Using IEEE 802.1X

In a network environment with IEEE 802.1X authentication, only client devices (supplicants) authenticated by the authentication server (RADIUS server) are allowed to connect to the network via the LAN switch (authenticator), thereby blocking unauthorized access. To connect the machine to a network that uses IEEE 802.1X authentication, you must configure the settings on the machine such as the authentication method managed by the authentication server.

IEEE 802.1X Authentication Methods

Configuring the IEEE 802.1X Settings

IEEE 802.1X Authentication Methods

The following IEEE 802.1X authentication methods are supported:

TLS

The machine and authentication server authenticate each other by mutually verifying their certificates. This cannot be used together with another authentication method.

TTLS

This authentication method uses a user name and password for machine authentication and a CA certificate for the server authentication. MSCHAPv2 or PAP can be selected as the internal protocol, and TTLS can be used together with PEAP.

PEAP

The required settings are almost the same as those for TTLS, with MSCHAPv2 used as the internal protocol.

Configuring the IEEE 802.1X Settings

First enable IEEE 802.1X, and then set the authentication method.

This section describes how to configure the settings using Remote UI from a computer.
On the control panel, select [

Settings/Registration] in the [Home] screen or other screen, and then select [Preferences] to configure the settings. [IEEE 802.1X Settings]
Administrator or NetworkAdmin privileges are required.

Required Preparations

When using TLS as the authentication method, prepare the key and certificate issued by the certificate authority and used for authentication of the machine. Managing and Verifying a Key and Certificate

* A preinstalled CA certificate or a CA certificate installed from Remote UI is used for server authentication.

When using TTLS or PEAP as the authentication method, use TLS to encrypt communication using Remote UI. Using TLS

On the Portal page of Remote UI, click [Settings/Registration]. Remote UI Portal Page

Click [Network Settings]

[IEEE 802.1X Settings].

The [IEEE 802.1X Settings] screen is displayed.

Select the [Use IEEE 802.1X] checkbox, and enter the login name.

For the login name, enter a name to identify the user (EAP Identity) using alphanumeric characters.

When Verifying the Certificate of an Authentication Server

Select the [Verify Authentication Server Certificate] checkbox.
To verify the Common Name of the certificate, select the [Verify Authentication Server Name] checkbox, and enter the name of the authentication server to which the user is registered.

Configure the settings according to the authentication method to be used.

When Using TLS

Select the [Use TLS] checkbox.

Click [Key and Certificate].

The [Key and Certificate for IEEE 802.1X] screen is displayed.

Click [Use] to the right of the key and certificate to use.

Click the key name (or certificate icon) to display the certificate details.

On the certificate details screen, click [Verify Certificate] to verify that the certificate is valid.

Click [IEEE 802.1X Settings] at the top of the Remote UI screen.

The [IEEE 802.1X Settings] screen is displayed again.

When Using TTLS or PEAP

Select the [Use TTLS] or [Use PEAP] checkbox.

When using TTLS, select the internal protocol to be used.

Use [Use Login Name as User Name] to specify whether to use the login name of IEEE 802.1X authentication for the user name.

Click [Change User Name/Password].

The [User Name/Password Settings] screen is displayed.

Set the user name and password.

Enter the user name using alphanumeric characters.

To set a password, enter the same password in both [Password] and [Confirm] using alphanumeric characters.

Click [OK].

The [IEEE 802.1X Settings] screen is displayed again.

Click [OK].

Click [Apply Setting Changes]

[OK].

The settings are applied.

Log out from Remote UI.