The 802.1X Configuration Summary page displays the current 802.1X authentication settings on the printer that are used to connect to your network. This page also provides access to pages for configuring 802.1X settings.

To configure 802.1X, either click the Advanced... button to display the 802.1X Advanced Configuration page, or click the Configuration Wizard... button to display a series of pages that guide you through 802.1X configuration. Either configuration method achieves the same result.

Note: Use caution when changing 802.1X authentication settings; you may lose your connection to the printer. Contact your network administrator before changing 802.1X settings.

Introduction to 802.1X and EAP

The 802.1X IEEE standard defines port-based, authenticated network access control for Ethernet local area networks (LANs). With 802.1X, the user or device must pass network access control by successfully authenticating with credentials, such as a name and password, or network access is denied. 802.1X uses the Extensible Authentication Protocol (EAP) to relay port access requests between LAN stations/the clients being authenticated (supplicants), Ethernet switches or wireless access points (authenticators) and RADIUS servers (authentication servers).

EAP is the standard authentication mechanism carried over 802.1X. The EAP method is an inner authentication protocol that provides the secure mechanism for the authentication exchange. Multiple EAP methods can be used. EAP methods are defined in International Engineering Task Force (IETF) Requests for Comments (RFC) documents, RFC drafts, or they can be proprietary. EAP methods have a significant influence on how your network is designed and implemented, because not all supplicants, not all access points, and not all RADIUS servers support all EAP methods. A careful evaluation of standards can help with selecting appropriate LAN components that will avoid vendor lock-in or dead-end technology.

For more information about EAP methods, search by RFC number on the IETF website or on the RFC archive website. For general information about EAP, see RFC 2284.

802.1X Configuration in CentreWare IS

Use the 802.1X configuration pages in CentreWare IS to perform the following tasks. Required information varies depending on the EAP method(s) that you select:

1. Select EAP authentication method(s) – Select one or more authentication methods:
• MD5 Challenge – See RFC 3748
• TLS – See RFC 4346
• PEAP-MS-CHAPv2 (PEAP) – See RFC 2759
2. Install root certificate – If you select EAP method(s) that require a root certificate, you can:
• Install a new root certificate.
• Use the already existing root certificate.
• Choose not to validate server.
3. Install device certificate – If you select EAP method(s) that require a device certificate, you can:
• Install a new device certificate.
• Use the default self-signed certificate.
• Use a custom self-signed certificate.
• Use already existing signed device certificate – if one exists.
4. Enter credentials – Specify the user name and password that users must provide, if you select EAP method(s) that require credentials.

EAP Methods and Required Configuration Parameters

Default Settings

• 802.1X – Off
• Authentication Method – All methods selected
• Validate Server Using – No Validation
• Authentication Certificate – Default Self-Signed

Access to the 802.1X configuration pages in CentreWare IS can be restricted by the passwords and feature authorization settings defined on the Administrative Security Settings page. To access this page, click the Properties tab, select Security, and then select Administrative Security Settings. See the Administrative Security Settings Help for more information.

For more information about security features, see the System Administrator Guide (English only).