TCP/IP Settings

TCP/IP Settings

This screen allows you to configure settings to connect the machine to a TCP/IP environment and use it.

The IP address can be checked and its acquisition method can be set, the DNS server can be set in the current operating environment, and the IPsec setting can be made based on the safety communication technology as follows.

Menu Item/Description

Setting Items/Options (with default bolded)

TCP/IP Settings

ON, OFF

IPv4 Settings

IP Application Method *1

Manual Input, Auto Input

Manual Input

IP Address

0.0.0.0 (0 to 255)

Subnet Mask

0.0.0.0 (0 to 255)

Default Gateway

0.0.0.0 (0 to 255)

Auto Input

DHCP Setting

ON, OFF

BOOTP Setting

ON, OFF

ARP/PING Setting

ON, OFF

AUTO IP Setting

ON, OFF

IPv6 Settings

ON, OFF *2

Auto IPv6 Settings

ON, OFF *3

DHCPv6 Setting

ON, OFF

Global Address

0000:0000:0000:0000:0000:

0000:0000:0000 (1 to 39 bytes) *4

Prefix Length

1 to 128 (0)

Link Local Address

fe80: xxxx (where, "xxxx" is the Mac address)

Gateway Address

0000:0000:0000:0000:0000:

0000:0000:0000 (1 to 39 bytes) *7

DNS Host

DNS Host Name

Up to 63 one-byte characters can be used.

Dynamic DNS Setting

Enable, Disable

DNS Domain

Domain Name Auto Retrieval

Enable, Disable

Search Domain Name Auto Retrieval

Enable, Disable

DNS Default Domain Name

Up to 251 one-byte characters can be used. *9

DNS Search Domain Name 1

Up to 251 one-byte characters can be used. *9

DNS Search Domain Name 2

Up to 251 one-byte characters can be used. *9

DNS Search Domain Name 3

Up to 251 one-byte characters can be used. *9

DNS Server Settings (IPv4)

DNS Server Auto Obtain

Enable, Disable

Primary DNS Server

0.0.0.0 (0 to 255)

Secondary DNS Server 1

0.0.0.0 (0 to 255)

Secondary DNS Server 2

0.0.0.0 (0 to 255)

DNS Server Settings (IPv6)

DNS Server Auto Obtain

Enable, Disable

Primary DNS Server

0000:0000:0000:0000:0000:

0000:0000:0000 (1 to 39 bytes)

Secondary DNS Server 1

0000:0000:0000:0000:0000:

0000:0000:0000 (1 to 39 bytes)

Secondary DNS Server 2

0000:0000:0000:0000:0000:

0000:0000:0000 (1 to 39 bytes)

IPsec Setting/IPsec Settings

IPsec is a technique that prevents data falsification or data leakage on an IP packet basis using the encryption technology.

IKE Settings

Configure settings to create an IPsec common key.

IKEv1 Settings

Encryption Algorithm

DES-CBC, 3DES-CBC, AES-CBC

AES Key Length Settings *5

ON, OFF

128, 192, 256, 128 and 192, 192 and 256, All

Authentication Algorithm

MD5, SHA-1, SHA-2

SHA-2 Key Length Settings *6

ON, OFF

256, 384, 512, 256 and 384, 384 and 512, All

Diffie-Hellman Group

Group 1, Group 2, Group 5, Group 14, Group 15, Group 16, Group 17, Group 18, Group 19, Group 20, Group 21, Group 22, Group 23, Group 24

Key Valid Time

600 to 604800 (28800) (sec.)

Negotiation Mode

Main Mode, Aggressive Mode

IKEv2 Settings

Encryption Algorithm

DES-CBC, 3DES-CBC, AES-CBC

AES Key Length Settings *5

ON, OFF

128, 192, 256, 128 and 192, 192 and 256, All

Authentication Algorithm

MD5, SHA-1, SHA-2, AES-XCBC

SHA-2 Key Length Settings *6

ON, OFF

256, 384, 512, 256 and 384, 384 and 512, All

Diffie-Hellman Group

Priority 1

Group 1, Group 2, Group 5, Group 14, Group 15, Group 16, Group 17, Group 18, Group 19, Group 20, Group 21, Group 22, Group 23, Group 24

Priority 2

Group 1, Group 2, Group 5, Group 14, Group 15, Group 16, Group 17, Group 18, Group 19, Group 20, Group 21, Group 22, Group 23, Group 24, OFF

Priority 3

Group 1, Group 2, Group 5, Group 14, Group 15, Group 16, Group 17, Group 18, Group 19, Group 20, Group 21, Group 22, Group 23, Group 24, OFF

Priority 4

Group 1, Group 2, Group 5, Group 14, Group 15, Group 16, Group 17, Group 18, Group 19, Group 20, Group 21, Group 22, Group 23, Group 24, OFF

Key Valid Period

600 to 604800 (28800) (sec.)

