Network

This category describes network connectivity and setup instructions.



Optional Equipment and System Requirements

This section describes the optional equipment and system environments with which the machine is compatible.


Remark
  • For more information on the equipment needed, consult your local authorized Canon dealer.
  • By connecting the machine to the network, its settings and operations can be performed on computers using the Remote UI and other utilities, without the need for any optional equipment. For more information on the Remote UI, see "Remote UI." For more information on utilities, see "NetSpot Suite."


Printing or Sending a Fax from a Computer


Optional Equipment Requirements

The following optional equipment is required for printing or sending a fax from a computer:


Remark
  • The optional Expansion RAM is necessary if you want to use the optional PS Printer Kit.

  • Printing
  • If you want to use the UFR II printer driver
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • If you want to use the PCL printer driver
  • PCL Printer Kit
  • UFR II/PCL Printer Kit
  • If you want to use the PS printer driver
  • PS Printer Kit

Remark
  • To print with Mac OS 9, you need to use a PS printer driver provided by Apple Inc. with the Mac OS, via an AppleTalk network.
  • The PS printer driver can be used only in a Mac OS X 10.3.9 or later environment. Also, you cannot print documents via an AppleTalk network.
  • The following optional equipment is not available in some regions:
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • PCL Printer Kit

  • Sending a Fax (for a TCP/IP, NetBIOS, or NetWare network)
  • Super G3 FAX Board


System Requirements

The following network and system environments are compatible when printing or sending a fax from a computer:


Remark
  • If you are using Windows 2000, you need to install Service Pack 2 or later.

  • With a TCP/IP Network:
  • Compatible OS
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Enterprise
  • Solaris Version 1.1x (SunOS Version 4.1x) or later
  • Solaris Version 2.5x (SunOS Version 5.5x) or later
  • Mac OS X 10.3 or later
  • Computers/memory
  • Any computer which runs the above operating system software properly

Remark
  • If you are using Mac OS X, compatible operating systems differ depending on the type of printer driver. For details, see Chapter 10, "Before Printing from Computers," in Getting Started.

  • With a NetBIOS Network:
  • Compatible OS
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Enterprise
  • Mac OS X 10.3 or later
  • Compatible Protocol
  • NetBIOS over TCP/IP (NetBT)
  • Computers/memory
  • Any computer which runs the above operating system software properly

Remark
  • When you are using Mac OS X 10.3 or later, you can only print via a NetBIOS network if you are using a PS printer driver provided by Apple Inc. with the Mac OS.

  • With a NetWare Network:
  • Compatible Servers
  • Novell NetWare Version 3.2/4.1/4.11/4.2/5/5.1/6/6.5
  • Compatible Clients
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Enterprise
  • Computers/memory
  • Any computer which runs the above operating system software properly
  • With an AppleTalk Network:
  • Compatible AppleTalk
  • EtherTalk Phase 2
  • See Chapter 10, "Before Printing from Computers," in Getting Started for compatible operating systems and computers.

Remark
  • The machine does not support Macintosh LocalTalk networks.

  • With a Server-Based Computing Environment:
  • Compatible Windows Terminal Server (Services)
  • Microsoft Windows 2000 Server
  • Microsoft Windows Server 2003
  • Compatible Software
  • Citrix MetaFrame 1.8
  • Citrix MetaFrame XP


Using E-Mail/I-Fax


Optional Equipment Requirements

  • Color Universal Send Kit


System Requirements

The following system environments are confirmed for using the e-mail/I-fax functions:

  • Compatible mail forwarding server software
  • Sendmail 8.93 or later (UNIX)
  • Microsoft Exchange Server (Windows)
    (Microsoft Exchange Server 5.5 + Service Pack 1 or later)
  • Lotus Domino R4.6 or later (Windows)
  • Compatible mail receiving server software
  • Qpopper 2.53 or later (UNIX)
  • Microsoft Exchange Server (Windows)
    (Microsoft Exchange Server 5.5 + Service Pack 1 or later)
  • Lotus Domino R4.6 or later (Windows)

Remark
  • If you are using Windows 2000, you need to install Service Pack 2 or later.
  • The machine sends e-mail or I-fax messages to mail servers using SMTP. The machine can receive incoming messages from a mail server using the POP3 protocol or directly using the machine's own SMTP receiving function.
    If the latter method is used, it is not necessary for the mail server to support the POP3 protocol.
  • The machine can receive I-fax images and error e-mail messages sent when errors occur during communication, but not any other type of e-mail.


Sending Data


Optional Equipment Requirements

  • Color Universal Send Kit


System Requirements

The following network and system environments are compatible when sending data from the machine to a file server, depending on the type of network used:


Remark
  • If you are using Windows 2000, you need to install Service Pack 2 or later.

  • With a TCP/IPv4 Network (Using FTP):
  • Compatible servers
  • Microsoft Windows 2000 Server and Internet Information Services (IIS) 5.0
  • Microsoft Windows XP Professional and IIS 5.1
  • Microsoft Windows Server 2003 and IIS 6.0
  • Microsoft Windows Vista Ultimate and IIS 7.0
  • Microsoft Windows Vista Business and IIS 7.0
  • Microsoft Windows Vista Home Premium and IIS 7.0
  • Microsoft Windows Vista Home Basic and IIS 7.0
  • Microsoft Windows Vista Enterprise and IIS 7.0
  • Solaris Version 2.6 or later
  • Red Hat Linux 7.2 or later
  • Mac OS X
  • FTP server for iW Document Manager Gateway
  • Compatible protocol
  • TCP/IPv4
  • With a TCP/IPv6 Network (Using FTP):
  • Compatible servers
  • Solaris Version 9 or later
  • Red Hat Enterprise Linux AS/ES/WS 4.0 or later
  • Mac OS X 10.3 or later
  • Compatible protocol
  • TCP/IPv6
  • With a TCP/IPv4 Network (Using WebDAV):
  • Compatible servers
  • Microsoft Windows 2000 Server and IIS 5.0
  • Microsoft Windows 2000 Professional and IIS 5.0
  • Microsoft Windows XP Professional and IIS 5.1
  • Microsoft Windows Server 2003 and IIS 6.0
  • Microsoft Windows 2000 Server and Apache 2.0 for Win 32
  • Microsoft Windows XP Professional and Apache 2.0 for Win 32
  • Microsoft Windows Server 2003 and Apache 2.0 for Win 32
  • Solaris Version 2.6 or later, and Apache 2.0 or later
  • Red Hat Enterprise Linux AS/ES/WS 4.0 or later, and Apache 2.0 or later
  • Mac OS X
  • Compatible protocol for the WebDAV server
  • TCP/IPv4
  • With a TCP/IPv6 Network (Using WebDAV):
  • Compatible servers
  • Microsoft Windows Server 2003 and IIS 6.0
  • Solaris Version 9 or later, and Apache 2.0 or later
  • Compatible protocol for the WebDAV server
  • TCP/IPv6

Remark
  • If you connect to the internet via a proxy, the proxy server must support IPv6.

  • With a NetBIOS Network:
  • Compatible servers
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Enterprise
  • Compatible server software for sending data
  • Samba 2.2.8a or later (UNIX/Linux/Mac OS X)
  • Compatible protocol
  • NetBIOS over TCP/IP (NetBT)
  • With a NetWare Network:
  • Compatible server
  • Novell NetWare Version 3.2/4.11/4.2/5/5.1/6/6.5
  • Compatible protocol
  • IPX


Checking Your Network Environment

Refer to the following examples to confirm the network environment that is connected to the machine, and then perform the necessary operations for that environment.



Sample Windows Network

In a Windows network environment, the TCP/IP or NetBIOS (NetBIOS over TCP/IP) protocol can be used. Multiple protocols can be used at the same time. In addition to IPv4 (Internet Protocol Version 4), the machine also supports IPv6 (Internet Protocol Version 6), and has a dual stack configuration that enables it to communicate with both IPv4 networks and IPv6 networks. You can select whether to use the functions of IPv4 or IPv6. You can also enable the functions of both IPv4 and IPv6. The IPv4 network and IPv6 network used by the machine supports IPSec (Security Architecture for Internet Protocol). (See "IPSec Settings.") To use the e-mail/I-fax function, the TCP/IP protocol is required.

After configuring the settings in accordance with "Connecting the Machine to a Computer or Network," "Interface Settings," or "Communication Environment Setup," specify a TCP/IP or NetBIOS network, depending on the protocol.


Remark
  • The machine does not support NetBEUI.
  • To perform IPSec communication, the optional IPSec Board must be installed after installing the optional Expansion Bus.


Sample Macintosh Network

In Mac OS 8/9, the AppleTalk (EtherTalk) protocol is used. In Mac OS X, either the AppleTalk (EtherTalk), TCP/IP, or NetBIOS (NetBIOS over TCP/IP) protocol can be used.

To use the e-mail/I-fax function or to send data, the TCP/IP protocol is required.

After configuring the settings in accordance with "Connecting the Machine to a Computer or Network," "Interface Settings," or "Communication Environment Setup," specify an AppleTalk (Macintosh), TCP/IP, or NetBIOS network, depending on the protocol.


Remark
  • The protocol you can use differs depending on the version of Mac OS or type of printer driver. For details, see Chapter 10, "Before Printing from Computers," in Getting Started.


Sample UNIX Network

With UNIX computers, the TCP/IP protocol is used.

After configuring the settings in accordance with "Connecting the Machine to a Computer or Network," "Interface Settings," or "Communication Environment Setup," specify a TCP/IP network.



Using a Network with Various Types of Computers

If there are various types of computers on the network, the network operations you are required to perform depend on the type of computers being used.

For example, if you are using Windows XP and Macintosh computers, you will need to specify the settings described in both "Sample Windows Network" and "Sample Macintosh Network".

To use the e-mail/I-fax function, the TCP/IP protocol is required.
To use the data sending function, either the TCP/IP, NetWare, or NetBIOS protocol is required.

After configuring the settings in accordance with "Connecting the Machine to a Computer or Network," "Interface Settings," or "Communication Environment Setup," specify a TCP/IP, NetWare, NetBIOS, or AppleTalk (Macintosh) network, depending on the protocol.


Remark


Network Environment Setup Procedures

Before using the machine in a network environment, it is necessary to perform the following setup procedures.


Connect the machine to the network using the network cables.

Specify the interface settings for communication between the machine and computers on your network. To specify the settings, use:

  • The machine's control panel
  • The Remote UI (via a web browser)

Set up the environment for communication between the machine and computers on your network.



Connecting the Machine to a Computer or Network

The machine can be connected to a computer or network with a USB cable or 10Base-T/100Base-TX/1000Base-T Ethernet cable.


Remark
  • External USB devices (e.g., memory, keyboard, mouse, etc.) are not supported.
  • A USB cable or network cable are not included in this package. Please obtain a suitable cable for your computer or network.


Connecting to a Network

The machine supports TCP/IP, AppleTalk, and NetWare, which enables it to be used by Windows, Macintosh, UNIX, and Linux computers. It also has a 10Base-T/100Base-TX/1000Base-T connector that can be used on most LANs.

When using 10Base-T/100Base-TX, connect the machine's RJ-45 connector to a hub port using a Category 5 twisted pair LAN cable. When using 1000Base-T, it is recommended you use an Enhanced Category 5 twisted pair LAN cable.


Remark
  • When connecting the interface cable or network cable, be sure to observe the following precautions to avoid electrical shock.
  • Turn OFF the computer and disconnect the power cord from the power outlet.
  • You cannot use the machine as a repeater, bridge, or gateway.
  • If two or more machines are on an AppleTalk network, they should be switched 'ON' 10 seconds or more apart.
  • The machine can automatically detect the type of Ethernet (10Base-T, 100Base-TX, or 1000Base-T).
  • If you are using a mixed 10Base-T/100Base-TX/1000Base-T environment, devices on the network (hubs, routers, etc.) must support the mixed environment. For more information, consult your local authorized Canon dealer.
  • After connecting the network cable, perform the following operations. (For more information, see the relevant descriptions.)
  • Set the date and time, and System Manager settings. (See "Security.")
  • Set the network settings.
  • Install a driver if necessary. (See Chapter 10, "Before Printing from Computers," or Chapter 11, "Before Sending Faxes from Computers," in Getting Started.)
  • Install a utility if necessary. (See the manuals provided with the utility.)


Connecting to a USB Interface

You can connect the machine to a computer with a USB port via a USB cable. The machine is USB 2.0 Hi-Speed compatible. The drivers, and utility that matches the operating system on your computer will be installed. For more information on installing the driver through a USB connection, see Chapter 10, "Before Printing from Computers," or Chapter 11, "Before Sending Faxes from Computers," in Getting Started. For information on installing a utility, see the manuals provided with the utility.


Remark
  • If you connect or disconnect the USB cable while the machine's main power switch is ON, do not touch the metal parts around the connector, as this may result in electrical shock.
  • Do not connect or disconnect the USB cable in the following situations, as it may cause your computer or the machine to operate poorly:
  • When installing the driver
  • When the computer is booting up
  • When printing
  • If you disconnect the USB cable with the computer or machine's main power switch ON, always wait at least five seconds before reconnecting the cable. Immediately reconnecting the cable may cause your computer or machine to operate poorly.
  • When the machine is connected to a personal computer via the USB cable, you will not be able to use some of the utilities.
  • If you connect the machine to a personal computer via a USB cable, confirm that [Use USB Device] (in the System Settings screen) is set to 'On'. (See "Security.")
  • If you connect the machine to a Macintosh via a USB cable, the Macintosh, if shut down, may start up when the machine starts up or returns from the Sleep mode. If this happens, disconnect the USB cable (the use of a USB hub between the machine and the Macintosh may solve this problem).
  • If the machine is connected to a computer with a USB cable, you can print a document from your computer using the printer driver, or send a fax from your computer using the fax driver.
  • You cannot specify a computer connected to the machine through a USB connection as a destination for Send jobs or forwarded jobs. Also, with that computer, you cannot use the Remote UI and the Network Scan function.
  • The appropriate USB interface differs depending on the operating system of the connected computer as follows. For more information, consult your local authorized Canon dealer.
  • Windows 2000/XP/Server 2003/Vista: USB 2.0 Hi-Speed/USB Full-Speed (USB 1.1 equivalent)
  • Mac OS 8/9/X (10.3.2 or earlier): USB Full-Speed (USB 1.1 equivalent)
  • Mac OS X (10.3.3 or later): USB 2.0 Hi-Speed/USB Full-Speed (USB 1.1 equivalent)


Touch Panel Display Transition

The following is a flow diagram of the touch panel display used in this category.

Specify the network settings from the Additional Functions screen displayed by pressing (Additional Functions).


Remark
  • Settings specified from the control panel become effective after the machine is restarted, after the procedure. Turn OFF the machine, wait at least 10 seconds, and then turn it ON.
  • If the System Manager ID and password are set, enter them. (See "Security.")


Interface Settings

This section describes how to specify the interface settings from the control panel. If you are configuring the settings for the first time, use the control panel of the machine.

After configuring the settings, you can change them using software other than the control panel of the machine. For details, see "Network Setting Items."


  1. On the Network Settings screen, press [Change Settings/Display Connection Confirm.] → specify the following.

[On]: If errors related to network connections occur, an error message is displayed on the touch panel display of the machine. If you want to use the machine in a network environment, select [On].

[Off]: Messages related to network connections are no longer displayed. If you want to use the machine without connecting to a network, select [Off].

  • Even if you switch the [Change Settings/Display Connection Confirm.] setting from 'On' to 'Off', if the network connections are correctly set they will not be disconnected. The settings in the Network Settings screen will not be changed.
  1. On the Network Settings screen, press [Ethernet Driver Settings] → specify the following.


  • <Auto Detect>: [On]

If you reconnect the network cable (for example, reconnect the cable to a different Ethernet hub) with the machine's main power switch ON, the Auto Detect function will not work even if you set <Auto Detect> to [On]. Turn OFF the machine, wait at least 10 seconds, and then turn it ON. (Connect the cable with the machine's main power switch OFF.)

  • The machine automatically determines the Ethernet type. Press [On] unless you want to specify a particular Ethernet setting.

Select the appropriate items for <Communication Mode> and <Ethernet Type>, according to the network environment you are using.

  • To connect with 1000Base-T, select [Full Duplex] for <Communication Mode>.


Communication Environment Setup

This section describes how to set up the environment for communication between the machine and computers on your network. If you are configuring the settings for the first time, use the control panel of the machine.

After configuring the settings, you can change them using software other than the control panel of the machine. For details, see "Network Setting Items."


Remark
  • [SNMP Settings] does not support AppleTalk networks.

  1. On the Network Settings screen, press [SNMP Settings] → specify the settings for SNMP v. 1.

[On] for <Use SNMP v. 1>: Follow the procedure below to specify the MIB access permissions and community names.

