessary, install or register a key pair or CA certificate before configuring IEEE 802.1X authentication (Using CA-issued Key Pairs and Digital Certificates).
TLS
The machine and the authentication server authenticate each other by mutually verifying their certificates. A key pair issued by a certification authority (CA) is required for the client authentication (when authenticating the machine). For the server authentication, a CA certificate installed via the Remote UI can be used in addition to a CA certificate preinstalled in the machine.
TTLS
This authentication method uses a user name and password for the client authentication and a CA certificate for the server authentication. MSCHAPv2 or PAP can be selected as the internal protocol. TTLS can be used with PEAP at the same time. Enable TLS for the Remote UI before configuring this authentication method (Enabling TLS Encrypted Communication for the Remote UI).
PEAP
The required settings are almost the same as those of TTLS. MS-CHAPv2 is used as the internal protocol. Enable TLS for the Remote UI before configuring this authentication method (Enabling TLS Encrypted Communication for the Remote UI).
1
Start the Remote UI and log on in System Manager Mode. Starting Remote UI
2
Click [Settings/Registration].
3
Click [Network Settings]  [IEEE 802.1X Settings].
4
Click [Edit].
5
Select the [Use IEEE 802.1X] check box, enter the login name in the [Login Name] text box, and specify the required settings.
[Use IEEE 802.1X]
Select the check box to enable IEEE 802.1X authentication.
[Login Name]
Enter up to 24 alphanumeric characters for a name (EAP identity) that is used for identifying the user.
Setting TLS
1
Select the [Use TLS] check box and click [Key and Certificate].
2
Click [Register Default Key] on the right of the key pair you want to use for the client authentication.
Viewing details of a key pair or certificate
You can check the details of the certificate or verify the certificate by clicking the corresponding text link under [Key Name], or the certificate icon. Verifying Key Pairs and Digital Certificates
Setting TTLS/PEAP
1
Select the [Use TTLS] or [Use PEAP] check box.
Internal protocol for TTLS
You can select MSCHAPv2 or PAP. If you want to use PAP, click the [PAP] radio button.
2
Click [Change User Name/Password].
To specify a user name other than the login name, clear the [Use Login Name as User Name] check box. Select the check box if you want to use the login name as the user name.
3
Set the user name/password and click [OK].
[User Name]
Enter up to 24 alphanumeric characters for the user name.
[Change Password]
To set or change the password, select the check box and enter up to 24 alphanumeric characters for the new password both in the [Password] and [Confirm] text boxes.
6
Click [OK].
7
Restart the machine.
Turn OFF the machine, wait for at least 10 seconds, and turn it back ON.
Using the operation panel
You can also enable or disable IEEE 802.1X authentication from <Menu>. IEEE 802.1X Settings
1560-051