Connecting this machine to IEEE802.1X authentication environment

When IEEE802.1X authentication is installed in your environment, configure settings to use IEEE802.1X authentication on this machine.

Using IEEE802.1X authentication enables you to only connect devices authorized by administrators to the LAN environment. Devices that are not authenticated will not be allowed to even join the network, and this ensures rigid security.

Select [Network] - [IEEE802.1X Authentication Setting] - [IEEE802.1X Authentication Setting] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the following settings.

Setting

Description

[IEEE802.1X Authentication Setting]

When using IEEE802.1X authentication, set this option to ON (default: OFF).

[Supplicant Setting]

Configure settings to operate this machine as a supplicant (client to be authenticated).

For details on settings, refer to the settings of [Supplicant Setting] shown below.

Settings of [Supplicant Setting]

Setting

Description

[User ID]

Enter a user ID (using up to 128 characters).

This user ID is used for all EAP-Type options.

[Password]

Enter a password (using up to 128 characters).

The password is used for all EAP-Type options other than [EAP-TLS].

[EAP-Type]

Select the EAP authentication method (default: [OFF]).

  • [Depend on Server]: The EAP-Type provided by the authentication server will be used for authentication. Configure the supplicant settings as required for this machine according to the EAP-Type provided by the authentication server.

  • Do not select [OFF].

[EAP-TTLS]

Configure the EAP-TTLS settings if [EAP-Type] is set to [EAP-TTLS] or [Depend on Server].

  • [anonymous]: Enter the user ID used for EAP-TTLS authentication (using up to 128 characters).

  • [Inner Authentication Protocol]: Select an internal authentication protocol for EAP-TTLS.

[Server ID]

To verify CN of the certificate, enter the server ID (using up to 64 characters).

[Client Certificates]

Select whether to encrypt the authentication information using a certificate for this machine.

This setting can be configured if the following conditions are satisfied:

  • The certificate is registered on this machine

  • [EAP-TLS], [EAP-TTLS], [PEAP], or [Depend on Server] is selected from [EAP-Type].

[Encryption Strength]

If [EAP-TLS], [EAP-TTLS], [PEAP], or [Depend on Server] is selected from [EAP-Type], select an encryption strength for encryption by TLS.

  • [Mid]: Keys that are more than 56 bits in length are used for communication.

  • [High]: Keys that are more than 128 bits in length are used for communication.

[Certificate Verification Level Settings]

To verify the certificate, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period (default: ON).

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address (default: OFF).

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path) (default: OFF). The chain is validated by referencing the external certificates managed on this machine.

[Network Stop Time]

When specifying the delay time between the start of an authentication process and the end of network communication, set this option to ON (default: OFF).

  • [Stop Time]: Enter the delay time (sec.).

If an authentication process does not succeed within the specified time, all network communication will stop. To restart the authentication process after network communication stopped, reboot this machine.

Tips

  • You can select [Network] - [IEEE802.1X Authentication Setting] - [IEEE802.1X Authentication Trial] to confirm the current authentication status. The authentication process can be activated for the authentication server.

  • This setting is not displayed on Web Connection when [Network I/F Configuration] is set to [Wireless Only]. In a wireless-only environment, if [WPA-EAP(AES)] or [WPA2-EAP(AES)] is selected in [Wireless Network Setting] - [Authentication/Encryption Algorithm], select [Utility] - [Administrator] - [Network] - [IEEE802.1x Setting] on the screen of this machine, and configure the supplicant settings.