  • The machine supports the SNMP v. 1 and SNMP v. 3 management functions. You can use them simultaneously. The [Read Only]/[Read/Write] functions of SNMP v. 1 and the security functions of SNMP v. 3, such as an encrypted communication path, enable you to manage devices more securely. The available combinations of SNMP v. 1 and SNMP v. 3 functions you can use are shown below:
    SNMP v. 1 SNMP v. 3 Description
    Use SNMP v. 1 MIB Access Permission Use SNMP v. 3
    On Read/Write On/Off You can set or browse each item of the machine with a utility that uses SNMP v. 1 to obtain information. As the write access with SNMP v. 1 is enabled, the security functions of SNMP v. 3 are not available, regardless of the settings for <Use SNMP v. 3>.
    On Read Only On You can only browse each item of the machine with a utility that uses SNMP v. 1 to obtain information. Only users who have been assigned access rights can set each item of the machine with a utility that uses SNMP v. 3.
    On Read Only Off You can only browse each item of the machine with a utility that uses SNMP v. 1 to obtain information.
    Off - On Only users who have been assigned access rights can set or browse each item of the machine with a utility that uses SNMP v. 3.
    Off - Off You cannot set or browse each item of the machine with a utility.
  • If you want to use a Canon printer driver or utility, press [On] for both <Use SNMP v. 1> and [Enable Dedicated Port].
  • You can restrict the IP addresses of computers on which items can be set or browsed. If you restrict the IP addresses, it is not possible to set or browse detailed information concerning the machine on computers other than those whose IP addresses are allowed, even if <Use SNMP v. 1>, <Use SNMP v. 3>, and [Enable Dedicated Port] are 'On'. For details, see "TCP/IPv4 Settings," or "TCP/IPv6 Settings."

  • Press [Community Name 1 Settings] → [On] → specify the settings for <MIB Access Permission> and the community name in [Community Name].

You can also change the community name in [Community Name] to a name other than 'public'.


  • Press [Community Name 2 Settings] → [On] → specify the settings for <MIB Access Permission> and the community name in [Community Name].

You can also change the community name in [Community Name] to a name other than 'public2'.


  1. Specify the settings for SNMP v. 3.

[On] for <Use SNMP v. 3>: Specify the user and context according to the following procedures.

  • An SNMP v. 3 user with the following settings is registered by default. Delete or change these settings as necessary.
  • User: initial
  • MIB Access Permission: Read/Write
  • Security Settings: Auth Yes/Encrypt Yes
  • Authent. Algorithm: MD5
  • Authent. Password: initial
  • Encryption Password: initial

  • Press [User Settings] → [Register] → specify the user name, MIB permissions, and security settings.

If you select [Auth Yes/Encrypt Yes] from the Security Settings drop-down list, select the authentication algorithm → enter the passwords for authentication and encryption. If you select [Auth. Yes/Encrypt. No] from the Security Settings drop-down list, select the authentication algorithm → enter the password for authentication.


  • Press [User Settings] to select the user whose settings you want to confirm or change → press [Details/Edit].

Confirm the displayed information → change the settings if necessary.


  • Press [User Settings] to select the user whose settings you want to erase → press [Erase].

  • Press [User Settings] → select the user whose status you want to change → press [User On/Off].

  • Press [Context Settings] → edit the context.

If you want to add a context, press [Register] to add a new context. If you want to change a context, select the context you want to change → press [Edit] to change the context. If you want to erase a context, select the context you want to erase → press [Erase].

  • A context named 'NULL' is registered by default. The 'NULL' context cannot be deleted, and is not displayed on the Context Settings screen.
  1. Set monitoring for the printer management information.

[On] for <Get Printer Mgmt Info from Host>: If you are using Windows Vista and set [Standard TCP/IP port] for the printer driver port, the SNMP port monitoring function will be enabled automatically to obtain printer management information such as information on print applications and printer ports.

  1. On the Network Settings screen, press [Enable Dedicated Port] → specify the following.

[On]: You can set or browse detailed information on the machine with a Canon printer driver or utility (UFR II/PCL/PS printer drivers, NetSpot Device Installer, etc.).

  • If you want to use a Canon printer driver or utility, press [On] for both <Use SNMP v. 1> and [Enable Dedicated Port].
  • You can restrict the IP addresses of computers on which items can be set or browsed. If you restrict the IP addresses, it is not possible to set or browse detailed information concerning the machine on computers other than those whose IP addresses are allowed, even if <Use SNMP v. 1>, <Use SNMP v. 3>, and [Enable Dedicated Port] are 'On'. For details, see "TCP/IPv4 Settings," or "TCP/IPv6 Settings."
  1. On the Network Settings screen, press [Use Spooler] → specify the following.

[On]: You can spool print jobs transmitted to this machine on the machine's hard disk. Set the spooler if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, or the optional Super G3 FAX Board.

  • If the optional PS Printer Kit is activated, take note of the following:
  • If the print job is sent from a Macintosh computer to a PS printer, you cannot specify whether to spool under this option. Spooling is determined by the name of the printer selected in the Macintosh screen. For more information, see "Setting Up a Computer for Printing."
  • If you print a file in PDF or PS format by specifying its URL on the Remote UI, the print job will always be spooled, regardless of the settings made under this option.
  • When you spool a print job on the machine's hard disk, the time required to release a computer outputting a print job is shortened.


IEEE802.1X Authentication Settings

This section describes how to set the IEEE802.1X authentication.

For IEEE802.1X, the RADIUS server requires user authentication from the supplicant (machine) when connecting to a network. EAPOL (EAP over LAN) is used for communication between the supplicant and the authenticator (LAN switch) that performs access control of the terminal based on the authentication results. Authentication information is managed collectively with the RADIUS (Remote Authentication Dial In User Service) server, and then the supplicant is authenticated. Invalid access can be prevented because this authentication method permits only supplicants authenticated by the RADIUS server to connect to the network via an authenticator. The authenticator blocks communication from supplicants not authenticated by the RADIUS server.

The machine supports the following methods of authentications:


Remark
  • You cannot set the EAP-TLS method and the EAP-TTLS/PEAP method at the same time.

  • EAP-TLS (Extensible Authentication Protocol-Transport Level Security)

For the EAP-TLS method, authentication is performed by issuing a digital certificate bilaterally to both the client and the RADIUS server. The key pair and client certificate sent from the machine are verified using the CA certificate on the RADIUS server. The server certificate sent from the RADIUS server is verified using the CA certificate on the client (the machine). The CA certificate used to verify the server certificate must be registered. For information on installing the CA certificate file using the Remote UI, see "Remote UI." For information on registering the installed CA certificate file, see "Registering a CA Certificate File Installed from a Computer."

Furthermore, the settings for the key pair (in PKCS#12 format) and the client certificate are necessary to use the EAP-TLS with the machine. After installing the key pair file and client certificate file using the Remote UI (see "Remote UI"), set the key pair and client certificate for EAP-TLS as the default key with the control panel of the machine.

  • EAP-TTLS (EAP-Tunneled TLS)

For the EAP-TTLS method, only the RADIUS server issues a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client. The CA certificate used to verify the server certificate must be registered. For information on installing the CA certificate file using the Remote UI, see "Remote UI." For information on registering the CA certificate file installed, see "Registering a CA Certificate File Installed from a Computer."

Furthermore, the name of the user to authenticate with IEEE802.1X authentication and the password need to be set to use EAP-TTLS with the machine.

The user can select two types of internal authentication protocol supported by EAP-TTLS: MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol Version 2), or PAP (Password Authentication Protocol). You cannot set both MS-CHAPv2 and PAP simultaneously.

  • PEAP (Protected EAP)

For the PEAP method, only the RADIUS server issues a digital certificate. The server certificate sent from the RADIUS server is verified using the CA certificate on the client. The CA certificate used to verify the server certificate must be registered. For information on installing the CA certificate file using the Remote UI, see "Remote UI." For instructions on registering the installed CA certificate file, see "Registering a CA Certificate File Installed from a Computer."

Furthermore, the name of the user to be authenticated with IEEE802.1X authentication and the password need to be set to use PEAP with the machine.

The only internal authentication protocol supported by PEAP is MS-CHAPv2.



Selecting the IEEE802.1X Authentication Method

This section describes how to select the IEEE802.1X authentication method.


  1. Press [IEEE802.1X Settings] on the Network Settings screen → select [On] for <Use IEEE802.1X>.
  • If you set <Use IEEE802.1X> to 'On', the machine will not enter a complete Sleep mode.
  1. Select the IEEE802.1X authentication method on the IEEE802.1X Settings screen.

Register the CA certificate (see "Registering a CA Certificate File Installed from a Computer") in advance. If setting the EAP-TLS method, also install the key pair file and the client certificate file (see "Remote UI").


  • Select [On] for <Use TLS> → press [Key and Certificate].

  • Select the key pair you want to use → press [Set as the Default Key] to register the key pair and client certificate to use for EAP-TLS.

  • You cannot specify 'Device Signature Key' (used for key pairs for adding digital signatures to PDFs or XPSs) or 'AMS' (used for key pairs for access restrictions) as the name for the key pair.
  • It is necessary to use the Remote UI to delete a key pair registered for IEEE802.1X authentication. (See "Remote UI.")
  • You can check the content of a certificate by selecting a key pair on the Key and Certificate screen, and pressing [Certificate Details]. On the Certificate Details screen, you can press [Certificate Verification] to verify the certificate.
  • You can check what a key pair is being used for by selecting a key pair with 'Using' displayed for <Used> on the Key and Certificate screen, and pressing [Display Use Location].

  • Select [On] for <Use TTLS>.
  • Select the internal authentication protocol to use.

  • You cannot set both MS-CHAPv2 and PAP simultaneously.
  • Enter the name of the user to be authenticated with IEEE802.1X authentication in [User], and the password of the user in [Password].

  • Select [On] for <Use PEAP>.
  • Enter the name of the user to be authenticated with IEEE802.1X authentication in [User], and the password of the user in [Password].


TCP/IP Network Setup Procedures

To use a TCP/IP network, it is necessary to perform the following procedures.


Specify the protocol settings. To specify the settings, use:

  • The machine's control panel
  • The Remote UI (via a web browser)
  • Canon utilities (NetSpot Device Installer, etc.)

Specify the settings for each computer you use for printing or sending a fax. (Optional equipment is required to print or send a fax from a computer. For the equipment needed, see "Optional Equipment and System Requirements.")

Specify the settings of the computer receiving data sent from the machine. (Optional equipment is required to send data. For the equipment needed, see "Optional Equipment and System Requirements.")


Remark
  • It is recommended that steps 1 and 3 above be performed by the network administrator.
  • The machine or optional printing equipment does not come with printer driver software that can be used on a UNIX platform. (Use LPD to set up a printer in UNIX.)
  • As the fax option does not come with fax driver software for the UNIX platform, it is not possible to send a fax from a UNIX platform.


Protocol Settings

This section describes how to specify the protocol settings for the machine using the control panel. If you are configuring the settings for the first time, use the control panel of the machine.

After configuring the settings, you can change the content by using software other than the control panel of the machine. For details, see "Network Setting Items."


Remark
  • When using functions to access external servers on the internet, you may not be able to access them due to the settings of firewalls, etc. In this case, consult your network administrator.


TCP/IPv4 Settings

This section describes the procedure for setting TCP/IPv4 using the control panel. After specifying the settings for TCP/IPv4, follow the procedure in "Settings Common to TCP/IPv4 and TCP/IPv6" to specify the required settings, and the procedure in "Confirming TCP/IPv4 Settings" to check whether the network settings are correct. If the settings for TCP/IPv6 are already specified and you have finished specifying the settings common to TCP/IPv4 and TCP/IPv6, only check the network settings after completing this procedure.

If you want to use IPv6 communications at the same time, follow the procedure in "TCP/IPv6 Settings," to specify the required settings, and the procedure in "Confirming TCP/IPv6 Settings," to confirm the settings.


  1. On the TCP/IP Settings screen, press [IPv4 Settings] → [Use IPv4].

  1. In <Use IPv4>, specify the following.

[On] for <Use IPv4>: IPv4 networks can be used.

[Off] for <Use IPv4>: IPv4 networks cannot be used, regardless of the settings specified for IPv4 on the Additional Functions screen. The ARP (Address Resolution Protocol) table is also disabled.

  • If you set <Use IPv4> to 'Off', you cannot use a NetBIOS network.
  1. On the TCP/IPv4 Settings screen, press [IP Address Settings] → specify the following.


  • [DHCP], [RARP], and [BOOTP]: [Off]

Enter the appropriate values in [IP Address], [Subnet Mask], and [Gateway Address].

  • It takes about two minutes to check whether the DHCP, BOOTP, or RARP settings can be used. If you do not plan to use one of these settings, it is recommended that you turn them off.

  • [DHCP], [RARP], or [BOOTP]: [On]

If this information cannot be obtained via DHCP, RARP, or BOOTP after you restart the machine, enter the IP address, subnet mask, and gateway address to use the settings entered in this step.

  • If the machine is restarted after DHCP, BOOTP, or RARP settings are specified, the TCP/IP Settings screen displays the IP address setting values obtained from the DHCP, BOOTP, or RARP server. (If the IP address, host name, and domain name have been previously set, these will be overwritten by the setting values obtained from DHCP, BOOTP, or RARP.)
  • If you use DHCP without the DNS dynamic update function, it is recommended that an identical IP address be assigned to the machine at all times. (If the IP address is not identical, the host name for the machine will not correspond to the IP address.)

  1. On the TCP/IP Settings screen, press [DNS Settings] → [DNS Server Address Settings].

  1. In <IPv4>, specify the following.

If you want to use dynamic DNS updating, enter the IPv4 address of the DNS server in [Primary DNS Server].

If you do not want to set up a secondary DNS server, enter <0.0.0.0>.

  • If you set [BOOTP] or [DHCP] to 'On' in step 3, the IP address of a DNS server you set manually will be overwritten.
  1. On the DNS Settings screen, press [DNS Host Name/Domain Name Settings] → in <IPv4>, specify the following.

Enter the name of the machine as [Host Name], and the network domain name of the machine as [Domain Name]. If you want to use dynamic DNS updating, it is necessary to set a host name and domain name.

  • If you set [BOOTP] or [DHCP] to 'On' in step 3, the host name and domain name you set manually will be overwritten.
  1. On the DNS Settings screen, press [DNS Dynamic Update Settings] → in <IPv4>, specify the following.

[On] for <DNS Dynamic Update>: If your environment includes a dynamic DNS server, you can automatically register the IPv4 address, host name, and domain name set for the machine in the DNS server using dynamic DNS updating.

  • If you have a DHCP server running Windows 2000 Server that uses the DHCP service and want to register the machine's DNS record, configure the following settings in the DHCP server:
  • In the DHCP server, right-click the [Scope] icon → click [Properties]. In the [DNS] sheet of the displayed dialog box, select [Automatically update DHCP client information in DNS] → [Update DNS only if DHCP client requests].
  • If you have a DHCP server running Windows 2003 Server that uses the DHCP service and want to register the machine's DNS record, configure the following settings in the DHCP server:
  • In the DHCP server, right-click the [Scope] icon → click [Properties]. In the [DNS] sheet of the displayed dialog box, select [Enable DNS dynamic updates according to the settings below] → [Dynamically update DNS A and PTR (Pointer Record) records only if requested by the DHCP clients].
  • In the Active Directory environment, right-click the icon of the DHCP server you are using → select [Properties]. In the [Advanced] sheet of the displayed dialog box, click [Credentials]. In the [DNS dynamic update credentials] dialog box, enter the user name, domain, and password for the Active Directory.
  1. On the IPv4 Settings screen, press [IP Address Range Settings] → specify the following.

You need to set <RX/Print Range> if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, the optional Super G3 FAX Board, or the optional Color Universal Send Kit.

  • You can maintain security by setting the range of IPv4 addresses for computers that can obtain access to the machine.
  • Once you set the range of IPv4 addresses of computers on which items for the machine can be set or browsed, it is not possible to use the Remote UI on computers whose IPv4 addresses are not allowed; a utility on the computers cannot be used to set or browse detailed information concerning the machine.
  • Once you set the range of IPv4 addresses of computers from which data (print/fax/I-fax job) can be sent to the machine, the machine rejects data sent from computers whose IPv4 addresses are not allowed. (Optional equipment is required to print or send a fax from a computer. For the equipment needed, see "Optional Equipment and System Requirements.")

  • <Apply Settings> of [Permit IPv4 Address] for <RX/Print Range>: [Off]

  • <Apply Settings> of [Reject IPv4 Address] for <RX/Print Range>: [Off]

  • <Apply Settings> of [Permit IPv4 Address] for <RX/Print Range>: [On]

Press [Register] → store only one IPv4 address or a range of IPv4 addresses that are to be permitted.

  • <Apply Settings> of [Reject IPv4 Address] for <RX/Print Range>: [On]

Press [Register] → store only one IPv4 address or a range of IPv4 addresses that are to be rejected.


  • <Apply Settings> of [Permit IPv4 Address] for <Setting/Browsing Range>: [Off]
  • <Apply Settings> of [Reject IPv4 Address] for <Setting/Browsing Range>: [Off]

  • <Apply Settings> of [Permit IPv4 Address] for <Setting/Browsing Range>: [On]

Press [Register] → store only one IPv4 address or a range of IPv4 addresses that are to be permitted.

  • <Apply Settings> of [Reject IPv4 Address] for <Setting/Browsing Range>: [On]

Press [Register] → store only one IPv4 address or a range of IPv4 addresses that are to be rejected.

