Configuring the 802.1X/EAP authentication on Lexmark wireless devices
  1. guides
  2. en
  3. Knowledge base
  4. Network and wireless issues
  5. Configuring the 802.1X/EAP authentication on Lexmark wireless devices

Configuring the 802.1X/EAP authentication on Lexmark wireless devices

How to Configure 802.1X/EAP Authentication on Lexmark Wireless Devices

Overview

This article describes:
  • The supported
    802.1X/EAP
     (
    Extensible Authentication Protocol
    ) authentication types.
  • Summarizes certificate installation.
  • Explains how to enable and configure
    802.1X/EAP
    after installing the required certificates.
Supported EAP Types
The 25XX dot matrix printers support the following EAP types:
  • EAP
     -
    MD-5
     (Message Digest Algorithm)
  • EAP - Cisco Wireless
     or
    LEAP
     (Lightweight Extensible Protocol)
  • EAP
     -
    TLS
     (Transport Layer Security)
  • EAP
     -
    TTLS
     (Tunneled TLS)
  • PEAP
     - Protected EAP
  • EAP - MSCHAPv2
802.1X/ EAP Configurations: Certificate Installation (2009 - 2011 Lexmark Devices)
To install and use certificates for
TLS
,
TTLS
, and
PEAP
authentication:
  1. Access the printers
    EWS
    (
    Embedded Web Server
    ) by typing
    http://printer's_IP_address
    in the address bar, using the IP address of the printer.
  2. Click
    Configuration
    .
  3. Click
    Security
    .
  4. Click
    Certificate Management.
     Click here for image.
Configurations for 802.1X/ EAP (2009 - 2011 Lexmark Devices)
  1. Access Printers
    EWS
    .
  2. Click
    Configuration
    >
    Security
    >
    802.1X
    .
  3. Turn on
    802.1X then
     place a check next to authentication type.
    Deselect the authentication types that are not needed.
  4. If using TTLS, select the proper password protocol. Click here for the sample image.
Configurations for 802.1X/ EAP (2012 - 2019 Lexmark Devices)
  1. Connect the printer over a wired connection.
  2. Access the printers
    EWS
    , go to
    Security/Certificate Management
     >
    Certificate Authority Management
    .
  3. Click New, then Upload
    CA
     (
    Certificate Authority
    ) from Radius Server (must be in
    .pem format
    ). After upload, you should see the CA appear as noted below.
  4. On EWS, go to "
    Security
    /
    Certificate Management
     /
    Device Certificate Management
    ".
  5. Hit New, Fill in the fields. You should see it in the list as shown below.
  6. Click on the link for the name of the new entry that is generated (not the default). For instance in the above picture, it is "
    wctestagain
    ".
  7. Select "Download Signing Request". This will have to be signed by the Radius Server, usually via a script.
  8. After getting request signed by the Radius Server, go back into the Device Certificate Manager as in step 4, click on Name of entry (i.e. "
    wctestagain
    ") as before, and choose "Install Signed Certificate".
  9. Go into Wireless setup. Enter the SSID of the AP for the network with the radius server. For security select 802.1x-Radius, fill in other fields.
  10. In Wireless Setup, for 802.1x Certificate, select the name created in step #6 (for instance "wctestagain") from pulldown.
  11. Under wireless setup, for 802.1x entries, select only the authentication mechanism desired.
  12. Device login name should correspond to the login name defined for the radius server, usually in the conf file on the radius server.
  13. Likewise, device login password must correspond to the password defined in the radius server conf file (for example it's not the shared secret entered during cert signing necessarily). Note that some authentication mechanisms do not require a password.
After setup is complete, disconnect wired connection so it will come up wireless. Monitor radius server logs if unable to connect to network.
LEGACY ID:
HO3290

This site uses cookies for various purposes including enhancing your experience, analytics, and ads. By continuing to browse this site or by clicking "Accept and close", you agree to our use of cookies. For more information, read our Cookies page.