Inner Authentication Protocol: EAP-TTLS and PEAP allow for standard RADIUS protocols within their inner tunnel. User authentication is performed by a password. The password credentials are transported in a securely encrypted tunnel that is established using the server certificate. EAP- TTLS supports EAP-MD5, CHAP, MS-CHAP, and MS-CHAPv2. PEAP supports EAP-MD5 and MSCHAPv2 as inner authentications.

Identity Name: EAP-TTLS has a unique feature, TTLS Identity, that other EAP authentication protocols do not offer. It passes your user name through an encrypted tunnel (generally called tunneled TLS) as your credentials. It uses TTLS Identity as your credentials before the encrypted tunnel is created.

User Name: 802.1x EAP authentication methods, such as EAP-MD5, EAP-MSCAHPv2, EAP-TTLS, and PEAP, require an EAP user name as an account name. A user name is necessary, if 802.1x authentication is enabled. This is not saved as the default value.

User Password: 802.1x EAP authentication methods, such as EAP-MD5, EAP-MSCAHPv2, EAP-TTLS, and PEAP, require an EAP user password as an account password. A user password is necessary, if 802.1x authentication is enabled. This is not saved as the default value.

Root certificate: You can install a root certificate. To be installed on the Samsung Wireless Network Printer Card, a root certificate must be in the form of Base64 Encoded X.509 with a .cer extension and be less than 3,072 bytes. EAP-TLS, EAP-TTLS, and PEAP authentications need root certificates.

1.Click Configure.

If the root certificate has been configured, detailed information on the root certificate displays.

2.Select the root certificate file.

3.Upload the file and click back to return to the front page.

Client certificate: You can install a client certificate. To be installed on the Samsung Wireless Network Printer Card, a client certificate must be in the form of PKCS #12 / Personal Information Exchange with a .pfx extension and be less than 3,072 bytes. EAP-TLS authentication needs a client certificate.

1.Click Configure.

If the client certificate has been configured, detailed information on the client certificate displays.

2.Select the client certificate file.

3.Upload the file and click back to return to the front page.

NOTE: You can make a certificate into a file using Windows Console:

1.From the Windows Start menu, select Run.

2.Enter mmc in the Run dialogue box.

3.Select File Æ Add/Remove Snap-in.

4.Click Add, select Certificate, and then click Add.

5.In the Certificate Snap-in dialogue box, select Computer Account and click Next Æ Finish Æ Close Æ OK.

6.Select the certificate you want to change to a file.

When making a root certificate, select one of the certificates in the trusted root certificate authority folder.

When making a client certificate, select one of the certificates in the personal folder.

7.Right-click the certificate and select All task Æ Export.

8.In the Certificate Export wizard, click Next.

9.Select DER encoded X.509 Binary (.cer) for a root certificate, or PKCS #12 (.PFX) for a client certificate, and click Next.

10.Enter a file name and click Next.

11.Click Finish to close the wizard.

Enable Server certificate Validation: This option determines whether or not the client authenticates the server. If Server Certificate Validation is disabled, EAP-TTLS and PEAP authentication do not require a root certificate.

In Enhanced Security mode, four authentications are provided according to WPA authentication and 802.1x authentication. To use each authentication in Enhanced Security mode, perform the following steps:

Using WPA-PSK

1Set Security Mode to Enhanced Security.

2Set WPA Authentication to WPA-PSK.

3Choose TKIP or AES for encryption. The same encryption algorithm must be configured on the access point.

4Enter the WPA Shared Key as the secret key. The same WPA Shared Key must be configured on the access point.

Using EAP-TLS

1Set Security Mode to Enhanced Security.

2Set WPA Authentication to IEEE802.1x.

3Set 802.1x Authentication to EAP-TLS.

4Choose TKIP, AES, 64-bit WEP, or 128-bit WEP for encryption. The same encryption algorithm must be configured on the access point.

6.6

Wireless network environment

Page 28
Image 28
Samsung Network Printer manual Click Configure, Select File Æ Add/Remove Snap-in, Using WPA-PSK, Using EAP-TLS