IPsec SA Settings

Set SA (Security Association) used to establish an encryption communication.

Group 1 to Group 10

ON, OFF

Group Name

Up to 10 one-byte characters can be used.

Encapsulation Mode

Tunnel Mode, Transport Mode

Tunnel End Point

IPv4 address or IPv6 address (Max. 39 bytes)

Security Protocol

AH, ESP

Key Exchange Method

IKEv1, IKEv2, Manual Key

Authentication Method

Pre-Shared Key, Digital Signature

Local Authentication Method

Pre-Shared Key, Digital Signature

Peer Authentication Method

Pre-Shared Key, Digital Signature, Pre-Shared Key/Digital Signature

ESN

Enable, Invalid

Replay Detection

Enable, Invalid

ESP Encryption Algorithm

AES_CBC, AES_CTR, DES_CBC, AES-GCM-64, 3DES_CBC, AES-GCM, NULL, ENC-NULL-AES-GMAC

AES-CBC Key Length

128, 192, 256, 128 and 192, 192 and 256, All

AES-CTR Key Length

128, 192, 256, 128 and 192, 192 and 256, All

AES-GCM Key Length

128, 192, 256, 128 and 192, 192 and 256, All

AES-GCM-64 Key Length

128, 192, 256, 128 and 192, 192 and 256, All

ENC-NULL-AES-GMAC Key Len

128, 192, 256, 128 and 192, 192 and 256, All

ESP Authentication Algorithm

MD5, SHA-1, SHA-2, AES-XCBC

SHA-2 Key Length

256, 384, 512, 256 and 384, 384 and 512, All

AH Auth. Algorithm

MD5, SHA-1, SHA-2, AES-GMAC, AES-XCBC

SHA-2 Key Length

256, 384, 512, 256 and 384, 384 and 512, All

AES-GMAC Key Length

128, 192, 256, 128 and 192, 192 and 256, All

Perfect Forward Secrecy

Use, Not Use

Diffie-Hellman Group (IKEv1)

1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, OFF

Diffie-Hellman Group (IKEv2)

Priority 1

Group 1, Group 2, Group 5, Group 14, Group 15, Group 16, Group 17, Group 18, Group 19, Group 20, Group 21, Group 22, Group 23, Group 24

Priority 2

Group 1, Group 2, Group 5, Group 14, Group 15, Group 16, Group 17, Group 18, Group 19, Group 20, Group 21, Group 22, Group 23, Group 24, OFF

Priority 3

Group 1, Group 2, Group 5, Group 14, Group 15, Group 16, Group 17, Group 18, Group 19, Group 20, Group 21, Group 22, Group 23, Group 24, OFF

Priority 4

Group 1, Group 2, Group 5, Group 14, Group 15, Group 16, Group 17, Group 18, Group 19, Group 20, Group 21, Group 22, Group 23, Group 24, OFF

Encryption Algorithm

DES_CBC, 3DES_CBC, AES_CBC, NULL

AES Key Length

128, 192, 256

Authentication Algorithm

MD5, SHA1, SHA2, AES-XCBC

SHA2 Key Length

256, 384, 512

SA Index

Receive

256 to 4294967295

Send

256 to 4294967295

Common Keys for Enc.

Receive

Send

Common Keys for Auth.

Receive

Send

Destroy Time after Setup

600 to 604800 (3600) (sec.)

Peer

Group 1 to Group 10

ON, OFF

Group Name

Up to 10 one-byte characters can be used.

Addressing Mode

Unicast, Subnet Settings, Set Range

Unicast

IPv4 Address Input, IPv6 Address Input

Subnet Settings

IP Address: IPv4 Address Input, IPv6 Address Input

Subnet Mask: IPv4 Address Input, IPv6 Address Input

Set Range

From IP Address: IPv4 Address Input, IPv6 Address Input

To IP Address: IPv4 Address Input, IPv6 Address Input

Pre-Shared Key

ASCII input

Up to 128 one-byte characters can be used.

Hexadecimal input

Up to 256 one-byte characters can be used.

Key-ID Key

Up to 128 one-byte characters can be used.

Protocol Setting

Group 1 to Group 10

ON, OFF

Group Name

Up to 10 one-byte characters can be used.

