Setting Up IEEE802.1X/EAP (WPA/WPA2 Enterprise)
Overview
If you are using a switch/access point (authenticator) with IEEE802.1X/EAP, you can connect this printer to a wired LAN or Wi-Fi.
Note
-
The information on this page is intended for network administrators.
Setup Flow
-
Prepare the equipment.
-
IEEE802.1X/EAP compliant switch/access point (Authenticator)
-
Authentication (Radius) server
-
-
Configure settings for the authentication (Radius) server and authenticator.
Set up the authentication (Radius) server and authenticator in advance.
Note
-
For the settings of the authentication (Radius) server and IEEE802.1X/EAP switch/access point (Authenticator), refer to the respective instruction manuals.
-
-
Configure Remote UI.
Remote UI is used to configure printer security settings.
See below for an overview of Remote UI.
This web page will guide you through the configuration using Wireless Direct.
Refer to the following to connect via Wireless Direct.
Important
-
When setting using the wired LAN or infrastructure (wireless connection), configure the network settings so that you can temporarily connect to the network in the respective mode.
-
There is IEEE802.1X/EAP settings in the security item of the Remote UI menu.
-
-
On Remote UI, select Security > IEEE802.1X/EAP settings.
-
Select Authentication.
-
Login name (up to 96 characters)
The login name to connect to the authentication server.
Important
-
If you select Verify Authentication Server Name, you must set the authentication server name.
-
If you select Verify authentication server certificates, you must register the certificate authority (CA) certificate in advance.
-
-
Select Authentication.
Select PEAP, EAP-TTLS or EAP-TLS.
-
Set Authentication.
Set the data required for PEAP, EAP-TTLS, or EAP-TLS authentication.
You must have a certificate authority (CA) certificate registered to verify certificates sent from the authentication server (server certificates).
-
PEAP:
Set the user name and password that will be used for client authentication.
Normally, select Verify authentication server certificates.
-
EAP-TLS:
You must have a client authentication certificate registered.
Normally, select Verify authentication server certificates.
-
EAP-TTLS:
Select MSCHAPv2 or PAP as the authentication protocol.
Set the user name and password that will be used for client authentication.
-
-
Save your settings.
Select OK to save the IEEE802.1X/EAP settings.
-
Register the certificate authority (CA) certificate.
Select CA certificate > Upload CA certificate and upload (register) the CA certificate (X.509 DER format).
A maximum of five certificates can be registered.
-
Register key and certificate.
When EAP-TLS is selected:
Select Key and certificate settings > Upload key and certificate and upload (register) the client certificate (PKCS #12 format).
Note
-
If you choose PEAP or EAP-TTLS, you do not need to do this.
-
-
Set up Weak encryption restriction.
Select Restrict.
-
Set up Weak certificate restriction.
Select Restrict.
-
Select Enable/disable IEEE802.1X/EAP to enable IEEE802.1X/EAP
Select OK and save the settings to enable IEEE802.1X/EAP.
Note
-
You can enable or disable IEEE802.1X/EAP on the operation panel.
Note that the advanced IEEE802.1X/EAP settings are not available on the operation panel.
-
-
Connect to IEEE802.1X/EAP switch (Authenticator) or IEEE802.1X/EAP access point.
When IEEE802.1X/EAP is enabled, it is possible to search for SSIDs of IEEE802.1X/EAP access points in Manual setup on the operation panel.
Select the SSID of the IEEE802.1X/EAP access point to connect.
For a wired LAN, connect the LAN cable to the IEEE802.1X/EAP switch.
If You Cannot Connect
If you are unable to connect to the IEEE802.1X/EAP switch (Authenticator) or access point, please redo the settings from step 3 above.
Important
-
Wireless Direct is disabled when you connect to an IEEE802.1X/EAP access point. When using the Remote UI, enable Wireless Direct from the operation panel settings and connect again using Wireless Direct.
Note
-
From the Setup menu screen, select Device settings > LAN settings > Wi-Fi > Manual setup > IEEE802.1X/EAP > Latest auth. result to help troubleshoot.
-
Check that the wireless router is turned on is displayed when the switch/access point may not be turned on.
-
If the error cannot be identified, such as multiple problems occurring, An error has occurred is displayed.
-
If a connection processing problem or encryption-authentication mismatch is detected, Failed to connect to the wireless router <See manual> is displayed.
-
If you see a message other than the above, follow the instructions.
-