  • You can register up to eight IPv4 addresses or IPv4 address ranges.
  • The IPv4 address '0.0.0.0' cannot be specified.
  • The value of [First Address] for [Multiple Addresses] should be smaller than or equal to that of [Last Address].
  • If <Apply Settings> is set to 'Off' for both [Permit IPv4 Address] and [Reject IPv4 Address], all IPv4 addresses are permitted.
  • If <Apply Settings> is set to 'Off' for [Permit IPv4 Address] and <Apply Settings> is set to 'On' for [Reject IPv4 Address], IPv4 addresses that are beyond the specified range of [Reject IPv4 Address] are permitted.
  • If <Apply Settings> is set to 'On' for [Permit IPv4 Address] and <Apply Settings> is set to 'Off' for [Reject IPv4 Address], IPv4 addresses that are beyond the specified range of [Permit IPv4 Address] are not permitted.
  • If <Apply Settings> for both [Permit IPv4 Address] and [Reject IPv4 Address] is set to 'On', IPv4 addresses that are beyond the ranges of both [Permit IPv4 Address] and [Reject IPv4 Address] are not permitted.
  • If <Apply Settings> for both [Permit IPv4 Address] and [Reject IPv4 Address] is set to 'On', IPv4 addresses that are within the ranges of both [Permit IPv4 Address] and [Reject IPv4 Address] are not permitted.
  • If the usage of a protocol or print application is not permitted on your device, it cannot be used even after its IPv4 address is permitted on the machine; on your device, configure the settings to permit the protocol or print application.
  • This machine logs attempts to gain access from IPv4 addresses that it has been set to reject. For instructions on how to refer to the access log, see "Viewing the Network Access Log."


TCP/IPv6 Settings

This section describes the procedure for setting TCP/IPv6 using the control panel. After specifying the settings for TCP/IPv6, follow the procedure in "Settings Common to TCP/IPv4 and TCP/IPv6" to specify the required settings, and the procedure in "Confirming TCP/IPv6 Settings" to check whether the network settings are correct. If the settings for TCP/IPv4 are already specified and you have finished specifying the settings common to TCP/IPv4 and TCP/IPv6, only check the network settings after completing this procedure. If you want to use IPv4 communications at the same time, follow the procedure in "TCP/IPv4 Settings" to specify the required settings, and the procedure in "Confirming TCP/IPv4 Settings" to check the settings.

The machine can use up to seven of the following IPv6 addresses. With IPv6 communication, multiple IPv6 addresses can be used at the same time.


Remark
  • If the IPv6 address assigned to the machine is the same as another node, you may not be able to perform IPv6 communication, even though an IPv6 address is displayed on the screen.

  • Link local address (1)

An address that is only valid within the same link. A link local address is automatically set using a specific prefix (fe80::) and an interface identifier generated from the MAC address of the machine. When the machine is using the functions of IPv6, one link local address is always registered.

  • Manual address (0 or 1)

A fixed address that is set from the control panel.

  • Stateless address (0 to 4)

A stateless address is automatically set using the machine's MAC address and the prefix (information indicating the network belonged to) included in the RA (Router Advertisement) notified by the router when the machine is started.

  • Stateful address (0 or 1)

A stateful address can be obtained from a DHCP server using DHCPv6.


  1. On the TCP/IP Settings screen, press [IPv6 Settings] → [Use IPv6].

  1. In [Use IPv6], specify the following.

[On] for <Use IPv6>: You can use an IPv6 network. A link local address is automatically set.

  1. On the IPv6 Settings screen, press [Stateless Address Settings] → specify the following.

[On] for <Use Stateless Address>: A stateless address is automatically set when the machine is started.

  • The stateless address is discarded when the machine is restarted (with the machine's main power switch ON).
  1. On the IPv6 Settings screen, press [Manual Address Settings] → specify the following.

[On] for <Use Manual Address>: You can set the IPv6 address manually.

Enter the IPv6 address value in [Manual Address] and the IPv6 address prefix length in [Prefix Length].

Enter the default router address value in [Default Router Addr.]. If you do not want to specify the default router address, leave [Default Router Addr.] blank.

  • You cannot use a manual address if you leave [Manual Address] blank. You also cannot set any of the following types of address for [Manual Address]:
  • Multicast address
  • Address composed entirely of zeros
  • IPv4 compatible address (an IPv6 address with the top 96 bits set to '0' and an IPv4 address in the lower 32 bits)
  • IPv4 mapped address (an IPv6 address with the top 96 bits set to '0:0:0:0:0:ffff:' and an IPv4 address in the lower 32 bits)
  • You cannot enter a multicast address or an address composed entirely of zeros in [Default Router Addr.].
  1. On the IPv6 Settings screen, press [Use DHCPv6] → specify the following.

[On] for <Use DHCPv6>: You can use DHCPv6 to obtain a stateful address from a DHCP server.

  1. On the IPv6 Settings screen, press [IP Address Range Settings] → specify the following.

You need to set <RX/Print Range> if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, the optional Super G3 FAX Board, or the optional Color Universal Send Kit.

  • You can maintain security by setting the range of IPv6 addresses for computers that can obtain access to the machine.
  • Once you set the range of IPv6 addresses of computers on which items for the machine can be set or browsed, it is not possible to use the Remote UI on computers whose IPv6 addresses are not allowed; a utility on the computers cannot be used to set or browse detailed information concerning the machine.
  • Once you set the range of IPv6 addresses of computers from which data (print/fax/I-fax job) can be sent to the machine, the machine rejects data sent from computers whose IPv6 addresses are not allowed. (Optional equipment is required to print or send a fax from a computer. For the equipment needed, see "Optional Equipment and System Requirements.")

  • <Apply Settings> of [Permit IPv6 Address] for <RX/Print Range>: [Off]

  • <Apply Settings> of [Reject IPv6 Address] for <RX/Print Range>: [Off]

  • <Apply Settings> of [Permit IPv6 Address] for <RX/Print Range>: [On]

Press [Register] → store only one IPv6 address or a range of IPv6 addresses that are to be permitted. Also specify the prefix and prefix length for the IPv6 address.

  • <Apply Settings> of [Reject IPv6 Address] for <RX/Print Range>: [On]

Press [Register] → store only one IPv6 address or a range of IPv6 addresses that are to be rejected. Also specify the prefix and prefix length for the IPv6 address.


  • <Apply Settings> of [Permit IPv6 Address] for <Setting/Browsing Range>: [Off]
  • <Apply Settings> of [Reject IPv6 Address] for <Setting/Browsing Range>: [Off]

  • <Apply Settings> of [Permit IPv6 Address] for <Setting/Browsing Range>: [On]

Press [Register] → store only one IPv6 address or a range of IPv6 addresses that are to be permitted. Also specify the prefix and prefix length for the IPv6 address.

  • <Apply Settings> of [Reject IPv6 Address] for <Setting/Browsing Range>: [On]

Press [Register] → store only one IPv6 address or a range of IPv6 addresses that are to be rejected. Also specify the prefix and prefix length for the IPv6 address.

  • A total of eight (groups) of IPv6 addresses, ranges of IPv6 addresses, or IPv6 address prefixes can be set.
  • You cannot specify a multicast address or an address composed entirely of zeros for an IPv6 address.
  • If you enter '0' in [Prefix Length], all IPv6 addresses are not permitted.
  • If you enter '128' in [Prefix Length], the IPv6 addresses of the machine are not permitted.
  • If you want to enter a range of addresses, make sure that the number entered in [First Address] is less than the number entered in [Last Address].
  • If <Apply Settings> is set to 'Off' for both [Permit IPv6 Address] and [Reject IPv6 Address], all IPv6 addresses are permitted.
  • If <Apply Settings> is set to 'Off' for [Permit IPv6 Address] and <Apply Settings> is set to 'On' for [Reject IPv6 Address], IPv6 addresses that are beyond the range specified in [Reject IPv6 Address] are permitted.
  • If <Apply Settings> is set to 'On' for [Permit IPv6 Address] and <Apply Settings> is set to 'Off' for [Reject IPv6 Address], IPv6 addresses that are beyond the range specified in [Permit IPv6 Address] are not permitted.
  • If <Apply Settings> for both [Permit IPv6 Address] and [Reject IPv6 Address] is set to 'On', IPv6 addresses that are beyond the ranges specified in both [Permit IPv6 Address] and [Reject IPv6 Address] are not permitted.
  • If <Apply Settings> for both [Permit IPv6 Address] and [Reject IPv6 Address] is set to 'On', IPv6 addresses that are within the ranges specified in both [Permit IPv6 Address] and [Reject IPv6 Address] are not permitted.
  • If the usage of a protocol or print application is not permitted on your device, it cannot be used even if its IPv6 address is permitted on the machine. Configure the settings of the device to permit the protocol or print application.
  • This machine logs attempts to gain access from IPv6 addresses that it has been set to reject. For instructions on how to refer to the access log, see "Viewing the Network Access Log."

  1. On the TCP/IP Settings screen, press [DNS Settings] → [DNS Server Address Settings].

  1. In <IPv6>, specify the following.

If you want to use dynamic DNS updating, enter the IPv6 address of the DNS server in [Primary DNS Server].

If you do not want to specify a secondary DNS server, leave [Secondary DNS Server] blank.

  • You cannot enter any of the following types of address for [Primary DNS Server] or [Secondary DNS Server]:
  • Multicast address
  • Address composed entirely of zeros
  • Link local address
  • If you set <Use DHCPv6> to 'On' in step 5, the IPv6 address of a DNS server you set manually will be overwritten.
  1. On the DNS Settings screen, press [DNS Host Name/Domain Name Settings] → in <IPv6>, specify the following.

[On] for <Use Same Host Name/Domain Name as IPv4>: You can set the same host name or domain name used with IPv4 communication for IPv6 communication. If you set <Use Same Host Name/Domain Name as IPv4> to 'Off', enter the name of the machine in [Host Name] and the name of the domain the machine belongs to in [Domain Name]. It is necessary to set a host name and domain name if you want to use dynamic DNS updating.

  • If you set <Use DHCPv6> to 'On' in step 5, the domain name you set manually will be overwritten. Even if you set <Use Same Host Name/Domain Name as IPv4> to 'On', the domain name obtained from the DHCPv6 server is used.
  1. On the DNS Settings screen, press [DNS Dynamic Update Settings] → in <IPv6>, specify the following.

[On] for <DNS Dynamic Update>: If your environment includes a dynamic DNS server, you can automatically register the IPv6 address, host name, and domain name set for the machine in the DNS server using dynamic DNS updating.

[On] for <Register Stateless Address>: You can automatically register a stateless address in the DNS server using dynamic DNS updating.

[On] for <Register Manual Address>: You can automatically register a manual address in the DNS server using dynamic DNS updating.

[On] for <Register Stateful Address>: You can automatically register a stateful address in the DNS server using dynamic DNS updating.

  • Windows 2000 Server and Windows Server 2003 do not support DHCPv6 servers.


Settings Common to TCP/IPv4 and TCP/IPv6

This section describes the procedure for specifying the settings common to TCP/IPv4 and TCP/IPv6 using the control panel.

Specify the settings required for your network environment. If you want to use both TCP/IPv4 communications and TCP/IPv6 communications, specify the settings required for both protocols.

After performing this procedure, follow the procedure in "Confirming TCP/IPv4 Settings" and "Confirming TCP/IPv6 Settings" to check whether the network settings are correct.


  1. On the TCP/IP Settings screen, press [LPD Print Settings] → specify the following.

Specify the LPD print settings if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, or the optional Super G3 FAX Board.

[On]: You can use LPD as the print application.

  • You can only output a banner page if you are using the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, or the optional PS Printer Kit.
  • Output of a banner page is set on a print-job basis. Even if [On] is selected for <LPD Banner Page>, a banner page cannot be output for a print job unless it is set.
  1. On the TCP/IP Settings screen, press [RAW Print Settings] → specify the following.

Specify the Raw print settings if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, or the optional Super G3 FAX Board.

[On]: You can use Raw as the print application.

If you want to establish bidirectional communication using Port 9100, press [On] for <Bidirectional Communication>.

  1. On the TCP/IP Settings screen, press [SNTP Settings] → specify the following.

[On] for <Use SNTP>: You can perform time synchronization using SNTP.

Select the interval for performing time synchronization in <Polling Interval>.

In [NTP Server Address], enter the NTP server IP address or host name.

  • In order to perform time synchronization through SNTP, it is necessary to set the time zone of the region in which you are using the machine in advance. For instructions on how to set the time zone, see "Security."
  • If you want to set the digital signature method (see "Registering a Security Policy") for the IKE (Internet Key Exchange) authentication when performing IPSec communication, it is necessary to set <Use SNTP> to 'On'.
  1. On the TCP/IP Settings screen, press [FTP Print Settings] → specify the following.

Specify the FTP print settings if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, or the optional PS Printer Kit.

[On] for <Use FTP printing>: You can use FTP as the print application.

In [User], enter the login user name for access to the FTP server.

In [Password], enter the login password for access to the FTP server.

  • If you do not specify [User] and [Password], all user names and passwords will be valid.
  • The password will appear in the job list as a user name if you enter "anonymous" as a login user name for access to an FTP server without specifying [User] and [Password], or if you enter "anonymous" in [User]. (To display the job list, press [System Monitor] → [Print] → [Log] on the touch panel display.)
  • The port number is 21 and cannot be changed.
  1. On the TCP/IP Settings screen, press [WSD Print Settings] → specify the following.

Specify the WSD print settings if you are using Windows Vista, and the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, or the optional Super G3 FAX Board.

[On] for <Use WSD>: You can use WSD (Web Services for Devices) as the print application.

<Use WSD Browsing> is automatically set to 'On' if you set <Use WSD> to 'On', and enables device information to be obtained using WSD.

If you want to respond to multicast discovery requests, set <Use Multicast Discovery> to 'On'.

  1. On the TCP/IP Settings screen, press [Use PASV Mode for FTP] → specify the following.

Set the PASV mode for FTP if you are using the optional Color Universal Send Kit.

  • Whether you use the PASV mode for FTP depends on the network environment you are using and the settings of the file server you are sending to. Before specifying the PASV mode for FTP, consult your network administrator.
  1. On the TCP/IP Settings screen, press [IPP Print Settings] → specify the following.

Specify the IPP print settings if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, or the optional Super G3 FAX Board.

[On]: You can use IPP as the print application. Pressing [On] for [IPP Print Settings] automatically sets [Use HTTP] to 'On'.

To use SSL to encrypt the IPP data, press [On] for <Use SSL>.

If you are using IPP authentication, press [On] for <Use Authentication> → enter the user name to use for IPP authentication in [User], and the password to use for IPP authentication in [Password].

  • In order to select [On] for <Use SSL> to allow SSL communication, a key pair is necessary. You can use the preinstalled key pair, or generate an original key pair with the machine, to set as the default key. For information on the default key, and instructions on how to generate an original key pair, see "Generating a Key Pair and Server Certificate."
  1. On the TCP/IP Settings screen, press [Multicast Discovery] → specify the following.

[On] for <Response>: You can use device information from other devices, such as an Address Book or Department ID Management settings, or respond to a multicast discovery from utilities.

Optionally, press [Scope Name] and enter the scope name for a multicast discovery.

  • For instructions on how to deliver and share device information, such as the Address Book and Department ID Management settings with multiple devices, see "Security."
  1. On the TCP/IP Settings screen, press [Use HTTP] → specify the following.

[On]: You can use the Remote UI or IPP.

Pressing [Off] for [Use HTTP] automatically sets [Remote UI] (in the System Settings screen) and [IPP Print Settings] to 'Off'.

  1. On the TCP/IP Settings screen, press [Proxy Settings] → specify the following.

In the following cases, specify the proxy settings, according to the network environment you are using:

  • If you are using the optional PS Printer Kit
  • If you are using the optional Direct Printing Kit
  • If you are using the optional Web Access Software (The Web Access Software is optional software for viewing web pages on the touch panel display of the machine. For details, see "Web Access.")
  • If you connect the WebDAV client to the Internet via a proxy, when using a WebDAV server

In [Server Address], enter a proxy server IP address or FQDN (for example, starfish.company.com).

In [Port Number], enter the port number of a proxy server using - (numeric keys).

If you want to use a proxy in the same domain, press [On] for <Use Proxy within the Same Domain>.

If you want to use proxy authentication, press [Authentication Settings] → [On] for <Use Proxy Authentication> → enter the user name to use for proxy authentication in [User], and the password to use for proxy authentication in [Password].

  • If you are using the optional PS Printer Kit or the optional Direct Printing Kit, you can print a file in the PDF or PS format by specifying its URL using the Remote UI. To print a file by specifying its URL using the Remote UI, you need to specify the proxy settings suitable for your environment. (Set in this step.)
  • The optional Direct Printing Kit is not available in some regions.
  1. On the TCP/IP Settings screen, press [Permitted Receiving MAC Address Settings] → specify the following.

[On] for <Apply Settings>: You can enable a MAC address filter. Press [Register] → specify the MAC addresses to allow access to.

  • Up to 100 MAC addresses can be specified.
  • If you select [On] for <Apply Settings>, you will become unable to access from MAC addresses which have not been specified. Check the MAC addresses carefully before specifying them. If the corresponding MAC address does not exist, you will become unable to access the network.
  1. On the TCP/IP Settings screen, press [Dept. ID Management Password Confirmation] → specify the following.

Select [On] or [Off] if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, or the optional Super G3 FAX Board.

[On]: You can confirm the Department ID and password when printing using a driver that supports Windows Vista.

