Configure IEEE 802.1X port-based authentication on PRISMAsync Print Server

Before you begin

Perform the instructions in the order they are listed.

These configurations have been done to prepare the IEEE 802.1X environment.

1. Configure IEEE 802.1X on the authentication server (phase 1)

2. Configure IEEE 802.1X on the authenticator

1. Import the Identity certificate of the RADIUS server

Import the Identity certificate of the RADIUS server.

2. Check if the current PRISMAsync Print Server Identity certificate is valid for IEEE 802.1X

Most EAP-TLS authentication methods need the PRISMAsync Print Server Identity certificate.

NOTE

When you select [MS-CHAP-V2 username; PEAP with EAP-MS-CHAP v2], you can skip this instruction.

When you select [Printer name from domain; EAP-TLS]  or [Printer name from domain; PEAP with EAP-TLS] , the [Subject alternative name 1], [Subject alternative name 2] or [Subject alternative name 3] field contains the contents of the [Common name] field. This is the Fully Qualified Domain Name (FQDN) name, such as: printername.example.net.

When you select [Username from domain; EAP-TLS]  or [Username from domain; PEAP with EAP-TLS] , the [Subject alternative name 1], [Subject alternative name 2] or [Subject alternative name 3] field contains the name written as UPN name (Internet-style name, such as: username@example.net) or as Fully Qualified Domain Name (FQDN) name, such as: username.example.net.

1. Open the Settings Editor.

2. Go to: [Configuration]  → [Security] .

   [Security] tab

3. Go to the [Identity certificate] options.

4. Use the [Valid for HTTPS] option to check if the Identify certificate is valid for HTTPS and IPsec.

   HTTPS and IPsec fields of certificate
5. HTTPS and IPsec fields of certificate

   Use the DNS printer name for:

   • [Printer name from domain; EAP-TLS]

   • [Printer name from domain; PEAP with EAP-TLS]

   Use the FQDN or DNS username for:

   • [Username from domain; EAP-TLS]

   • [Username from domain; PEAP with EAP-TLS]

   Enter the printer name or username in one of the following fields.

   • [Subject alternative name 1]

   • [Subject alternative name 2]

   • [Subject alternative name 3]

6. Create a certificate request and upload the signed Identity certificate

3. Configure IEEE 802.1X on PRISMAsync Print Server

1. Open the Settings Editor.

2. Go to: [Configuration]  → [Security] .

   

3. Go to the [Port-based authentication (IEEE 802.1X)] options.

   [Port-based authentication (IEEE 802.1X)] options

4. Use the [Port-based authentication (IEEE 802.1X)] option to enable IEEE 802.1X.

5. Use the [Network authentication method (login name; authentication protocols)] option to select the authentication method you want to use.

6. Use the [Regular expressions for authentication server] option to define the pattern to match the name of the authentication server. IEEE 802.1X port-based authentication is only started when the name of the authentication server matches one of the expressions you have defined. Use a semi-colon to separate the individual expressions. For example: srv1;srv2;.*\.srv3\.com.

   [Regular expressions for authentication server] option

7. Use the [Minimal version of TLS protocol] option to define the TLS protocol version.

   [Minimal version of TLS protocol] option

   It is preferred to use a recent version of the TLS protocol. The selected version refers to the lowest version PRISMAsync Print Server still accepts. All newer versions are automatically allowed.

8. Enter the credentials to authenticate when you have selected [MS-CHAP-V2 username; PEAP with EAP-MS-CHAP v2] in the [MS-CHAP-V2 username; PEAP with EAP-MS-CHAP v2] option.

   • [MS-CHAP-V2 username]

     [MS-CHAP-V2 username] 

   • [MS-CHAP-V2 password]

     [MS-CHAP-V2 username] 

4. Test the [Port-based authentication (IEEE 802.1X)] configuration

You can test the PRISMAsync Print Server configuration.

1. Open the Settings Editor.

2. Go to: [Configuration]  → [Security] .

   [Security] tab

3. Go to the [Port-based authentication (IEEE 802.1X)] options.

   [Port-based authentication (IEEE 802.1X)] options

4. Click [Test the configuration].

   [Test the configuration] 

5. Read the current [Port-based authentication (IEEE 802.1X)] status

[Status network connection] 

1. Go to the control panel.

2. Touch [System]  → [Setup]  → [System configuration]  → [Connectivity] .

3. Read the [Status network connection] field. PRISMAsync Print Server displays one of the following status options.

   • [Connection with enabled port-based authentication (IEEE 802.1X)]

   • [Connection with disabled port-based authentication (IEEE 802.1X)]

   • [Connection without support of port-based authentication (IEEE 802.1X)]

   • [Connection with failed port-based authentication (IEEE 802.1X)]

   • [No connection because network cable is not connected]

   • [No connection because port-based authentication (IEEE 802.1X) failed]

   • [Port-based authentication (IEEE 802.1X) is starting to establish a connection]

   • [Unknown]

More information

• Import trusted CA certificates

• Create a PRISMAsync Print Server Identity certificate

• Learn about Identity certificates

• Learn about IEEE 802.1X authentication protocols

• Learn about IEEE 802.1X port-based authentication

• Overview of required IEEE 802.1X configuration procedures

• Configure IEEE 802.1X on the authentication server (phase 1)

• Configure IEEE 802.1X on the authenticator