IEEE802.1X Authentication Settings

Return to Overview

IEEE802.1X is a standard for port-based network access control, which realizes a local area network secured with a robust authentication system. A typical 802.1X network consists of a RADIUS server (authentication server), LAN switch (authenticator), and client devices with authentication software (supplicant).

The machine can connect to an 802.1X network as a client device. After installing and registering the required key pair and digital certificates, select the method of EAP (Extensible Authentication Protocol). The EAP methods supported by the machine are outlined below.


Remark
  • Key pairs and digital certificates can be registered both with the control panel and from the Remote UI.
  • You cannot set EAP-TLS and EAP-TTLS/PEAP at the same time.

  • EAP-TLS (Transport Layer Security)

Authentication using the EAP-TLS method requires both the client machine and the RADIUS server to issue their digital certificates to each other. The key and certificate (in PKCS#12 format) sent from the machine are verified using the CA certificate on the RADIUS server. The server certificate sent from the RADIUS server is verified using the CA certificate on the client.

  • EAP-TTLS (Tunneled TLS)

EAP-TTLS requires only the RADIUS server to issue a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client machine. The client machine is required to provide the user name/login name and password in order to authenticate itself to the server. As an internal authentication protocol, MS-CHAPv2 or PAP is available for selection.

  • PEAP (Protected EAP)

When PEAP is selected, only the RADIUS server issues a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client machine. The client machine is required to provide the user name/login name and password in order to be authenticated by the server. With PEAP, the machine uses MS-CHAPv2 as the internal authentication protocol.