  • A key pair to use for encrypted SSL communication is required to confirm Department IDs and passwords. Even if you set [Dept. ID Management Password Confirmation] to 'On', Department IDs and passwords cannot be confirmed if the key pair is corrupted or invalid. In this case, erase the key pair and follow the procedure in "Key Pair and Server Certificate Settings for Encrypted SSL Communication," to register a new key pair.
  • If there is no key pair, you cannot set <Dept. ID Management Password Confirmation> to 'On'. You can use the preinstalled key pair, or generate an original key pair with the machine, to set as the default key. For information on the default key, and instructions on how to generate an original key, see "Generating a Key Pair and Server Certificate."


Confirming TCP/IPv4 Settings

The following is the procedure for confirming that the network connections are properly set.


  1. On the TCP/IP Settings screen, press [IPv4 Settings] → [PING Command].

  1. In [PING Command], check the following.

Pressing [Start] after entering the desired IP address existing on the network displays the result of the PING command on the touch panel display.

If this result is inappropriate, check the settings described in "Interface Settings," "TCP/IPv4 Settings," and "Settings Common to TCP/IPv4 and TCP/IPv6."

  • If you set the startup time of the machine's network function by following the procedure in "Startup Time Settings," execute the PING command only after the time set as the startup time passes.
  • If you connect the machine to a switching hub, the machine may not be able to connect to a network even though your network settings are appropriate. This problem may be resolved by delaying the startup of network communications for the machine. See "Startup Time Settings," for information on how to set up the startup time.
  1. On the TCP/IP Settings screen, press [SNTP Settings] → check the following.

After pressing [NTP Server Check], if <OK> is displayed, time synchronization is working correctly via SNTP.

If <Error> is displayed, check the settings for [NTP Server Address] set in step 3 of "Settings Common to TCP/IPv4 and TCP/IPv6."

Even if you perform [NTP Server Check], time settings are not updated. Check that communications are possible between the machine and the NTP server.



Confirming TCP/IPv6 Settings

The following is the procedure for confirming that the TCP/IPv6 network connections are properly set.


  1. On the TCP/IP Settings screen, press [IPv6 Settings] → [PING Command].

  1. In [PING Command], check the following.

Pressing [Start] after entering an IPv6 address existing on the network in [IPv6 Address] displays the result of the PING command on the touch panel display.

Pressing [Start] after entering the machine's host name in [Host Name] displays the result of the PING command on the touch panel display.

If this result is inappropriate, check the settings described in "Interface Settings," "TCP/IPv6 Settings," and "Settings Common to TCP/IPv4 and TCP/IPv6."

  • If you set the startup time of the machine's network functions by following the procedure in "Startup Time Settings," execute the PING command only after the time set as the startup time passes.
  • If you connect the machine to a switching hub, the machine may not be able to connect to a network even though your network settings are appropriate. This problem may be resolved by delaying the startup of network communications for the machine. See "Startup Time Settings" for information on how to set up the startup time.
  1. On the TCP/IP Settings screen, press [SNTP Settings] → check the following.

After pressing [NTP Server Check], if <OK> is displayed, time synchronization is working correctly via SNTP.

If <Error> is displayed, check the settings for [NTP Server Address] set in step 3 of "Settings Common to TCP/IPv4 and TCP/IPv6."

Even if you perform [NTP Server Check], time settings are not updated. Check that communications are possible between the machine and the NTP server.



Key Pair and Server Certificate Settings for Encrypted SSL Communication

The key pair and server certificate are required for performing SSL encrypted communication, for use with the following items. This section describes how to specify the key pair and server certificate settings from the control panel of the machine.

  • MEAP functions via a web browser (See "MEAP/SSO.")
  • [Device Information Delivery Settings] (See "Security.")


Generating a Key Pair and Server Certificate

It is necessary to generate and register a key pair in order to use encrypted SSL communication for IPP printing, e-mail and I-faxes, the Remote UI, MEAP functions via a web browser, and device information delivery, or confirm Department IDs and passwords.

A key pair and server certificate are preinstalled in the machine. You can also use this key pair and server certificate to enable encrypted SSL communication.

The procedure for generating and registering a key pair and self-signed server certificate using the control panel of the machine is as follows:


Remark
  • Up to six key pairs can be registered.
  • The key pair and certificate registered here can also be used as the key pair and certificate for IPSec.

  1. On the TCP/IP Settings screen, press [Certificate Settings] → [Generate Key].

  1. Press [Generate Network Communication Key] → specify the following.

In [Key Name], enter a name for the key pair → select a key length.

  • Up to 24 alphanumeric characters can be entered for [Key Name].
  • You cannot generate a key pair with a key length other than 512 or 1024 bit.
  • You cannot specify 'Device Signature Key' (used for key pairs for adding digital signatures to PDFs) or 'AMS' (used for key pairs for access restrictions) as the name for the key pair.
  1. Press [Next] → set the self-signed server certificate.

You cannot set an end date which is earlier than the start date.

Set at least one of the following items → press [Start Key Generatn] to generate a key. You cannot issue a server certificate if all the items are left blank. When using IPPS printing with Windows Vista, make sure to enter the IP address of the machine in [Common Name].

Items you can set:

[Country/Region]: Select the country/region name from the 25 countries/regions in the list, or enter an Internet country code (2 characters maximum).
[State]: Set the state name (24 characters maximum).
[City]: Set the city name (24 characters maximum).
[Organization]: Set the organization name (24 characters maximum).
[Orgnztion Unit]: Set the organization unit, such as the department name (24 characters maximum).
[Common Name]: Set the IP address or FQDN (for example, starfish.company.com) of the machine (24 characters maximum).
  • A DNS server is necessary to use the FQDN of the machine in [Common Name]. Use the IP address of the machine if you do not have a DNS server.
  • After pressing [Start Key Generatn], you cannot use any of the keys until a key pair has been generated and registered.


Registering a Key Pair File and Server Certificate File Installed from a Computer

You can install a key pair from a computer in order to use encrypted SSL communication for IPP printing, e-mail and I-faxes, the Remote UI, MEAP functions via a web browser, and device information delivery, or confirm Department IDs and passwords.

A key pair file and server certificate file created on a computer can be installed in the machine using a web browser (Remote UI). The procedure for registering installed files in the machine using the control panel is as follows:


Remark
  • Up to six key pairs can be registered.
  • The key pair and certificate registered here can also be used as the key pair and certificate for IPSec.
  • For instructions on how to install a key pair file and server certificate file, see "Remote UI."

  1. On the TCP/IP Settings screen, press [Certificate Settings] → [Register Key and Certificate] → specify the following.

Select the file to register → press [Register] → enter the name of the private key in [Key Name], and the password for the private key in [Password].

To erase an unnecessary file, select the file → press [Erase].

  • You can register only key pair files which use the RSA algorithm.


Editing Key Pairs and Server Certificates

You can confirm the settings of registered key pairs and server certificates. You can also delete an unnecessary key pair and certificate, and check how a key pair is currently being used.


  1. On the TCP/IP Settings screen, press [Certificate Settings] → [Key and Certificate List] → [Key and Certificate List for this Machine] → specify the following.

If (invalid) is displayed to the left of a key pair, it is corrupted or invalid. After erasing the corrupted or invalid key pair, register a key pair (see "Generating a Key Pair and Server Certificate," or "Registering a Key Pair File and Server Certificate File Installed from a Computer.").


  • Select the key pair for the server certificate you want to confirm → press [Certificate Details] → [Certificate Verification].

If [Certificate Verification] is grayed out or <The key is corrupted or invalid.> is displayed, you cannot use the key pair. After erasing the corrupted or invalid key pair, register a key pair (see "Generating a Key Pair and Server Certificate," or "Registering a Key Pair File and Server Certificate File Installed from a Computer.").


  • Select the key pair to erase → press [Erase].

  • Key pairs for which 'Using' is displayed in <Used> cannot be deleted because they are being used with IPSec or because SSL is set to 'On'. Press [Display Use Location] to check the type of security the key pair is being used for. To delete a key pair which is only being used with SSL, set the following settings to 'Off'. A key pair being used for IPSec cannot be deleted.
  • [Use HTTP] in [MEAP Settings] (See "MEAP/SSO.")
  • [Receive Restriction for Each Function] in [Device Information Delivery Settings] (See "Security.")

  • Select a key pair with 'Using' displayed for <Used> → press [Display Use Location] to check the kind of security the key pair is being used for.



Changing the Key Pair Used With SSL Encrypted Communications

After checking the function that SSL encrypted communications are being used for, you can change the key pair being used.


  1. On the TCP/IP Settings screen, press [SSL Settings] to display a list of the functions using SSL encrypted communications → press [Key and Certificate].

  1. Select the key pair you want to use for SSL encrypted communications → press [Set as the Default Key].

You cannot set to use "Device Signature Key" or "AMS" (key pair for access restrictions) for SSL. The key pair used with IPSec can be used as the key pair for SSL, but the key pair used with IPSec cannot be changed with this procedure.

  • If you press [Certificate Details], you can check the certificate.
  • If you press [Display Use Location], you can check what the key is being used for.


Registering a CA Certificate File Installed from a Computer

Apart from the X.509 (DER) format CA certificate preinstalled in the machine, you can also register a CA certificate file which has been installed using a web browser (Remote UI).

The procedure for registering installed files in the machine using the control panel is as follows:


Remark
  • For instructions on how to install a CA certificate file, see "Remote UI."
  • Up to 50 CA certificate files can be registered.

  1. On the TCP/IP Settings screen, press [Certificate Settings] → [Register CA Certificate] → specify the following.

Select the file to register → press [Register].

To erase an unnecessary file, select the file → press [Erase]. When the confirmation message is displayed, press [Yes].

To confirm the CA certificate you have registered, see "Editing a CA Certificate."



Editing a CA Certificate

You can confirm the settings of registered CA certificates. You can also erase unnecessary CA certificates.


  1. On the TCP/IP Settings screen, press [Certificate Settings] → [CA Certificate List] → specify the following.

  • Select the key pair for the CA certificate you want to confirm → press [Certificate Details] → [Certificate Verification].


  • Select the CA certificate to erase → press [Erase].



Generating and Confirming a Key Pair and Device Signature Certificate and User Certificate for Adding Digital Signatures to PDF Files

The machine can add the following two types of digital signatures to PDF files. This section describes the procedures for specifying and confirming the settings necessary for adding digital signatures to PDF files using the control panel of the machine. For instructions on how to add digital signatures to PDF files, see "Using the Main Unit to Send/Receive," or "Remote UI."

  • Device Signature

Enables the recipient to identify the device that scanned the document. This type of signature requires the optional Universal Send Security Feature Set. To add a device signature to a PDF, set a key pair and device certificate. (See "Setting a Key Pair and Device Certificate.")

  • User Signature

Enables the recipient to identify the user who signed the document. This type of signature requires the optional Digital User Signature Kit. To add a user signature to a PDF, it is necessary to install a key pair and user certificate in the machine from a computer. (See "Remote UI.") You can confirm the installed key pair and user certificate using the control panel of the machine. (See "Confirming a Key Pair and User Certificate.")



Setting a Key Pair and Device Certificate

The following procedures describe how to generate and update the key pair and device certificate necessary for adding a device signature to a PDF.


Remark
  • The optional Universal Send Security Feature Set is necessary to add a device signature to PDF files. For more information on the equipment needed, see "Using the Main Unit to Send/Receive."

  1. On the TCP/IP Settings screen, press [Certificate Settings] → [Generate Key].

  1. Press [Generate/Update Device Signature Key] → [Yes].

  • You can register only one key pair.


Confirming a Key Pair and Device Certificate

The following procedure describes how to confirm a key pair and device certificate generated/updated in "Setting a Key Pair and Device Certificate."


  1. On the TCP/IP Settings screen, press [Certificate Settings] → [Key and Certificate List] → [Key and Certificate List for this Machine].

If (invalid) is displayed to the left of a key pair, the key pair is corrupted or invalid. Follow the procedure in "Setting a Key Pair and Device Certificate," to generate/update a key pair.

  • You cannot delete or edit a key pair necessary for a device signature on the Key and Certificate List for this Machine screen.
  1. Select 'Device Signature Key' → press [Certificate Details] → [Certificate Verification].

If [Certificate Verification] is grayed out or <The key is corrupted or invalid.> is displayed, you cannot use the key pair. Follow the procedure in "Setting a Key Pair and Device Certificate," to generate/update a new key pair.

  • <Certificate Thumbprint> contains sender information used to validate the reliability of a PDF with a device signature, by matching it with the MD5 or SHA-1 message digest number.
  • The expiration date for the device signature is set to 5 years after its key pair was generated/updated.


Confirming a Key Pair and User Certificate

The following procedure describes how the system manager can confirm the key pairs and user certificates for all users.

Install the key pair and user certificate used for adding a user signature to PDF files from a computer. (See "Remote UI.")


Remark
  • To add a user signature to a PDF, it is necessary to log in to the machine using the SSO-H (Single Sign-On H) login service, and the optional Digital User Signature Kit must be activated by registering a license key. For more information on the SSO-H login services, see "MEAP/SSO." For more information on the Digital User Signature Kit, see "Using the Main Unit to Send/Receive."
  • You can also use the Remote UI to confirm the key pairs and user certificates for all users. For more information, see "Remote UI."
  • End users can display the Key and Certificate List for Users screen in [Communications Settings] → [TX Settings] under <Common Settings> → [Check User Signature Certificate] (from the Additional Functions screen). However, in this case, only the key pair and user certificate for the user who is currently logged in are displayed. Key pairs and user certificates for other users cannot be displayed. The user's key pair also cannot be deleted from this screen. An end user must use the Remote UI to delete their key pair. (See "Remote UI.")

  1. On the TCP/IP Settings screen, press [Certificate Settings] → [Key and Certificate List] → [Key and Certificate List for Users] → specify the following.

User key pairs with (invalid) displayed to the left of them are corrupted or invalid key pairs. After erasing the key pair, install a key pair and user certificate in the machine from a computer. (See "Remote UI.")


  • Select the key pair for the certificate you want to confirm → press [Certificate Details] → [Certificate Verification].

If [Certificate Verification] is grayed out or <The key is corrupted or invalid.> is displayed, you cannot use the key pair. After erasing the corrupted or invalid key pair, install a new key pair and user certificate from a computer. (See "Remote UI.")


  • Select the key pair to erase → press [Erase].



IPSec Settings

If you install the optional IPSec Board to the machine, you can use IPSec communications by setting <Use IPSec> to [On] in the IPSec Settings screen on the touch panel display of the machine.

IPSec is a protocol for ensuring the security of IP packets sent and received over an IP network by protecting it from threats such as theft, modification, and impersonation. IPSec is applied for TCP packets, UDP (User Datagram Protocol) packets, and ICMP (Internet Control Message Protocol) packets. The reason why IPSec is superior to other security protocols is that since it adds security functions to IP, the basic protocol of the internet, it does not depend on the application software and network configuration.

This section describes the procedure for creating a security policy to set IPSec communications, using the control panel of the machine. A security policy registers the settings for IPSec, such as the packets to process with IPSec, and the algorithm to use for authentication and encryption. A logical connection established for traffic by conducting negotiations according to an IPSec security policy is called an IPSec SA (Security Association).

The features of the IPSec used by the machine are as follows.


Remarks
  • [IPSec Settings] is only displayed on the TCP/IP Settings screen if the optional IPSec Board is installed after installing the optional Expansion Bus.

  • Communication Mode

Since the IPSec of the machine only supports the transport mode, authentication and encryption is only applied to the data part of the IP packets.

  • Authentication and Encryption Method

At least one of the following methods must be set for the machine. You cannot set both methods at the same time.

  • AH (Authentication Header)
    A protocol for certifying authentication by detecting modifications to the communicated data, including the IP header. The communicated data is not encrypted.
  • ESP (Encapsulating Security Payload)
    A protocol that provides confidentiality via encryption while certifying the integrity and authentication of only the payload part of communicated data.
  • Key Exchange Protocol

Supports IKEv1 (Internet Key Exchange version 1) for exchanging keys based on ISAKMP (Internet Security Association and Key Management Protocol). IKE includes two phases; in phase 1 the SA used for IKE (IKE SA) is created, and in phase 2 the SA used for IPSec (IPSec SA) is created.

To set authentication with the pre-shared key method, it is necessary to decide upon a pre-shared key in advance, which is a keyword (24 characters or less) used for both devices to send and receive data. Use the control panel of the machine to set the same pre-shared key as the destination to perform IPSec communications with, and perform authentication with the pre-shared key method.

To select authentication with the digital signature method, it is necessary to install a key pair file and CA certificate file created on a PC in advance using the Remote UI, and then register the installed files using the control panel of the machine. Authentication is conducted with the destinations for IPSec communication using the CA certificate.

The types of key pair and CA certificate that can be used for authentication with the digital signature method are indicated below.

  • RSA algorithm
  • X.509 certificate
  • PKCS#12 format key pair

Remarks
  • For ISAKMP, port number 500 of UDP (User Datagram Protocol) is used for sending/receiving.
  • For information on installing a key pair file and CA certificate file, see "Remote UI."


Registering a Security Policy

This section describes the procedure for registering a new security policy.


Remarks
  • You can register up to 10 security policies. The registered security policies are displayed in order of their priority.

  1. On the TCP/IP Settings screen, press [IPSec Settings] → select [On] for <Use IPSec>.

  • If you set <Use IPv4> to 'On', the machine will not enter the Sleep mode completely.
  1. In <Receive Non-policy Packets>, specify the following settings → press [Register].

[Allow]: Allows the sending/receiving of packets that are not encrypted because they do not correspond to the security policy set on the IPSec Settings screen, in plain text.

