Configuring IEEE 802.1X Authentication Settings

The machine can connect to an 802.1X network as a client device. A typical 802.1X network consists of a RADIUS server (authentication server), LAN switch (authenticator), and client devices with authentication software (supplicants). If a device tries to connect to the 802.1X network, the device must go through user authentication in order to prove that the connection is made by an authorized user. Authentication information is sent to and checked by a RADIUS server, which permits or rejects communication to the network depending on the authentication result. If authentication fails, a LAN switch (or an access point) blocks access from the outside of the network.
 
IEEE 802.1X Authentication Method
Select the authentication method from the options below. If necessary, install or register a key and certificate or a CA certificate before configuring IEEE 802.1X authentication (Registering the Key and Certificate for Network Communication).
TLS
The machine and the authentication server authenticate each other by mutually verifying their certificates. A key and certificate issued by a certification authority (CA) is required for the client authentication (when authenticating the machine). For the server authentication, a CA certificate installed via the Remote UI can be used in addition to a CA certificate preinstalled in the machine.
TTLS
This authentication method uses a user name and password for the client authentication and a CA certificate for the server authentication. MSCHAPv2 or PAP can be selected as the internal protocol. TTLS can be used with PEAP at the same time. Enable TLS for the Remote UI before configuring this authentication method (Configuring the Key and Certificate for TLS).
PEAP
The required settings are almost the same as those of TTLS. MSCHAPv2 is used as the internal protocol. Enable TLS for the Remote UI before configuring this authentication method (Configuring the Key and Certificate for TLS).
 
For more information about the basic operations to be performed when setting the machine from the Remote UI, see Setting Up Menu Options from Remote UI.
1
Start the Remote UI and log in to System Manager Mode. Starting Remote UI
2
Click [Settings/Registration] on the Portal page. Remote UI Screen
3
Select [Network Settings]  [IEEE 802.1X Settings].
4
Click [Edit].
5
Select the [Use IEEE 802.1X] check box, and enter the login name in the [Login Name] text box.
[Use IEEE 802.1X]
Select the check box to enable IEEE 802.1X authentication.
[Login Name]
Enter alphanumeric characters for a name (EAP identity) that is used for identifying the user.
6
Configure the required settings according to the specified authentication method.
 Setting TLS
1
Select the [Use TLS] check box and click [Key and Certificate].
You cannot use TLS with TTLS or PEAP.
2
Click [Register Default Key] on the right of the key and certificate you want to use for the client authentication.
Viewing details of a certificate
You can check the details of the certificate or verify the certificate by clicking the corresponding text link under [Key Name], or the certificate icon.
 Setting TTLS/PEAP
1
Select the [Use TTLS] or [Use PEAP] check box.
Internal protocol for TTLS
You can select MSCHAPv2 or PAP.
2
Click [Change User Name/Password].
To specify a user name other than the login name, clear the [Use Login Name as User Name] check box. Select the check box if you want to use the login name as the user name.
3
Set the user name/password.
[User Name]
Enter alphanumeric characters for the user name.
[Change Password]
To set or change the password, select the check box and enter alphanumeric characters for the new password both in the [Password] and [Confirm] text boxes.
4
Click [OK].
7
Click [OK].
8
Restart the machine.
Turn OFF the machine, wait for at least 10 seconds, and turn it back ON.
Using the operation panel
You can also enable or disable IEEE 802.1X authentication from <Menu> in the Home screen. <Use IEEE 802.1X>
2579-07E