Using IEEE 802.1X

In a network environment with IEEE 802.1X authentication, only client devices (supplicants) authenticated by the authentication server (RADIUS server) are allowed to connect to the network via the LAN switch (authenticator), thereby blocking unauthorized access. When connecting the machine to a network that uses IEEE 802.1X authentication, you must configure the settings on the machine such as the authentication method managed by the authentication server.

IEEE 802.1X Authentication Methods

The following IEEE 802.1X authentication methods are supported:
TLS
The machine and authentication server authenticate each other by mutually verifying their certificates. This cannot be used together with another authentication method.
TTLS
This authentication method uses a user name and password for machine authentication and a CA certificate for the server authentication. MSCHAPv2 or PAP can be selected as the internal protocol, and TTLS can be used together with PEAP.
PEAP
The required settings are almost the same as those for TTLS, with MSCHAPv2 used as the internal protocol.

Setting IEEE 802.1X

First enable IEEE 802.1X, and then set the authentication method.
This section describes how to configure the settings using Remote UI from a computer.
On the operation panel, select [Menu] in the [Home] screen, and then select [Preferences] to configure the settings. However, the operation panel can only be used to enable or disable IEEE 802.1X. [IEEE 802.1X Settings]
Administrator privileges are required. The machine must be restarted to apply the settings.
Required Preparations
When using TLS as the authentication method, prepare the key and certificate issued by the certificate authority and used for authentication of the machine. Managing and Verifying a Key and Certificate
* A preinstalled CA certificate or a CA certificate installed from Remote UI is used for server authentication.
When using TTLS or PEAP as the authentication method, TLS-encrypt communication using Remote UI. Using TLS
1
Log in to Remote UI in System Manager Mode. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Portal Page of Remote UI
3
Click [Network Settings] [IEEE 802.1X Settings] [Edit].
The [Edit IEEE 802.1X Settings] screen is displayed.
4
Select the [Use IEEE 802.1X] checkbox, and enter the login name.
For the login name, enter a name to identify the user (EAP Identity) using single-byte alphanumeric characters.
When verifying the certificate of an authentication server
Select the [Verify Authentication Server Certificate] checkbox.
When verifying the common name of the certificate, select the [Verify Authentication Server Name] checkbox, and enter the name of the authentication server to which the user is registered.
5
Configure the settings according to the authentication method to be used.
When using TLS
1
Select the [Use TLS] checkbox.
2
In [Name of Key to Use], click [Key and Certificate].
The [Key and Certificate Settings] screen is displayed.
3
To the right of the key and certificate to use, click [Register Default Key].
Click the key name (or certificate icon) to display the certificate details.
On the certificate details screen, click [Verify Certificate] to verify that the certificate is valid.
When using TTLS or PEAP
1
Select the [Use TTLS] or [Use PEAP] checkbox.
When using TTLS, select the internal protocol to be used.
2
Use [Use Login Name as User Name] to specify whether to use the login name of IEEE 802.1X authentication for the user name.
3
In [User Name/Password Settings], click [Change User Name/Password].
The [Change User Name/Password] screen is displayed.
4
Set the user name and password, and select the [OK] checkbox.
Enter the user name using single-byte alphanumeric characters.
To set a password, select the [Change Password] checkbox, and enter the same password in both [Password] and [Confirm] using single-byte alphanumeric characters.
6
Click [OK].
7
Restart the machine. Restarting the Machine
The settings are applied.
95LS-06A