[Reject]: Rejects the sending/receiving of packets that do not correspond to the security policy set on the IPSec Settings screen.

  1. Enter the security policy name to register in [Policy Name] → press [Selector Settings].

  1. On the Selector Settings screen, specify the local IP address to apply the registered security policy to.

When receiving IP packets, the registered security policy is applied if the destination IP address in the packets matches the local IP address specified in this procedure. When sending IP packets, the registered security policy is applied if the source IP address in the packets matches the local IP address specified in this procedure.

  • IPSec is not applied for link local addresses included when the following are selected. IPSec packets sent to link local addresses are discarded.
  • [All IP addresses] for <Local Address>
  • [IPv6 Address] for <Local Address>
  • [IPv6 Manual Settings] for <Local Address>

  • Select [All IP addresses] for <Local Address>.


  • Select [IPv4 Address] for <Local Address>.

  • Select [IPv6 Address] for <Local Address>.

  • Select [IPv4 Manual Settings] for <Local Address> → specify a single IPv4 address or range of IPv4 addresses. Also specify the subnet.


  • Select [IPv6 Manual Settings] for <Local Address> → specify a single IPv6 address or range of IPv6 addresses. Also specify the IPv6 address and prefix length.

  1. On the Selector Settings screen, specify the remote IP address to apply the registered security policy to.

When receiving IP packets, the registered security policy is applied if the source IP address in the packets matches the remote IP address specified in this procedure. When sending IP packets, the registered security policy is applied if the destination IP address in the packets matches the remote IP address specified in this procedure.


  • Select [All IP addresses] for <Remote Address>.

  • Select [All IPv4 addresses] for <Remote Address>.

  • Select [All IPv6 addresses] for <Remote Address>.

  • Select [IPv4 Manual Settings] for <Remote Address> → specify a single IPv4 address or range of IPv4 addresses. Also specify the subnet.

  • Select [IPv6 Manual Settings] for <Remote Address> → specify a single IPv6 address or range of IPv6 addresses. Also specify the IPv6 address and prefix length.
  1. On the Selector Settings screen, specify the destination port to apply the registered security policy to.

When receiving IP packets, the registered security policy is applied if the destination port in the packets matches the port number specified in this procedure. When sending IP packets, the registered security policy is applied if the source port in the packets matches the port number specified in this procedure.


  • Select [Specify by Port Number] for <Port>.
  • On the Specify by Port Number screen, set the local port and remote port.

[All ports]: Select to specify all the local ports or all the remote ports.

[Specify Port]: Select to specify a single local port or remote port according to the port number.


  • Select [Specify by Service Name] for <Port>.
  • On the Specify by Service Name screen, select a displayed service name → press [Service On/Off].

  1. On the Register screen, press [IKE Settings] → select the mode to use for IKE phase 1.

[Main]: Select to set the Main mode. This mode has strong security because the IKE session itself is encrypted.

[Aggressive]: Select to set the Aggressive mode. This mode speeds up IKE sessions because they are not encrypted.

  1. On the IKE Settings screen, specify the authentication method to use for IKE phase 1.

If you want to select the pre-shared key method, prepare a pre-shared key. To select the digital signature method, it is necessary to install a key pair file and CA certificate file created on a PC in advance using the Remote UI.


  • Press [Pre-shared Key Method] → [Shared Key] for <Authentication Method> → enter the pre-shared key.


  • Press [Digital sig. Method] → [Key and Certificate] for <Authentication Method>, select the key pair you want to use → press [Set as the Default Key] to register the key pair to use for IPSec.

You cannot set to use "Device Signature Key" or "AMS" (key pair for access restrictions). The key pair used for SSL can also be used as the key for IPSec.

  • The key pair used for this product and the root CA certificate used in the device to communicate with must be issued from the same root certificate authority.
  • It is necessary to use the Remote UI to delete a key pair registered for IPSec.(See "Remote UI.")
  • You can check the content of a certificate by selecting a key pair on the Key and Certificate screen, and pressing [Certificate Details]. On the Certificate Details screen, you can press [Certificate Verification] to verify the certificate.
  • You can check what a key pair is being used for by selecting a key pair with 'Using' displayed for <Used> on the Key and Certificate screen, and pressing [Display Use Location].
  1. On the IKE Settings screen, select the algorithm for the authentication and encryption to use for IKE phase 1.

  • Select [Manual Settings] for <Auth./Encryption Algorithm> → specify the authentication and encryption algorithm to apply to the IKE SA.

[SHA1] for <Authentication>: Select to set SHA1 (Secure Hash Algorithm 1) for the authentication algorithm. 160-bit hash values are supported.

[MD5] for <Authentication>: Select to set MD5 (Message Digest Algorithm 5) for the authentication algorithm. 128-bit hash values are supported.

[3DES-CBC] for <Encryption>: Select to set 3DES (Triple Data Encryption Standard) for the encryption algorithm, and CBC (Cipher Block Chaining) for the encryption mode. 3DES takes longer to process because it performs DES three times, but enables increased encryption strength. CBC links the encryption result of the previous block with the next block to make it harder to decipher the encryption.

[AES-CBC] for <Encryption>: Select to set AES (Advanced Encryption Standard) for the encryption algorithm, and CBC for the encryption mode. AES supports encryption keys with a key length of 128, 192, or 256 bits. As the supported key lengths are long, it enables increased encryption strength. CBC links the encryption result of the previous block with the next block to make it harder to decipher the encryption.

[Group1(762)] for <DH Group>: Select to set Group 1 for the DH (Diffie-Hellman) key exchange method. In Group 1, 762-bit MODP (Modular Exponentiation) is supported.

[Group2(1024)] for <DH Group>: Select to set Group 2 for the DH key exchange method. In Group 2, 1024-bit MODP is supported.

[Group14(2048)] for <DH Group>: Select to set Group 14 for the DH key exchange method. In Group 14, 2048-bit MODP is supported.


  • Select [Auto] for <Auth./Encryption Algorithm>.

The priority for the authentication and encryption algorithms is indicated below.

Priority Authentication Algorithm Encryption Algorithm DH Key Exchange Method
1 SHA1 AES (128-bit) Group 2
2 MD5
3 SHA1 AES (192-bit)
4 MD5
5 SHA1 AES (256-bit)
6 MD5
7 SHA1 3DES
8 MD5
  1. On the Register screen, press [IPSec Network Settings] → specify the SA validation time and validation type, and PFS (Perfect Forward Security).

[Time] and [Size] for <Validity>: Specify the validation period for the generated IKE SA and IPSec SA. In IPSec communications to which a valid security policy is applied, packets can be sent and received without conducting key exchange negotiations. Make sure to set either [Time] and [Size]. If you set both, the SA becomes invalid when the value set for either [Time] or [Size] is reached.

[On] for <PFS>: If you enable the PFS function, you can increase the confidentiality because even if one encryption key is exposed to a third party, the problem does not spread to other encryption keys.

[Off] for <PFS>: If you disable the PFS function, if one encryption key is exposed to a third party, other encryption keys may be able to be guessed. If you set <PFS> to 'On', the destination for PFS communication must also have PFS enabled.

  1. On the IPSec Network Settings screen, select the algorithm for the authentication and encryption to use for IKE phase 2.

  • Select [Manual Settings] for <Auth./Encryption Algorithm>.
  • Set the ESP authentication/encryption method, or the algorithm for the AH authentication method.

[SHA1] for <ESP Auth.>: Select to set SHA1 as the algorithm for the ESP authentication method. 160-bit hash values are supported.

[MD5] for <ESP Auth.>: Select to set MD5 as the algorithm for the ESP authentication method. 128-bit hash values are supported.

[NULL] for <ESP Auth.>: Select to not set the algorithm for the ESP authentication method.

[3DES-CBC] for <ESP Encryption>: Select to set 3DES for the ESP encryption algorithm, and CBC for the encryption mode. 3DES takes longer to process because it performs DES three times, but enables increased encryption strength. CBC links the encryption result of the previous block with the next block to make it harder to decipher the encryption.

[AES-CBC] for <ESP Encryption>: Select to set AES for the ESP encryption algorithm, and CBC for the encryption mode. AES supports encryption keys with a key length of 128, 192, or 256 bits. As the supported key lengths are long, it enables increased encryption strength. CBC links the encryption result of the previous block with the next block to make it harder to decipher the encryption.

[NULL] for <ESP Encryption>: Select to not set the algorithm for the ESP encryption method.

[SHA1] for <AH Auth.>: Select to set SHA1 as the algorithm for the AH authentication method. 160-bit hash values are supported.

[MD5] for <AH Auth.>: Select to set MD5 as the algorithm for the AH authentication method. 128-bit hash values are supported.


  • Select [Auto] for <Auth./Encryption Algorithm>.

The ESP authentication/encryption methods are set. The priority for the authentication and encryption algorithms is indicated below.

Priority Algorithm for ESP Authentication Method Algorithm for ESP Encryption Method
1 SHA1 AES (128-bit)
2 MD5
3 SHA1 AES (192-bit)
4 MD5
5 SHA1 AES (256-bit)
6 MD5
7 SHA1 3DES
8 MD5


Editing a Security Policy

This section describes the procedure for changing the settings of a registered security policy. It also describes the procedure for enabling a security policy.


  1. On the TCP/IP Settings screen, press [IPSec Settings] → perform the following.

  • Select the security policy → press [Policy On/Off].


  • Select the security policy → press [Raise Priority] or [Lower Priority].
  • You can press [Print List] to print a list of the security policies and confirm their priorities.

  • Select the security policy → press [Erase].

  • Select the security policy → press [Edit].
  • Change the required items on the Edit screen.

For more information on each setting, see "Registering a Security Policy."



E-Mail/I-Fax Settings

Remark
  1. On the Network Settings screen, press [E-mail/I-Fax].
  1. Specify the mail server for receiving e-mail/I-faxes.

The machine supports both the SMTP and POP3 functions.

The machine can receive I-fax images and communication error notices only.


  • Register the host name of the machine with the DNS server → specify the following.

Press [On] for <SMTP Receipt> → press [Off] for <POP>.

In [E-mail Address], enter the e-mail address your machine will use. You can specify any user name (the part of the address located in front of the @ symbol). Enter the host name after the "@" symbol in the e-mail address.

If you select [SSL] for <Allow SSL (SMTP Receive)>, reception of only data encrypted using SSL is allowed and communications from the host not using SSL are rejected.

If you select [On] for <Allow SSL (SMTP Receive)>, depending on the request from the host, reception of data encrypted using SSL is allowed only when there is a request from the host.

  • Even if you select [On] for <Allow SSL (SMTP Receive)>, the data will not be encrypted if the SMTP host does not support encryption.
  • In order to select [SSL] or [On] for <Allow SSL (SMTP Receive)> to allow SSL transmission, it is necessary to generate a key pair in advance. For instructions on how to generate a key pair, see "Generating a Key Pair and Server Certificate."

  • Press [On] for <POP> → press [Off] for <SMTP Receipt>.

In [E-mail Address], enter the e-mail address your machine will use.

In [POP Server], enter the IP address or name of the POP server using the keyboard on the touch panel display.

In [POP Address], enter the login name for access to the POP server.

In [POP Password], enter the password for access to the POP server.

Set [POP Interval] to the interval you want the POP server to check for incoming e-mail. If the interval is set to '0', the POP server is not checked automatically. For instructions on how to manually check the POP server, see "Using the Main Unit to Send/Receive."

Select the authentication method supported by the POP server from [Standard], [APOP], or [POP AUTH] for <POP AUTH Method>.

If you want to send encrypted data, press [On] for <Allow SSL (POP)>.

  • If the POP server does not support SSL encryption, data is not encrypted when [On] is selected for <Allow SSL (POP)>.
  • In order to select [On] for <Allow SSL (POP)> to allow SSL transmission, it is necessary to generate a key pair in advance. For instructions on how to generate a key pair, see "Generating a Key Pair and Server Certificate."

  1. Specify the mail server for sending e-mail/I-faxes.


  • In [SMTP Server], enter the IP address or name of the SMTP server using the keyboard on the touch panel display.

Press [On] for <POP Authentication before Sending> → press [Off] for <SMTP Authentication (SMTP AUTH)>.


  • In [SMTP Server], enter the IP address or name of the SMTP server using the keyboard on the touch panel display.

Press [On] for <SMTP Authentication (SMTP AUTH)> → press [Off] for <POP Authentication before Sending>.

In [User], enter the user name used for logging in to the SMTP server. If you are using a Microsoft SMTP server, enter the user name in [User] using the following format: user name@domain name.

In [Password], enter the password used for logging in to the SMTP server.

To encrypt data to be sent using SSL, select [On] for <Allow SSL (SMTP Send)>.

  • If the SMTP host does not support encryption, data is not encrypted when [On] is selected for <Allow SSL (SMTP Send)>.

  • In [SMTP Server], enter the SMTP server IP address or name using the keyboard on the touch panel display.

Press [Off] both for <SMTP Authentication (SMTP AUTH)> and <POP Authentication before Sending>.



Startup Time Settings

If you connect the machine to a switching hub, it may not be able to connect to a network even though your network settings are set correctly.

This occurs because the spanning tree process performed between switching hubs prevents them from communicating with each other immediately after the machine connects to a switching hub.

In this case, use the following procedure to delay the start of communication.


  1. On the Network Settings screen, press [Startup Time Settings] → specify the following.

Press [-] or [+] to set the time period to delay the startup of network communications for the machine.



Setting Up a Computer for Printing/Sending a Fax

After you have completed the protocol settings for printing and sending a fax with the machine, you are ready to set up each of the computers for printing or sending a fax.

  • Connecting to a TCP/IP Network

All computers that use the printer must have TCP/IP client software installed and must be enabled for TCP/IP network use. For details, see the manuals provided with the operating system.

  • Installing the Driver and Specifying the Port Setting

To print or send a fax from a computer, you must install a driver and specify a port setting. The port setting differs depending on the print application used for printing or sending a fax. Use the following information as a guide to determine the print application you are using, and then perform the necessary operations.

  • IPP/IPPS
    This is a print application that can be used with TCP/IP. IPP enables you to use the HTTP protocol to send data to a machine on an intranet/the internet. IPPS is a print application which performs encrypted SSL communication when using IPP. See "Printer Connection Method (IPP/IPPS)."

Remark
  • If the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen do not permit the IP address of a computer in which a driver is installed, you cannot print from the computer. (See step 8 in "TCP/IPv4 Settings," or step 6 in "TCP/IPv6 Settings.")
  • If you print with IPP, the [Pause Printing] and [Cancel All Documents] settings on the [Printer] menu in the Windows print queue cannot be used. (To view the print queue, click the [Start] menu → point to [Settings] → click [Printers] → double-click the icon of the machine.)


Printer Connection Method (LPD/Raw)


Windows 2000/XP/Server 2003/Vista

In the following procedures, items displayed on the screens for Windows 2000 are used. The items displayed may differ according to your operating system.


Remark
  • If you are using Windows Vista, a dialog box may be displayed while you are performing the procedure. In this case, enter a user name and password. For more information, see the manuals provided with the operating system.


Installing a New Driver

  1. Check the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen to see whether the IP address of the computer in which a driver is to be installed is permitted. For details, see step 8 in "TCP/IPv4 Settings," or step 6 in "TCP/IPv6 Settings."
  • If the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen do not permit the IP address, you cannot install a driver.
  • If the IP address of the computer is beyond the range of the permitted addresses set for <RX/ Print Range> after installing a driver, you cannot print or send a fax from the computer.
  1. Install the driver.

Install the driver according to the following procedures indicated in the manual for each driver:

  • If you want to use the UFR II/PCL/PS printer driver
    See the procedure for dynamic installation in the Printer Driver Installation Guide.
  • If you want to use the fax driver
    See the procedure for dynamic installation in the Fax Driver Installation Guide.
  • The print application will be LPD and the print queue will be set to <LP> if the driver has been installed according to the above procedures.


Changing the Port after Installing the Driver

  1. In the printer properties dialog box of the printer you installed, select the [Ports] sheet → click [Add Port].

  1. In the [Printer Ports] dialog box, from [Available ports types], select [Standard TCP/IP Port] → click [New Port].
  1. According to the instructions on the Add Standard TCP/IP Printer Port Wizard, in [Printer Name or IP Address], enter the printer IP address or printer host name → exit the Wizard.

If the dialog box displays <Additional Port Information Required>, follow the instructions on the screen to search again, or click [Standard] → click [Canon Network Printing Device with P9100] under [Device type].

  1. In the printer properties dialog box, click [Configure Port] → select [LPR] or [Raw].

If you use LPD, you can specify one of the following print queues in [Queue Name].

  • LP
    The machine prints according to its spool settings. Normally, <LP> is entered as a print queue.
  • SPOOL
    The machine prints only after spooling a print job on the hard disk, regardless of its spool settings.
  • DIRECT
    The machine prints without spooling a print job on the hard disk, regardless of its spool settings.


Mac OS X 10.3 or later

  1. Check the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen to see whether the IP address of the computer in which a driver is to be installed is permitted. For details, see step 8 in "TCP/IPv4 Settings," or step 6 in "TCP/IPv6 Settings."
  • If the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen do not permit the IP address, you cannot install a driver.
  • If the IP address of the computer is beyond the range of the permitted addresses set for <RX/Print Range> after installing a driver, you cannot print or send a fax from the computer.
  1. Install the driver.

