IEEE802.1X Authentication Settings

IEEE802.1X is a standard for port-based network access control, which realizes a local area network secured with a robust authentication system. A typical 802.1X network consists of a RADIUS server (authentication server), LAN switch (authenticator), and client devices with authentication software (supplicant).
The machine can connect to an 802.1X network as a client device. After installing and registering the required key pair and digital certificates, select the method of EAP (Extensible Authentication Protocol). The EAP methods supported by the machine are outlined below.
NOTE
Key pairs and digital certificates can be installed from a web browser (Remote UI). (Managing Jobs and Machine Data)
Key pairs and digital certificates can be registered both with the control panel and from a web browser (Remote UI).
You cannot set EAP-TLS and EAP-TTLS/PEAP at the same time.
EAP-TLS (Transport Layer Security)
Authentication using the EAP-TLS method requires both the client machine and the RADIUS server to issue their digital certificates to each other. The key and certificate (in PKCS#12 format) sent from the machine are verified using the CA certificate on the RADIUS server. The server certificate sent from the RADIUS server is verified using the CA certificate on the client.
EAP-TTLS (Tunneled TLS)
EAP-TTLS requires only the RADIUS server to issue a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client machine. The client machine is required to provide the user name/login name and password in order to authenticate itself to the server. As an internal authentication protocol, MS-CHAPv2 or PAP is available for selection.
PEAP (Protected EAP)
When PEAP is selected, only the RADIUS server issues a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client machine. The client machine is required to provide the user name/login name and password in order to be authenticated by the server. With PEAP, the machine uses MS-CHAPv2 as the internal authentication protocol.

Selecting the IEEE802.1X Authentication Method

Follow the procedure below to enable the IEEE802.1X authentication and select the EAP method.
NOTE
Before you select the IEEE802.1X Settings, make sure that the required key pairs and digital certificates are registered in the machine. (Managing Key Pairs and Digital Certificates)
If you are going to select EAP-TLS, install and register the key and certificate beforehand. (Managing Jobs and Machine Data)
1
Press (Additional Functions) → [System Settings] → [Network Settings].
2
Press [] or [] until [IEEE802.1X Settings] appears → press [IEEE802.1X Settings].
3
Press [On] to enable the IEEE802.1X authentication → press [Next].
4
Press [Login Name] → enter the login name (up to 24 characters).
5
Select the desired EAP method.
To set EAP-TLS:
1
Press [On] for <Use TLS>.
2
Press [Key and Cert.].
3
Select the key pair you want to use → press [Set as Def. Key].
NOTE:
If you want to check the details of each certificate, select the desired key pair and press [Cert. Details]. On the Certificate Details page, pressing [Cert. Verif.] enables you to check whether the selected certificate is expired or not.
If you want to check what a key pair on the list is being used for, select the desired key pair and press [Display Use Loc.].
4
Press [Yes].
5
Press [Done] to return to the IEEE802.1X Settings screen.
6
Press [OK].
To set EAP-TTLS:
1
Press [On] for <Use TTLS>.
2
Press [MSCHAPv2] or [PAP] to select the internal authentication protocol → press [OK].
3
Press [User] → enter the user name (up to 24 characters) specified on the RADIUS server. If you want to set the login name as the user name, press [Login Name as User Name].
4
Press [Password] → enter the user password (up to 24 characters) specified on the RADIUS server.
5
Press [OK].
To set PEAP:
1
Press [On] for <Use PEAP>.
2
Press [User] → enter the user name (up to 24 characters) specified on the RADIUS server. If you want to set the login name as the user name, press [Login Name as User Name].
3
Press [Password] → enter the user password (up to 24 characters) specified on the RADIUS server.
4
Press [OK].
6
Restart the machine.
Turn OFF the machine, wait at least 10 seconds, and then turn it ON.
4HLK-05X