Xerox Phaser 4510 Administrator's Guide
802.1X Configuration
System Administrator Guide
4-14
802.1X Configuration
Introduction to 802.1X and EAP
The 802.1X IEEE standard defines port-based, authenticated network access control for
Ethernet local area networks (LANs). With 802.1X, the user or device must pass network
access control by successfully authenticating with credentials, such as a name and password,
or network access is denied. 802.1X uses the Extensible Authentication Protocol (EAP) to
relay port access requests between LAN stations/the clients being authenticated (supplicants),
Ethernet switches or wireless access points (authenticators) and RADIUS servers
(authentication servers).
Ethernet local area networks (LANs). With 802.1X, the user or device must pass network
access control by successfully authenticating with credentials, such as a name and password,
or network access is denied. 802.1X uses the Extensible Authentication Protocol (EAP) to
relay port access requests between LAN stations/the clients being authenticated (supplicants),
Ethernet switches or wireless access points (authenticators) and RADIUS servers
(authentication servers).
EAP is the standard authentication mechanism carried over 802.1X. The EAP method is an
inner authentication protocol that provides the secure mechanism for the authentication
exchange. Multiple EAP methods can be used. EAP methods are defined in International
Engineering Task Force (IETF) Requests for Comments (RFC) documents, RFC drafts, or
they can be proprietary. EAP methods have a significant influence on how your network is
designed and implemented, because not all supplicants, not all access points, and not all
RADIUS servers support all EAP methods. A careful evaluation of standards can help with
selecting appropriate LAN components that will avoid vendor lock-in or dead-end technology.
inner authentication protocol that provides the secure mechanism for the authentication
exchange. Multiple EAP methods can be used. EAP methods are defined in International
Engineering Task Force (IETF) Requests for Comments (RFC) documents, RFC drafts, or
they can be proprietary. EAP methods have a significant influence on how your network is
designed and implemented, because not all supplicants, not all access points, and not all
RADIUS servers support all EAP methods. A careful evaluation of standards can help with
selecting appropriate LAN components that will avoid vendor lock-in or dead-end technology.
802.1X Configuration in CentreWare IS
Use the 802.1X configuration pages in CentreWare IS to perform the following tasks.
Required information varies depending on the EAP method(s) that you select.
Required information varies depending on the EAP method(s) that you select.
Note:
Access to the 802.1x configuration pages in CentreWare IS can be restricted by the
passwords and feature authorization settings under Administrative Security.
1.
Launch your web browser.
2.
Enter the printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).
3.
Click Properties.
4.
Open the Security folder on the left navigation panel and select 802.1X.
5.
Click the Advanced button for more experienced users or click the Configuration
Wizard button which will guide you through the setup.
Wizard button which will guide you through the setup.
For more information, click the Help button in CentreWare IS to view the online help.
6.
Select EAP authentication method(s) – Select one or more authentication methods:
■
MD5 Challenge
■
TLS
■
PEAP-MS-CHAPv2 (PEAP)
If you selected a method that uses X.509 security certificates (TLS or PEAP), you can use
use a root certificate to validate the authenticating server's certificate.
use a root certificate to validate the authenticating server's certificate.
If you have selected TLS authentication, you must either install a signed device
certificate that is trusted by the authenticating server, or add the device's
self-signed certificate to the authenticating server's trusted certificate store.
certificate that is trusted by the authenticating server, or add the device's
self-signed certificate to the authenticating server's trusted certificate store.