Install the driver according to the instructions in the manual for each driver.

  • If you want to use the UFR II printer driver
    See the Mac UFR II Driver Guide.
  • If you want to use the PS printer driver
    See the Mac PS Driver Guide.
  • If you want to use a PS printer driver provided by Apple Inc.
    For instructions on how to install the corresponding PPD file from Canon, see Chapter 10, "Before Printing from Computers," in Getting Started. For details about the PS printer driver, see the documentation provided with your Macintosh.
  • The PS printer driver can be used only in a Mac OS X 10.3.9 or later environment.


UNIX

The machine supports the LPD print application for printing over TCP/IP networks.

The following procedures are only examples. The setup procedures for your environment may differ.


Remark
  • If the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen do not permit the IP address, you cannot specify the spooling system.

  1. Log in to a workstation as a superuser → set up the spooling system.

  • Add the following to the /etc/printcap file:

<Print queue name>|<comment>:\
:lp=<device special file>:\
:sd=<spool directory>:\
:rm=<printer IP address or host name>:


  • Start the admintool utility → click [Browse] → [Printers] → [Edit] → [Add] → [Access to Printer] → in [Printer Name], enter the desired print queue name → in [Print Server], enter the IP address or printer host name.
  • The admintool utility is included with the operating system. For specific operating instructions, see the operating system manual.
  • You can specify one of the following print queues.
  • LP
    The machine prints according to its spool settings. Normally, <LP> is entered as a print queue.
  • SPOOL
    The machine prints only after spooling a print job on the hard disk, regardless of its spool settings.
  • DIRECT
    The machine prints without spooling a print job on the hard disk, regardless of its spool settings.
  • When the job log appears on the touch panel display of the machine, <unknown> may be displayed as the document name and user name of print data transmitted to the machine over a UNIX network. (To display the job log, press [System Monitor] → [Print] → [Log] on the touch panel display.)


Printer Connection Method (IPP/IPPS)


Windows 2000/XP/Server 2003/Vista

In the following procedures, items displayed on the screens for Windows 2000 are used. The items displayed may differ according to your operating system.


Remark
  • If you are using Windows Vista, a dialog box may be displayed while you are performing the procedure. In this case, enter a user name and password. For more information, see the manuals provided with the operating system.

  1. Check the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen to see whether the IP address of the computer in which a driver is to be installed is permitted. For details, see step 8 in "TCP/IPv4 Settings," or step 6 in "TCP/IPv6 Settings."
  • If the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen do not permit the IP address, you cannot install a driver.
  • If the IP address of the computer is beyond the range of the permitted addresses set for <RX/Print Range> after installing a driver, you cannot print or send a fax from the computer.
  1. Start the Add Printer Wizard → select a network printer.
  1. Select the option for locating the printer on the Internet or on your intranet → enter the URL of your printer.

If you want to use regular IPP printing, enter the following URL in [URL].
http://<the IP address or host name of the machine>/ipp

If you want to use encrypted communication and perform IPPS printing, enter the following URL in [URL].
https://<the IP address or host name of the machine>/ipp

  1. Follow the instructions on the screen to complete the installation.


Mac OS X 10.3 or later

If you are using the optional PS Printer Kit, and a PS printer driver provided by Apple Inc. with the Mac OS, you can use IPP as the print application. After installing the PPD file according to Chapter 10, "Before Printing from Computers," in Getting Started, specify the print settings according to the instructions in the documentation provided with your Macintosh.



Printer Connection Method (FTP)

The following procedure describes how to perform printing by using FTP.


  1. Go to the command prompt → log in to the machine's FTP server.

For details on user names and passwords, see step 4 in "Settings Common to TCP/IPv4 and TCP/IPv6."

Command to be executed
1. ftp> bin *Change the file type to IMAGE (BINARY)
Change the file type to IMAGE (BINARY) even if you are printing text files.

2. ftp> put <file name to be printed> *Upload the file to be printed

3. ftp> bye *Cut off server connection

The following is a UNIX command example.
1. U:> ftp 172.24.176.244 *Connect to server
Connected to 172.24.176.244.
220 Connection established.

2. Name (172.24.176.244:none): user_name *User login
331 Password required to login.

3. Password: *Enter password
230 User user_name logged in.

4. ftp> bin *Set file type
200 Type set to IMAGE (binary).

5. ftp> put print.txt *Upload print file
200 PORT command successful.
150 Opened BINARY data connection for file transfer.
226 Transfer complete.

6. ftp> bye *Cut off server connection
221 Server closing down connection.

  • Up to three clients can be logged in simultaneously to its FTP server.
  • You cannot perform manipulation of files (changing file names, deleting, etc.) on the FTP server by using FTP commands.


Printer Connection Method (WSD)

The following procedure describes how to perform printing with WSD when using Windows Vista.

If a dialog box is displayed while you are performing this procedure, enter a user name and password. For more information, see the documentation provided with Windows Vista.


  1. Check the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 Settings screen to see whether the IPv4 address of the computer in which a driver is to be installed is permitted. For details, see step 8 in "TCP/IPv4 Settings."
  • If the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 Settings screen do not permit the IPv4 address, you cannot install a driver.
  • If the IPv4 address of the computer is beyond the range of the permitted IPv4 addresses set for <RX/Print Range> after installing a driver, you cannot print or send a fax from the computer.
  1. Install the driver.

  • With Windows Explorer, right-click the printer icon you want to use → select [Install].

  • Start the Add Printer Wizard → select a network printer.


Setting Up a Computer as a File Server

To send data from the machine to a computer on your network, you need to specify the settings of the computer for receiving data.

You can send data over a TCP/IP network to any of the following:

  • FTP server (Windows 2000/XP/Server 2003/Vista, UNIX, Linux, Mac OS X, iW Document Manager Gateway)
  • WebDAV server (Windows 2000 Server/2000 Professional/XP/Server 2003, UNIX, Linux, Mac OS X)
  • Windows shared folder (Windows 2000/XP/Server 2003)
  • Samba shared folder (UNIX/Linux/Mac OS X)

This section describes how to set up a computer as an FTP/WebDAV server.

For instructions on how to configure a Windows and Samba shared folder, see "Setting Up a Computer as a File Server."


Remark
  • Samba 2.2.8a or later is supported.
  • This section describes only the procedures for setting up a computer to receive data sent from the machine. To send data from the machine to a server on the network, you must enter an address setting from the control panel. For instructions on how to specify recipient address settings, see "Using the Main Unit to Send/Receive."
  • The following procedure explains a sample FTP/WebDAV server setup. Depending on your environment, the actual setup procedure may differ.


FTP Server Settings


Windows 2000/XP/Server 2003/Vista

This section describes the procedures for using the default home directory under [Default FTP Site]. To use other settings, enter the FTP site and home directory by referring to the IIS documentation.

It is recommended that the FTP server be configured by the network administrator.

In the following procedures, items displayed on the screens for Windows 2000 are used. The items displayed may differ according to your operating system.


Remark
  • The use of Windows 2000 Server/XP Professional/Server 2003/Vista as an FTP server requires the installation of IIS. If IIS is not installed in the computer you are using, you will need to install the version of IIS for the operating system you are using before entering these settings. (See "System Requirements.") For installation procedures, see the manuals provided with your operating system.
  • User authentication for access to FTP servers is performed using the local account database of Windows 2000 Server/XP Professional/Server 2003/Vista used as the FTP server. Therefore, it is not possible to use the account of a domain user registered in Windows 2000 Server/XP Professional/ Server 2003/Vista to send data directly from the machine to FTP servers in other domains.
  • If you are using Windows Vista, a dialog box may be displayed while you are performing the procedure. In this case, enter a user name and password. For more information, see the manuals provided with the operating system.

  1. Log on to Windows as a member of the group with access rights to the directory to be designated as the FTP site directory → start IIS.

Depending on your environment, the access rights settings for a drive or directory may differ. For details, see the Windows manual.

  1. In the [Default FTP Site Properties] dialog box, on the [Security Accounts] sheet, deselect the option which allows only anonymous connection.
  1. In the [Default FTP Site Properties] dialog box, on the [Home Directory] sheet, select both [Read] and [Write].

  1. Right-click [My Computer] → click [Properties] to open the [System Properties] dialog box → confirm [Full computer name].

  1. Right-click [My Computer] → click [Manage] to open the [Computer Management] window → under [System Tools], in [Local Users and Groups], right-click the [Users] folder → click [New User].

  1. In the [New User] dialog box, enter the user name in [User name] → enter the password in [Password] → re-enter the password in [Confirm Password] → click [Create].

Enter a user name and a password not longer than 24 alphanumeric characters.

If [User must change password at next logon] is selected, any new users added must change their passwords in order to send data from the machine. (You cannot change the password from the control panel.)

  • In the Active Directory environment, the procedures for setting up users differ from the above. For details, see the Windows manual.
  1. Set a recipient address using the control panel.

Sample recipient setting:

  • Server side settings:
[Full Computer Name]: starfish.organization.company.com
Create a directory named "share" in the specified FTP server's home directory "\lnetpub\ftproot", and then set "share" as the data destination.
  • The machine's recipient settings:
<Protocol>: FTP
[Host Name]: starfish.organization.company.com
[Folder Path]: share
[User]: User name entered in step 5
[Password]: Password for the above user

  • To use [Full computer name], which was confirmed in step 4, as the host name for [Host Name] as shown in the above example, it is necessary to use a DNS server. (This applies even if the machine and the FTP server are in the same subnet.) If no DNS server is available, the host name setting should be specified using the IP address of the FTP server.
  • Up to 128 alphanumeric characters can be entered for [Host Name] on the control panel. Also, up to 255 alphanumeric characters can be entered for [Folder Path].
  • If you switch the language of the touch panel display, [Host Name] and [Folder Path] may not be displayed correctly.
  • If you want to send to an IPv4 host using an FTP port other than port 21, set [Host Name] using the following format:
    <IPv4 address of FTP server>:<Port number>
    Example: 192.168.1.21:21000
  • To send to an IPv6 host, set [Host Name] using the following format:
    <IPv6 address>:<Port number>
    Example: [5aed:90a0:bc05:01d2:568a:2fc0:0001:12ee]:21000


UNIX/Linux

For more information on the system requirements for using a UNIX/Linux computer as an FTP server, see "System Requirements."

In some environments, detailed settings may be required in order to use FTP. For details, consult your network administrator.


  1. Log in to a workstation as a superuser → set up the users who send documents from the machine, and their passwords.

Enter a user name and a password not longer than 24 alphanumeric characters.

  1. Create a shared directory to be used for recipient addresses, and then enable read access and write access by the users who will be sending data.
  1. Set a recipient address using the control panel.

Sample recipient setting:

  • Server side settings:
[Host Name]: starfish
[Domain]: organization.company.com
The user's home directory is /home/hsato, and /home/hsato/share is the data destination.
  • The machine's recipient settings:
<Protocol>: FTP
[Host Name]: starfish.organization.company.com
[Folder Path]: Enter one of the following:
share (when using relative path)
/home/hsato/share (when using absolute path)
[User]: User name entered in step 1
[Password]: Password for the above user

For a sample screen, see the example of Windows 2000/XP/Server 2003/Vista screen.

  • To use the host name of the above example for [Host Name], it is necessary to use a DNS server. (This applies even if the machine and the FTP server are in the same subnet.) If no DNS server is available, the host name setting should be specified using the IP address of the FTP server.
  • Up to 128 alphanumeric characters can be entered for [Host Name] on the control panel. Also, up to 255 alphanumeric characters can be entered for [Folder Path].
  • If you switch the language of the touch panel display, [Host Name] and [Folder Path] may not be displayed correctly.
  • If you want to send to an IPv4 host using an FTP port other than port 21, set [Host Name] using the following format:
    <IPv4 address of FTP server>:<Port number>
    Example: 192.168.1.21:21000
  • To send to an IPv6 host, set [Host Name] using the following format:
    <IPv6 address>:<Port number>
    Example: [5aed:90a0:bc05:01d2:568a:2fc0:0001:12ee]:21000


Mac OS X

  1. Log in to Mac OS X as Administrator → start the FTP services under Mac OS X.
  1. Click the [Sharing] icon → [Allow FTP access] → click [Show All] on the toolbar.
  1. Click [Users] to open the [Users] window → enter the name of the user to whom you want to send data from the machine through Mac OS X → enter the password.

Enter a user name, and a password not longer than 24 alphanumeric characters.

  1. Create a shared folder to which files are to be sent.

Sample setting:
Create a folder named "iR_Folder" in the [Public] folder in the [Home] folder.

  1. Select the shared folder created in step 4 → select [Show Info] from the [File] menu → select [Privileges] from [Show] → enable read & write access to the folder by the owner and members of the group to which the owner belongs.
  1. Set a recipient address using the control panel.

Sample recipient setting:

  • Server side settings (set using the above procedure):
    Create a folder named "iR_Folder" in the [Public] folder in the [Home] folder of the user named "yoko," and then specify the iR_Folder as the folder to which files are sent.
  • The machine's recipient settings:
<Protocol>: FTP
[Host Name]: IP address of Macintosh
[Folder Path]: Enter one of the following:
Public/iR_Folder (If you enter a relative path)
/Users/yoko/Public/iR_Folder (If you enter an absolute path)
[User]: User name entered in step 3
[Password]: Password for the above user

  • Up to 255 alphanumeric characters can be entered for [Folder Path] on the control panel.
  • If you switch the language of the touch panel display, [Host Name] and [Folder Path] may not be displayed correctly.
  • If you want to send to an IPv4 host using an FTP port other than port 21, set [Host Name] using the following format:
    <IPv4 address of FTP server>:<Port number>
    Example: 192.168.1.21:21000
  • To send to an IPv6 host, set [Host Name] using the following format:
    <IPv6 address>:<Port number>
    Example: [5aed:90a0:bc05:01d2:568a:2fc0:0001:12ee]:21000


FTP Server for iW Document Manager Gateway

An FTP server for iW Document Manager Gateway is required for receiving data from the machine, when used with iW Document Manager Gateway.


  1. Set up the FTP server for iW Document Manager Gateway → specify the folder to store data sent from the machine.

For more information, see the manual provided with the iW Document Manager Gateway.

  • Up to 255 alphanumeric characters can be entered for a folder name.
  • Enter a user name and a password not longer than 24 alphanumeric characters.
  1. On the FTP server for iW Document Manager Gateway, export destination data.

For more information, see the manual provided with the iW Document Manager Gateway.

  • A DNS server is needed to use an FQDN format (for example, starfish.organization.company.com) for the FTP server address. (A DNS server is also required if the machine and the FTP server are in the same subnet.) If you have not set up a DNS server, use IP addresses.
  • Up to 128 alphanumeric characters can be entered for an FTP server address in the FQDN format.
  1. Use the Remote UI of the machine to import the destination data exported in step 2 into the machine.

For instructions on how to import the destination data, see "Remote UI."

  • If the System Manager ID and password of the machine are set, the dialog box for entering a user name and password appears; enter the System Manager ID in [User Name] and password in [Password].
  • If you switch the language of the touch panel display, [Host Name] and [Folder Path] may not be displayed correctly.
  • If the FTP port number is set to a value other than 21, specify the following for [Host Name]:
    <IP address of FTP server>:<Port number>
    Example: 192.168.1.21:21000


WebDAV Server Settings

The WebDAV sending function is a function for sending scanned image files, image files for received faxes, or image files sent from the User Inboxes or Memory RX Inbox of the machine, to a WebDAV server directory on the Internet or your intranet, using the WebDAV protocol.

This section describes the procedure for setting up a WebDAV publishing directory. Setting up a publishing directory enables users who have the necessary access privileges to manage files in the directory.

It is recommended that the WebDAV server be configured by the network administrator.



IIS for Windows 2000/2000 Server/XP/Server 2003

The procedure below uses items of Windows 2000 as an example. Depending on your environment, the items you see on the screen may differ.


Remark
  • If IIS is not installed in the computer you are using, you will need to install the version of IIS for the operating system you are using before entering these settings. (See "System Requirements.") For installation procedures, see the manuals provided with your operating system.
  • Server authentication is required for sending to a WebDAV server. Enable authentication before using a WebDAV server. The authentication methods available for the server are Anonymous, Basic, or Digest authentication, and authentication errors will occur if you try to use another authentication method. If the Anonymous authentication method is enabled, access rights are assigned to all users, and IIS always performs anonymous authentication, even if either of the other two authentication methods are enabled. (The priority level is Anonymous authentication > Digest authentication > Basic authentication.) If a high level of security is required, disable anonymous authentication. Use the user names and passwords registered in the address book of the WebDAV server for the Basic and Digest authentication methods. For instructions on how to set the authentication method for IIS, see the IIS documentation.
  • The machine does not support sending to a Windows Vista computer using WebDAV. However, it is possible to view documents sent to the WebDAV server on the network from Windows Vista.
  • When connecting to a WebDAV server via a proxy with Digest authentication set using IIS 6.0, it is necessary to set <Use Chunked Encoding with WebDAV Sending> to 'On' from the control panel of the machine. For more information on this procedure, see "Using the Main Unit to Send/Receive."

  1. Right-click [My Computer] → in the [C:\Inetpub] folder, create a physical directory to use as the sending destination.
  • The physical directory cannot be created in the [C:\Inetpub\wwwroot] folder, because the default DACL of wwwroot differs from that of other directories.
  1. Create a virtual directory.
  • Start IIS → from the IIS snap-in, select the Web site to add a directory to.
  • On the [Action] menu, point to [New] → select [Virtual Directory].
  • Follow the instructions on the Virtual Directory Creation Wizard to complete the creation of the directory.

