The supported 802.1X authentication protocols and associated configuration depend on the print server model and firmware version. Available configuration settings are listed in Table 4-18 802.1X configuration settings on page 101.

Table 4-18802.1X configuration settings

Item

Description

 

 

Enable Protocols

Enable (check) the supported protocols used for 802.1X authentication on your network.

 

PEAP Uses digital certificates for network server authentication and passwords for

 

client authentication. PEAP requires an EAP User Name, EAP Password, and CA

 

Certificate. Dynamic encryption keys are also used.

 

EAP-TLSUses a mutual authentication protocol based on digital certificates for

 

authentication of both the client and the network authentication server. EAP-TLS

 

requires an EAP User Name, HP Jetdirect certificate and CA certificate. Dynamic

 

encryption keys are also used.

 

 

User Name

EAP/802.1X user name (up to 128 characters maximum) for this device. The default is

 

the default host name of the print server, NPIxxxxxx, where xxxxxx are the last six digits

 

of the LAN hardware (MAC) address. You can also use DOMAIN\username, where

 

DOMAIN is the Microsoft Windows NT 4 style DOMAIN name, username@domain, or

 

username.

 

 

Password, Confirm Password

EAP/802.1X password (up to 128 characters maximum) for this device. Enter the

 

password again in the Confirm Password field to verify.

 

 

Server ID

Server ID validation string to identify and validate the authentication server. The string is

 

specified on the digital certificate issued by a trusted certificate authority (CA) for the

 

authentication server. Can contain a partial string (right-most characters) unless the

 

Require Exact Match check box is selected.

 

 

Encryption Strength

Minimum encryption strength used during communication with the authentication server.

 

Select Low, Medium, or High encryption strength. For each encryption strength,

 

ciphers are specified to identify the weakest cipher allowed.

 

 

Jetdirect Ceritificate

A self-signed HP Jetdirect certificate is pre-installed. To install a replacement, click

 

Configure.

 

 

CA Certificate

To validate the authentication server's identity, the authentication server's certificate or a

 

CA (or “Root”) certificate must be installed on the print server. This CA certificate must

 

be issued by the certificate authority who signed the authentication server's certificate.

 

To configure or install a CA certificate, click Configure.

 

 

On Authentication Failure

By default, an invalid 802.1x configuration causes the print server to lose network

 

connectivity. This typically requires physical access to the printer/MFP to perform a

 

manual 802.1x reset from the control panel.

 

To allow network connectivity after an authentication failure (set the switch port to

 

unsecure), select Connect anyway (802.1x Fail-over).

 

To retain the default behavior during an authentication failure (block network access),

 

select Block network (secure failure).

 

 

ENWW

Networking tab 101