Protocol Identification Setting

TCP, UDP, ICMP, ICMPv6, Do Not Set

Port Specification Method

Port Number, Set Range

Port Number

Source Port Number: 1 to 65535

Destination Port Number: 1 to 65535

Set Range

Source Port Number/Start Number: 1 to 65535

Source Port Number/End Number: 1 to 65535

Destination Port Number/Start Number: 1 to 65535

Destination Port Number/End Number: 1 to 65535

Message Type (ICMP, ICMPv6)

Echo Request/Reply, Do Not Set

IPsec Setting/Enable Ipsec

ON, OFF

IPsec Policy

Group 1 to Group 10

Group Name

Up to 10 one-byte characters can be used.

Peer

1 to 10 keys

Protocol

1 to 10 keys

IPsec Setting

1 to 10 keys

Communication Type

Send and Receive, Send, Receive

Action

Protected, Allow, Deny, Cancel

Common Settings

Dead Peer Detection

15, 30, 45, 60, 75, 90, 105, 120

Cookies

Enable, Invalid

ICMP Pass Settings

Enable, Invalid

ICMPv6 Pass Settings

Enable, Invalid

Default Action

Allow, Deny

Certificate Verification Level Settings

Expiration Date

Confirm, Do Not Confirm

Key Usage

Confirm, Do Not Confirm

Chain


Confirm, Do Not Confirm

Expiration Date Confirmation

Confirm, Do Not Confirm

IPsec Setting - Communication Check

Check Connection

IP Address

IPv4 Address Input

0.0.0.0 (0 to 255)

Ipv6 Address Input

0: 0: 0: 0: 0: 0: 0: 0 (1 to 39 bytes)

Check Connection

Communication Error Log

Logs 1 to 20

IP Filtering(Permit Access)

Enable, Disable

Range 1: Start 0.0.0.0 to End 0.0.0.0 (0 to 255) *11

Range 2: Start 0.0.0.0 to End 0.0.0.0 (0 to 255)

Range 3: Start 0.0.0.0 to End 0.0.0.0 (0 to 255)

Range 4: Start 0.0.0.0 to End 0.0.0.0 (0 to 255)

Range 5: Start 0.0.0.0 to End 0.0.0.0 (0 to 255)

IP Filtering(Deny Access)

Enable, Disable

Range 1: Start 0.0.0.0 to End 0.0.0.0 (0 to 255) *11

Range 2: Start 0.0.0.0 to End 0.0.0.0 (0 to 255)

Range 3: Start 0.0.0.0 to End 0.0.0.0 (0 to 255)

Range 4: Start 0.0.0.0 to End 0.0.0.0 (0 to 255)

Range 5: Start 0.0.0.0 to End 0.0.0.0 (0 to 255)

RAW Port Number

Port 1

1 to 65535 (9100), Do Not Use *10

Port 2

1 to 65535 (9112), Do Not Use

Port 3

1 to 65535 (9113), Do Not Use

Port 4

1 to 65535 (9114), Do Not Use

Port 5

1 to 65535 (9115), Do Not Use

Port 6

1 to 65535 (9116), Do Not Use

LLMNR Setting

Enable, Disable

*1:

If Auto Input is selected, the following settings are available.
-DHCP Setting
-BOOTP Setting
-ARP/PING Setting
-AUTO IP Setting
However, changing the selection from Auto Input to Manual Input invalidates the settings made for "DHCP Setting" and "BOOTP Setting." Also, changing from Manual Input to Auto Input validates the following settings.
-DHCP Setting
-BOOTP Setting
-ARP/PING Setting
-AUTO IP Setting

*2:

If "IPv6 Settings" is set to OFF, this function is disabled even when "IPv6 Auto Setting" is set to ON. In Web Connection, the drop-down list of ''IPv6 Auto Setting'' is grayed out.

*3:

Selecting OFF for "IPv6 Auto Setting" enables the setting change of "Global Address," "Prefix Length," and "Gateway Address."

*4:

If the following address range is specified, it causes an error.
fe80:: - febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
ff00:: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

*5:

This can be set if Encryption Algorithm is set to AES-CBS.

*6:

This can be set if Encryption Algorithm is set to SHA-2.

*7:

Available only for the range from fe80: 0: 0: 0: : to fe80: 0: 0: 0: ffff: ffff: ffff: ffff.

*8:

If you use the Scan to SMB in Mac OS X 10.7 or later, set the SMB Authentication Method to NTLMv1/v2.

*9:

Up to 253 one-byte characters including periods can be entered for the host name.

To enter 64 characters or more, you need to use periods (.) to separate the characters.

*10:

You can use the advanced settings in the Administrator Mode of Web Connection (for details, refer to [TCP/IP Setting]).

*11:

Only one IP address, not a range, can be permitted/denied in three ways.

For example, to permit/deny 192.168.11.22 only, enter:

192.168.11.22 - 0.0.0.0

0.0.0.0 - 192.168.11.22

192.168.11.22 - 192.168.11.22