Specify the directory path created in step 1 as a physical path to the virtual directory.

  1. Select [Write] in the virtual directory properties to give access for writing files to the WebDAV clients.

If you are using Windows Server 2003, click [Allow] for [WebDAV] in [Web Service Extensions] in IIS Manager.

  1. See the IIS documentation to specify the settings for SSL encrypted communication.
  1. Set a recipient address from the control panel.

Sample recipient settings:

  • Server side settings:
    Create a physical directory named "C:\Inetpub\export\share\home\users\", and then create a virtual directory that links to the physical directory as the folder to which files are sent.
  • The machine's address settings:
<Protocol>: WebDAV
[Host Name]: https://starfish.cse.canon.co.jp/
[Folder Path]: \export\share\home\users\
[User]: User name for the Basic and Digest authentication methods of the WebDAV server
[Password]: Password for the Basic and Digest authentication method of the WebDAV server

  • Up to 128 alphanumeric characters can be entered for [Host Name] on the control panel. Also, up to 255 alphanumeric characters can be entered for [Folder Path].
  • If you switch the language of the touch panel display, [Host Name] and [Folder Path] may not be displayed correctly.
  • If the language of the touch panel display differs from the computer used as a master browser, [Host name] and [Folder path] may not be displayed correctly, or you may not be able to browse the directories.
  • To send to an IPv6 host, set [Host Name] using the following format:
    <IPv6 address>:<Port number>
    Example: [5aed:90a0:bc05:01d2:568a:2fc0:0001:12ee]:21000


Apache for Windows 2000/2000 Server/XP/Server 2003/UNIX/Linux/Mac OS X

The following procedures describe how to create the "users/user_name/WebDAV" directory using the procedure for creating the directory under "C:/Program Files/Apache Group/Apache2" in the Windows file system as an example.


Remark
  • Apache 1.3 is provided with Mac OS X. If Apache is not installed in the computer you are using, install the version for the operating system you are using (downloadable from the Apache Software Foundation Web site at http://www.apache.org/.) before entering these settings. (See "System Requirements.") If you want to use SSL, install a version of Apache that supports SSL (downloadable from the Apache-SSL official Web site at http://www.apache-ssl.org/). After installing Apache, start it and confirm that the Apache service is working properly.
  • If you are using Mac OS X, root has ownership of the Apache setting file (/etc/httpd/httpd.conf). In this case, perform one of the following procedures before specifying the WebDAV settings. For more information, see the documentation provided with your Macintosh or the Apache Software Foundation Web site at http://www.apache.org/.
  • Obtain root access from the Terminal, using the sudo or su command
  • In the Finder, temporarily change the permissions for the Apache setting file to give permission to the user who will set the WebDAV server (return the permissions for the Apache setting file to their original values after setting the WebDAV server.)
  • Server authentication is required for sending to a WebDAV server. Enable authentication before using a WebDAV server. The authentication methods available for the server are the Basic and Digest authentication methods, and authentication errors will occur if you try to use another authentication method. If you set both the Basic and Digest authentication methods, the authentication method you set last will be enabled. Use the user names and passwords registered in the address book of the WebDAV server for authentication. For instructions on how to set authentication methods, see the Apache Software Foundation Web site at http://www.apache.org/.
  • The machine does not support sending to a Windows Vista computer using WebDAV. However, it is possible to view documents sent to the WebDAV server on the network from Windows Vista.

  1. Edit httpd.conf.
  • Erase # on the left of the line to enable the WebDAV modules.

Directive to be changed:

  • Before change
    #LoadModule dav_module modules/mod_dav.so
    #LoadModule dav_fs_module modules/mod_dav_fs.so
  • After change
    LoadModule dav_module modules/mod_dav.so
    LoadModule dav_fs_module modules/mod_dav_fs.so
  • Specify the server name.

Directive to be changed:

  • Before change
    #ServerName localhost:80
  • After change
    #ServerName localhost:80
    ServerName Apache-Server.ccm.canon.co.jp:80
  • Change the user directory.

Directive to be changed:

  • Before change
    UserDir "My Documents/My Website"
  • After change
    # UserDir "My Documents/My Website"
    UserDir "C:/Program Files/Apache Group/Apache2/users""
  • To enable the DAV function, add the following directive:

<Location /~user_name/WebDAV>

DAV On

</Location>

  1. After specifying the settings for SSL encrypted communication, configure httpd.conf so that the Apache service starts with SSL support.

For more information, see the Apache Software Foundation Web site at http://www.apache.org/.

  1. Restart Apache.
  1. Set a recipient address from the control panel of the machine.

Sample recipient settings:

  • Server side settings:
    Create the "users/user_name/WebDAV" directory under "C:/Program Files/Apache Group/Apache2" as the folder to send files to.
  • The machine's address settings:
<Protocol>: WebDAV
[Host Name]: https://Apache-Server.ccm.canon.co.jp/
[Folder Path]: /~user_name/WebDAV/
[User]: User name for the Basic and Digest authentication methods of the WebDAV server
[Password]: Password for the Basic and Digest authentication method of the WebDAV server

  • Up to 128 alphanumeric characters can be entered for [Host Name] on the control panel. Also, up to 255 alphanumeric characters can be entered for [Folder Path].
  • If you switch the language of the touch panel display, [Host Name] and [Folder Path] may not be displayed correctly.
  • If the language of the touch panel display differs from the computer used as a master browser, [Host name] and [Folder path] may not be displayed correctly, or you may not be able to browse the directories.
  • To send to an IPv6 host, set [Host Name] using the following format:
    <IPv6 address>:<Port number>
    Example: [5aed:90a0:bc05:01d2:568a:2fc0:0001:12ee]:21000


NetWare Network Setup Procedures

To use a NetWare network, it is necessary to perform the following procedures.


Specify the NetWare print service settings. (Optional equipment is required to print or send a fax from a computer. For the equipment needed, see "Optional Equipment and System Requirements.")
To specify the settings from the computer, use:

  • NWADMIN or PCONSOLE (Novell software provided with NetWare)
  • Canon utilities (NetSpot Device Installer, etc.)

Specify the protocol settings. To specify the settings, use:

  • The machine's control panel
  • The Remote UI (via a web browser)
  • Canon utilities (NetSpot Device Installer, etc.)

Specify the settings of each computer you use for printing or sending a fax. (Optional equipment is required to print or send a fax from a computer. For the equipment needed, see "Optional Equipment and System Requirements.")

Specify the settings of the computer receiving data sent from the machine. (Optional equipment is required to send data. For the equipment needed, see "Optional Equipment and System Requirements.")


Remark
  • You can specify the NetWare protocol settings if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, the optional Super G3 FAX Board, or the optional Color Universal Send Kit.
  • It is recommended that steps 1, 2, and 4 above be performed by the network administrator.
  • To configure settings with software other than the control panel of the machine, NWADMIN, PCONSOLE, or NetSpot Device Installer, TCP/IPv4 protocol must be supported by your network environment (IPv6 is not supported).


NetWare Print Service Settings

To print using a NetWare network, you need to specify print service settings, including print server and queue settings. You can use the software listed below to specify the print service settings from your computer.

  • NWADMIN or PCONSOLE (Novell software provided with NetWare)
  • Canon utilities (NetSpot Device Installer, etc.)

Remark
  • To specify the print service settings from NWADMIN or NetSpot Device Installer, the computer must have Novell Client (NetWare Client by Novell) installed.
  • The following procedures describe a sample NetWare setup. Depending on your environment, the actual setup procedure may differ.
  • You can specify the print server settings on the NetWare server and the print service settings of the machine at the same time, using NetSpot Device Installer. For instructions on how to specify the settings, see online help of NetSpot Device Installer.
  • For more information on NetSpot Device Installer, see "NetSpot Suite."


Types of Print Service

Before specifying print service settings, refer to the following descriptions to determine the type of print service you are using.


Remark
  • Normally with NetWare 4.x or later, it is recommended that you use NDS print service. With NetWare 3.2, it is recommended that you use Bindery print service. This category describes procedures for these two combinations only.
  • With NetWare 5.x, you can use NDPS (Novell Distributed Print Services). For NDPS settings, see the NetWare manual.
  • With NetWare 6, you can use iPrint print service. For iPrint settings, see the NetWare manual.

  • NDS (Novell Directory Service) and Bindery Mode

The machine network supports both the NDS and Bindery mode. Determine the appropriate mode according to the network environment you are using. (If you are using NetWare 3.2, only the Bindery mode is available.)

  • Queue Server Mode and Remote Printer Mode

The machine supports both the queue server mode and the remote printer mode.

  • Queue Server Mode
    If the machine is used in the queue server mode, all print server functions are provided by the machine itself; no other print server hardware or software is required. In the NDS queue server mode (NDS PServer), the NDS print server is used for printing. In the Bindery queue server mode (Bindery PServer), the Bindery print server is used for printing. In the queue server mode, a separate NetWare user operating license is required for each machine.
  • Remote Printer Mode
    In the remote printer mode, NetWare print server is required to control the printer. The machine prints using the NDS print server in the NDS remote printer mode (NPrinter), and the Bindery print server in the Bindery remote printer mode (RPrinter).


Setup Using NetWare Administrator or PCONSOLE


Using NetWare Administrator in the NDS Queue Server Mode or the Remote Printer Mode (NetWare 4.x or Later)

  1. Log in to NetWare as Administrator (or as a user of equivalent authority) → start NetWare Administrator → execute Quick Setup.
  • Select the container object for the printer object you want to create → click [Print Services Quick Setup] on the [Tools] menu.
  1. Specify the [Print Server name], [Printer], and [Print Queue] settings.
  • Enter the print server name in [Print Server name].

To use an existing print server, click the button to the right of [Print Server name] → select a print server from the list box. Be sure to remember the name of the print server. You need it to specify the machine's protocol settings.

  • Under [Printer], enter the printer name in [Name].
  • If you are using the queue server mode, select [Other/Unknown] from [Type].
  • If you are using the remote printer mode, select [Parallel] from [Type] → click [Communication] to open the [Parallel Communication] dialog box.

Select [LPT1] from [Port], and [Manual load] under [Connection type]. Under [Interrupts], specify the appropriate setting for your environment → click [OK] to close the [Parallel Communication] window.

  • Under [Print Queue], enter the queue name in [Name].
  • In [Volume], enter the volume in which the queue is placed.

To use an existing print server, click the button to the right of [Volume] → select a print server from the list box.

  • Click [Create] → exit NetWare Administrator.
  1. If you are using the remote printer mode, start the print server.
  • If you are using the NetWare file server as a print server, enter <Load PSERVER.NLM> in the file server → press [ENTER] on the keyboard.


Using PCONSOLE in the Queue Server Mode or Remote Printer Mode in the Bindery Mode (NetWare 3.2)

  1. Log in to NetWare as Supervisor → start PCONSOLE.
  1. If you have not set up a print server yet, set up the print server.
  • On the [Available Options] menu, select [Print Server Information] → press [ENTER] on the keyboard.
  • Press [INSERT] on the keyboard.
  • Enter the name of the print server you are setting up → press [ENTER] on the keyboard.

Be sure to remember the name of the print server. You need it to specify the printer's protocol settings.

  • Press [ESC] on the keyboard to return to the [Available Options] menu.
  1. Set up a Queue, and then assign the print server to the queue.
  • On the [Available Options] menu, select [Print Queue Information] → press [ENTER] on the keyboard.
  • Press [INSERT] on the keyboard.
  • Enter the name of the queue you are setting up → press [ENTER] on the keyboard.
  • Select the name of the queue you specified → press [ENTER] on the keyboard.
  • Select [Queue Servers] → press [ENTER] on the keyboard.
  • Press [INSERT] on the keyboard.
  • Select the print server you set up in step 2 → press [ENTER] on the keyboard.
  • Press [ESC] on the keyboard repeatedly until you return to the [Available Options] menu.
  1. Assign the printer to the print server.
  • On the [Available Options] menu, select [Print Server Information] → press [ENTER] on the keyboard.
  • Select the print server you set up in step 2 → press [ENTER] on the keyboard.
  • Select [Print Server Configuration] → press [ENTER] on the keyboard.
  • Select [Printer Configuration] → press [ENTER] on the keyboard.
  • From [Configured Printers], select the number of the printer you want to use → press [ENTER] on the keyboard.
  1. Specify the printer name, type, etc.
  • In [Name], enter the name you want to use for the printer → press [ENTER] on the keyboard.
  • If you are using the queue server mode, select [Defined elsewhere] from [Type]. If you are using the remote printer mode, select [Remote Parallel, LPT1] from [Type].
  • Specify the remaining items → press [ESC] on the keyboard.
  • In the confirmation box that opens, select [Yes] → press [ENTER] on the keyboard.
  • Press [ESC] on the keyboard to return to the [Print Server Configuration] Menu.
  1. Assign a queue to the printer.
  • Select [Queues Serviced by Printer] → press [ENTER] on the keyboard.
  • Select the name of the printer you set up in step 5 → press [ENTER] on the keyboard.
  • Press [INSERT] on the keyboard.
  • Select the queue you set up in step 3 → press [ENTER] on the keyboard.
  1. Press [ESC] on the keyboard repeatedly until you return to the [Exit PCONSOLE] window → select [Yes] to quit PCONSOLE.
  1. If you are using the remote printer mode, start the print server.
  • If you are using a dedicated print server, enter <PSERVER.EXE> → enter the print server name on the print server → press [ENTER] on the keyboard.
  • If you are using a NetWare file server as a print server, enter <LOAD PSERVER.NLM (print server name)> on the file server → press [ENTER] on the keyboard.


Protocol Settings

This section describes how to specify the protocol settings for the machine using the control panel. If you are configuring the settings for the first time, use the control panel of the machine.

After configuring the settings, you can change them using software other than the control panel of the machine. For details, see "Network Setting Items."


  1. On the Network Settings screen, press [NetWare Settings] → specify the following.

<NetWare>: [On]

Select the frame type for your environment from the Frame Type drop-down list. If you select [Auto Detect], the frame type is automatically determined.

Select the print service specified in "NetWare Print Service Settings," from the Print Service drop-down list. The following print services are available:

  • [Bindery PServer]:Used in the queue server mode (Bindery mode print service).
  • [RPrinter]:Used in the remote printer mode (Bindery mode print service).
  • [NDS PServer]:Used in the queue server mode (NDS print service).
  • [NPrinter]:Used in the remote printer mode (NDS print service).
  • If [NetWare Settings] is not displayed, consult your local authorized Canon dealer.
  1. Press [Settings] → specify the print service details.

Specify the same tree, context, file server, and print server names that you specified in "NetWare Print Service Settings." (Settings differ depending on the print service. For print service settings, see "Network Setting Items.")

You can specify the print service settings either by selecting the desired options from the list on the screen that appears when you press [Browse], or by entering the desired character string for each item.

  • If you want to use [Browse] to specify each item, make sure you press [Browse] after the expiration of the time specified in "Startup Time Settings."

  • Press [Skip Log In] in the Browse screen.

If the browse right is not limited to the specific user, you can specify the print service without having to log in to NetWare.

  • Select the tree to which the desired print server belongs → select the context to which the desired print server belongs → select the desired print server.
  • For NDS PServer, specify each item on the screen for setting NDS PServer if necessary.

  • In the Browse screen, press the tree to which you want to log in → select the context to which you want to log in.
  • Press [Log In] → in the Enter Network Password screen, enter the name and password of a user to whom the browse right is granted.

If the browse right is limited to the specific user, it is necessary to log in to NetWare as a user to whom the browse right is granted.

Enter a user name prefixed with 'CN='. If the password is not specified, leave [Password] blank.

  • Select the tree to which the desired print server belongs → select the context to which the desired print server belongs → select the desired print server.
  • For NDS PServer, specify each item on the screen for setting NDS PServer if necessary.

  • In the Browse screen, select the file server to which the desired print server belongs.
  • In the Enter Network Password screen, enter the name and password of a user on the file server.

If the password is not specified, leave [Password] blank.

  • Select the desired print server.
  • Specify each item on the screen for setting Bindery PServer if necessary.

  • In [Tree], enter the name of the tree to which the desired print server belongs → in [Context], enter the name of the context to which the desired print server belongs → in [Print Server], enter the name of the desired print server.

  • For NDS PServer, specify each of the other items if necessary.

  • In [File Server], enter the name of the file server to which the desired print server belongs → in [Print Server], enter the name of the desired print server.
  • For Bindery PServer, specify each of the other items if necessary.


Setting Up a Computer for Printing/Sending a Fax

After you have completed specifying the NetWare print service settings and printer protocol settings, you are ready to set up each of the computers for printing or sending a fax.


Remark


Connecting to a NetWare Network

In order to use a NetWare network, all computers that will perform printing or sending a fax need to have NetWare client software installed. For details, see your NetWare and operating system manuals.



Printer Connection Method

Install the driver according to the following procedures indicated in the manual for each driver.

  • If you want to use the UFR II/PCL/PS printer driver
  • See the procedure for standard installation in the Printer Driver Installation Guide.
  • If you want to use the fax driver
  • See the procedure for standard installation in the Fax Driver Installation Guide.

When the dialog box for selecting the port appears during installation, click [Use Network Printer] → [Settings]. From the list, select the print queue that you created in "NetWare Print Service Settings."



