Using the IEEE802.1X authentication

Configure the setting if your environment requires the IEEE802.1X authentication.

Using IEEE802.1X authentication enables you to only connect devices authorized by administrators to the LAN environment. Devices that are not authenticated will not be allowed to even join the network, and this ensures rigid security.

In the administrator mode, select [Network] - [IEEE802.1X Authentication Setting] - [IEEE802.1X Authentication Setting], then configure the following settings.

Settings

Description

[IEEE802.1X Authentication Setting]

Select [ON] to use IEEE802.1X authentication.

[OFF] is specified by default.

[Supplicant Setting]

In IEEE802.1x authentication, this machine acts as a supplicant (client to be authenticated).

Configure the settings required for authentication by the authentication server.

[User ID]

Enter a user ID (using up to 128 characters).

This user ID is used for all EAP-Type options.

[Password]

Enter a password with 128 characters.

The password is used for all EAP-Type options other than [EAP-TLS].

To enter (change) the password, select the [Password is changed.] check box, then enter a new password.

[EAP-Type]

Select an EAP authentication method.

  • [Depend on Server]: The EAP-Type provided by the authentication server will be used for authentication. Configure the supplicant settings as required for this machine according to the EAP-Type provided by the authentication server.

  • Do not select [OFF].

[OFF] is specified by default.

[EAP-TTLS]

Configure the EAP-TTLS settings if [EAP-Type] is set to [EAP-TTLS] or [Depend on Server].

  • [anonymous]: Enter the anonymous name used for EAP-TTLS authentication (using up to 128 characters).

  • [Inner Authentication Protocol]: Select an internal authentication protocol for EAP-TTLS.

[Server ID]

To verify CN of the certificate, enter the server ID (using up to 64 characters).

[Client Certificates]

Select whether to encrypt the authentication information using a certificate for this machine, if necessary.

This setting can be configured if the following conditions are satisfied:

  • The certificate is registered on this machine

  • [EAP-TLS], [EAP-TTLS], [PEAP], or [Depend on Server] is selected from [EAP-Type].

[Encryption Strength]

If [EAP-TLS], [EAP-TTLS], [PEAP], or [Depend on Server] is selected from [EAP-Type], select an encryption strength for encryption by TLS, if necessary.

  • [Mid]: Keys that are more than 56 bits in length are used for communication.

  • [High]: Keys that are more than 128 bits in length are used for communication.

[Certificate Verification Level Settings]

To verify the certificate, select items to be verified.

If you select [Confirm] at each item, the certificate is verified for each item.

  • [Validity Period]: Confirm whether the certificate is within the validity period.
    [Confirm] is specified by default.

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address.
    [Do Not Confirm] is specified by default.

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine.
    [Do Not Confirm] is specified by default.

[Network Stop Time]

Specify the delay time between the start of an authentication process and the end of network communication, if necessary.

If an authentication process does not succeed within the specified time, all network communication will stop.

To specify the delay time, select the [Network Stop Time] check box, and enter the delay (sec.) in [Stop Time].

To restart the authentication process after network communication stopped, reboot this machine.

Tips

  • In the administrator mode, select [Network] - [IEEE802.1X Authentication Setting] - [IEEE802.1X Authentication Trial] to confirm the current authentication status. The authentication process can be activated for the authentication server.

  • This setting is not displayed on Web Connection when [Network I/F Configuration] is set to [Wireless Only]. In a wireless-only environment, if [WPA-EAP(AES)] or [WPA2-EAP(AES)] is selected in [Wireless Network Setting] - [Authentication/Encryption Algorithm], configure the supplicant settings in [Utility] on the Control Panel. For details, refer to [IEEE802.1x Setting] .