Setting Up a Computer as a File Server

To send data from the machine to a computer on your network, you need to specify the settings of the computer for receiving data.

This section describes how to set up a computer as a file server.


Remark
  • To send a file to the NetWare server, specify the following NetWare settings for the machine. For instructions on how to specify the protocol settings, see "Protocol Settings."
  • <NetWare>: [On]
  • <Frame Type>: Frame type suitable for your environment
  • This section describes only the procedures for setting up a computer receiving data sent from the machine. To send data from the machine to a server on the network, you must enter an address setting from the control panel. For instructions on how to specify recipient address settings, see "Using the Main Unit to Send/Receive."
  • In some environments, additional detailed settings, such as authority settings, may be required. For details, consult the network administrator of the environment you are using.

  1. Log in to NetWare as Administrator (or as a user of equivalent authority) → set up the users and passwords for sending data from the machine.

Enter a user name, and a password not longer than 24 alphanumeric characters.

  1. Create a directory to be used for recipient addresses, and then enable read access and write access by the users who will be sending data.
  1. Set a recipient address from the control panel.

There are two methods for specifying the recipient address; selecting the desired address from the list that appears when you press [Browse], or entering the address using the keyboard on the touch panel display.

Sample recipient settings: NDS Mode Example

If you send data to the "data" directory under "share_vol" in the above tree structure, the settings of the host name and the folder path differ depending on the location of a user account.

  • Example 1 If "SALES_JP" contains the user account "jenkins"
[Host Name]: SALES_JP.SALES.TREE=CANON
[Folder Path]: share_vol\data
[User]: CN=jenkins
[Password]: (Password for the above user)
  • Example 2 If "SALES_US" contains the user account "john"
[Host Name]: SALES_US.SALES.TREE=CANON
[Folder Path]: share_vol.SALES_JP.\data (One dot is required before \data.)
[User]: CN=john
[Password]: (Password for the above user)
  • Example 3 If "SALES" contains the user account "smith"
[Host Name]: SALES.TREE=CANON
[Folder Path]: share_vol.SALES_JP\data
[User]: CN=smith
[Password]: (Password for the above user)
  • Example 4 If "Tokyo" contains the user account "edwards"
[Host Name]: Tokyo.MARKETING.TREE=CANON
[Folder Path]: share_vol.SALES_JP.SALES..\data (Two dots are required before \data.)
[User]: CN=edwards
[Password]: (Password for the above user)

Sample recipient settings: Bindery Mode Example:

  • Server side settings:
[File Server Name]: TOPMAX_SERVER

Set \CSG in the SYS volume as the recipient.

  • The machine's address settings:
<Protocol>: NetWare (IPX)
[Host Name]: TOPMAX_SERVER
[Folder Path]: SYS\CFG
[User]: (User name entered in step 1)
[Password]: (Password for the above user)
  • If you want to use [Browse] to specify each item, make sure you press [Browse] after the expiration of the time specified in "Startup Time Settings."
  • Up to 128 alphanumeric characters can be entered for [Host Name] on the control panel. Also, up to 255 alphanumeric characters can be entered for [Folder Path].
  • If you change the language of the touch panel display, [Host Name] and [Folder Path] may not be displayed correctly, or you may not be able to browse the directories.
  • In NDS mode, note the following:
  • For the host name, specify the context by which a user logs in.
  • For the folder path, specify the relative path from the user context. You may omit the "xx=" portion, but the ".TREE=" portion with the tree name may not be omitted.
  • Enter a user name prefixed with "CN=."
  • Unless the same directory tree contains the user account name by which a user logs in and the volume object to which data is sent, dots are required according to the layer of the relative path. For example, one dot is required to indicate the layer one level above (Example 2), and two dots are required to indicate the layer two levels above (Example 4).


NetBIOS Network Setup Procedures

To use a NetBIOS network, it is necessary to perform the following procedures.


Specify the protocol settings. To specify the settings, use:

  • The machine's control panel
  • The Remote UI (via a web browser)

Specify the settings of each computer you use for printing or sending a fax. (Optional equipment is required to print or send a fax from a computer. For the equipment needed, see "Optional Equipment and System Requirements.")

Specify the settings of the computer receiving data sent from the machine. (Optional equipment is required to send data. For the equipment needed, see "Optional Equipment and System Requirements.")


Remark
  • It is recommended that steps 1 and 3 above be performed by the network administrator.
  • The only base protocol supported by the machine for NetBIOS networks is TCP/IPv4. TCP/IPv6 and NetBEUI are not supported (SMB is used as a print application).


Protocol Settings

This section describes how to specify the protocol settings for the machine using the control panel. If you are configuring the settings for the first time, use the control panel of the machine.

After configuring the settings, you can change them using software other than the control panel of the machine. For details, see "Network Setting Items."



TCP/IP Settings (IPv4)

  1. Specify the TCP/IPv4 settings.

If you have not entered the TCP/IPv4 settings yet, enter them now. (For more information, see "TCP/IPv4 Settings," or "Settings Common to TCP/IPv4 and TCP/IPv6.")

  • IPv6 is not supported.


SMB and WINS Settings

To use the machine on a NetBIOS network, specify the SMB settings. To resolve a name with WINS, specify the WINS settings using the following procedure.

To specify the SMB settings, you need to use the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, the optional PCL Printer Kit, the optional PS Printer Kit, the optional Super G3 FAX Board, or the optional Color Universal Send Kit.

WINS (Windows Internet Name Service) is a service for associating a NetBIOS name (which is a computer name or printer name on a NetBIOS network) with an IP address. To use WINS, specify the IP address settings for the WINS server.


  1. On the Network Settings screen, press [SMB Server Settings] → specify the following.

[On] for <Use SMB Server>: You can use the SMB server.

In [Server], enter the name of a computer that the machine connects to, using the keyboard on the touch panel display. Be sure to enter a unique name that does not exist as a name for another computer or printer on the same network.

In [Workgroup], enter the name of the workgroup the machine belongs to, using the keyboard on the touch panel display. If there is no workgroup on your environment, create a workgroup in the Windows environment, and then enter the workgroup name.

In [Comment], enter a comment about the printer, if necessary. If you display the printer information, the comment you specified here appears.

If you want the machine to notify the LAN Manager of its existence on the network, press [On] for <LM Announce>. If the LAN Manager does not have to refer to the machine, you can control the traffic over your network by selecting [Off].

To set up an SMB printer, press [SMB Printer Settings] → [On] for <Use SMB> → enter the printer name of the machine in [Printer].

  • You cannot enter the domain name as the workgroup name.
  • You cannot enter a character string that includes blanks in [Server] and [Workgroup].
  • You cannot enter a character string including blanks in [Printer].
  1. On the TCP/IP Settings screen, press [WINS Configuration] → specify the following.

[On] for <WINS Resolution>: You can resolve the name with WINS. Enter the IPv4 address of a WINS server in [WINS Server Address].

Enter the [Scope ID] settings if a scope ID is set on the computer in the network environment you are using. The scope ID is an identifier for determining the range available to a printer or computer. The scope ID set here is used regardless of the setting for <WINS Resolution>.

  • If DHCP determines the IPv4 address, the IPv4 address obtained from a DHCP server is overwritten with the IPv4 address of a WINS server (obtained from the DHCP server), whenever possible.
  • If you set a scope ID, the machine cannot communicate with any computer whose scope ID is different from the scope ID you set here.
  • If a scope ID is not set on any of the computers in your network environment, leave [Scope ID] blank.


Setting Up a Computer for Printing/Sending a Fax

After you have completed the protocol settings, you are ready to set up each of the computers for printing or sending a fax.


Remark


Connecting to a TCP/IP Network

All computers that use the machine for printing or sending a fax must have TCP/IP client software installed and must be enabled for TCP/IP network use. For details, see the manuals provided with your operating system.



Connecting to a NetBIOS Network

All computers that use the machine for printing or sending a fax must be enabled for NetBIOS network use.

The setup procedures differ depending on your operating system. See the procedures below to set the computers.

  • Mac OS X 10.3 or later: See the documentation provided with your Macintosh.

Remark
  • The following procedures describe a sample NetBIOS setup. Depending on your environment, the actual setup procedure may differ.


Windows 2000/XP/Server 2003/Vista

The following is the procedure for specifying a NetBIOS network with Windows 2000/XP/Server 2003/Vista.

In the following procedures, items displayed on the screens for Windows 2000 are used. The items displayed may differ according to your operating system.


Remark
  • If you are using Windows Vista, a dialog box may be displayed while you are performing the procedure. In this case, enter a user name and password. For more information, see the manuals provided with the operating system.

  1. In the [Local Area Connection Properties] dialog box, select [Client for Microsoft Networks] and [Internet Protocol (TCP/IP)].

  1. Double-click [Internet Protocol (TCP/IP)] to open the [Internet Protocol (TCP/IP) Properties] dialog box.
  1. On the [General] sheet, click [Advanced] → on the [WINS] sheet, select [Enable NetBIOS over TCP/IP].
  1. Restart the computer if prompted.


Printer Connection Method


Windows 2000/XP/Server 2003/Vista

Remark
  • If you are using Windows Vista, a dialog box may be displayed while you are performing the procedure. In this case, enter a user name and password. For more information, see the manuals provided with the operating system.

  1. Check the settings for both <RX/Print Range> and <Setting/Browsing Range> in [IP Address Range Settings] on the IPv4 Settings screen, to see whether the IPv4 address of the computer in which a driver is to be installed is permitted. See step 8 in "TCP/IPv4 Settings."
  • If the settings for both <RX/Print Range> and <Setting/Browsing Range> in [IP Address Range Settings] on the IPv4 Settings screen do not permit the IPv4 address, you cannot install a driver.
  • If the IPv4 address of the computer is beyond the range of the permitted addresses set for <RX/Print Range> after installing a driver, you cannot print or send a fax from the computer.
  1. Install the driver.

Install the driver according to the following procedures indicated in the manual for each driver.

  • If you want to use the UFR II/PCL/PS printer driver
    See the procedure for standard installation in the Printer Driver Installation Guide.
  • If you want to use the fax driver
    See the procedure for standard installation in the Fax Driver Installation Guide.

When the dialog box for selecting the port appears during installation, click [Use Network Printer] → [Settings]. From the list, select [Workgroup], [Server], and [Printer] you set in "SMB and WINS Settings."



Mac OS X 10.3 or later

If you are using the optional PS Printer Kit, and a PS printer driver provided by Apple Inc., you can use SMB as the print application. After installing the PPD file according to Chapter 10, "Before Printing from Computers," in Getting Started, specify the print settings according to the instructions in the documentation provided with your Macintosh.



Setting Up a Computer as a File Server

To send data from the machine to a computer on your network, you need to specify the settings of the computer for receiving data. You can send data over a NetBIOS network to a Windows or Samba (UNIX/Linux/Mac OS X) shared folder. This section describes how to configure a shared folder.


Remark
  • Samba 2.2.8a or later is supported.
  • This section describes only the procedures for setting up a computer receiving data sent from the machine. To send data from the machine to a server on the network, you must enter an address setting from the control panel. For instructions on how to specify recipient address settings, see "Using the Main Unit to Send/Receive."
  • The following procedures describe a sample shared folder configuration. Depending on your environment, the actual configuration procedure may differ.


Connecting to a TCP/IP Network

A computer that receives data sent from the machine must have TCP/IP client software installed and must be enabled for TCP/IP network use. For details, see the manuals provided with your operating system.

You can send data over a TCP/IP network from the machine to an FTP server. For instructions on how to set up an FTP server, see "Setting Up a Computer as a File Server."



Connecting to a NetBIOS Network and Configuring a Shared Folder


Windows 2000/XP/Server 2003/Vista

It is recommended that the file server be configured by the network administrator.

The number of users or clients that can access a server running Windows 2000/XP/Server 2003/Vista is limited. After this number of users or clients is reached, it is not possible to send to a server running Windows 2000/XP/Server 2003/Vista.

In the following procedures, items displayed on the screens for Windows 2000 are used. The items displayed may differ according to your operating system.


Remark
  • If you are using Windows Vista, a dialog box may be displayed while you are performing the procedure. In this case, enter a user name and password. For more information, see the manuals provided with the operating system.

  1. Log on to Windows as an Administrator → in the [Local Area Connection Properties] dialog box, select all [Client for Microsoft Networks], [File and Printer Sharing for Microsoft Networks], and [Internet Protocol (TCP/IP)].

  1. Double-click [Internet Protocol (TCP/IP)] to open the [Internet Protocol (TCP/IP) Properties] dialog box.
  1. On the [General] sheet, click [Advanced] → on the [WINS] sheet, click [Enable NetBIOS over TCP/IP].
  1. Restart the computer if prompted.
  1. Confirm the computer name.

If you are using Windows 2000, right-click the [My Computer] icon → click [Manage] to open the [Computer Management] window. Right-click the [Computer Management (Local)] icon → click [Properties] to open the [Computer Management (Local) Properties] dialog box. On the [Network Identification] sheet, confirm the [Computer name] setting.

If you are using Windows XP/Server 2003, right-click [My Computer] → click [Properties] → on the [Computer Name] sheet, click [Change]. In the [Computer Name Changes] dialog box, click [More] to open the [DNS Suffix and NetBIOS Computer Name] dialog box → confirm [NetBIOS computer name].

If you are using Windows Vista, perform the same operation as with other operating systems to open the [DNS Suffix and NetBIOS Computer Name] dialog box → confirm the name in [NetBIOS computer name].

  1. Right-click the [My Computer] icon → click [Manage] to open the [Computer Management] window → under [System Tools], in [Local Users and Groups], from the [Users] folder, click [New User].

  1. In the [New User] dialog box, enter the user name in [User name] → enter the password in [Password] → re-enter the password in [Confirm Password] → click [Create].

Enter a user name not longer than 20 alphanumeric characters, and a password not longer than 14 alphanumeric characters.

If [User must change password at next logon] is selected, any new users added must change their passwords in order to send data from the machine. (You cannot change the password from the control panel.)

  • In an Active Directory environment, the procedures for setting up users differ from the above. For details, see the Windows manual.
  1. Open the properties dialog box of the folder you want to share → on the [Sharing] sheet, click [Share this folder] → enter the share name in [Share name].

  1. Set permissions.

  • Click [Permissions] to display the dialog box.

Select or add the users or groups to whom you want to give access to the shared folder → under [Permissions], select both [Change] and [Read].


  • Display the [Security] sheet.

Select or add the users or groups to whom you want to give access to the shared folder → under [Permissions], select both [Write] and [Read & Execute], or a higher access authority. For data in the folder, check both [Write] and [Read], or a higher access authority.

  • To display the [Security] tab in Windows XP, open Folder Options → deselect [Use simple file sharing]. However, you can share folders and files with [Use simple file sharing] selected. Select or deselect [Use simple file sharing] to suit your environment. For more information, see the manual provided with Windows XP.
  • In the Active Directory environment, the procedures for specifying the security settings of the shared folder differ from above. For more information, see the Windows manual.
  1. Set a recipient address using the control panel.

There are three methods for specifying the recipient address; selecting the desired address from the list that appears when you press [Browse], searching for the address by pressing [Host Search], or entering the address using the keyboard on the touch panel display.

Sample recipient setting:

  • Server side settings (set and confirmed in the above step.):
[Computer name]: swan
[Share Name]: share
Create a folder called 'Images' within share, and then specify Images as the recipient for sending.
  • The machine's Recipient Settings:
<Protocol>: Windows (SMB)
[Host Name]: \\swan\share (Shared folder path)
[Folder Path]: \Images
[User]: User name entered in the above step.
[Password]: Password for the above user.

  • If you want to use [Browse] to specify each item, make sure you press [Browse] after the expiration of the time specified in "Startup Time Settings."
  • Up to 128 alphanumeric characters can be entered for [Host Name] on the control panel. Also, up to 255 alphanumeric characters can be entered for [Folder Path].
  • If you change the language of the touch panel display, [Host Name] and [Folder Path] may not be displayed correctly, or you may not be able to browse the directories.
  • If the language of the touch panel display differs from the computer used as a master browser, [Host Name] and [Folder Path] may not be displayed correctly, or you may not be able to browse the directories.
  • You can send data using the following formats. A DNS server is required for the latter case:
    \\192.168.2.100\share
    \\host_name.organization.company.com\share
  • You can also specify the user name in the address using the following formats:
  • domain_name\user_name (up to 15 alphanumeric characters for the domain name, and up to 20 for the user name)
  • user_name@organization.company.com (up to 128 characters in total)
    Note that the latter is only applicable when sending to a Windows 2000/XP/Server 2003/Vista computer that belongs to a domain containing Windows 2000/Server 2003/Vista domain controllers.


Samba (UNIX/Linux/Mac OS X)

Samba 2.2.8a or later is supported.

In some environments, detailed settings may be required in order to use the Samba. For details, consult your network administrator.


  1. Set up the users who access the Samba shared folder, and their passwords.

Set a user name not longer than 20 alphanumeric characters, and a password not longer than 14 alphanumeric characters.


  • Log in to a workstation as a superuser, and set the user name and password.

  • See the documentation provided with your Macintosh to set the user name and password.

  1. Set a recipient address using the control panel.

There are three methods for specifying the recipient address; selecting the desired address from the list that appears when you press [Browse], searching for the address by pressing [Host Search], or entering the address using the keyboard on the touch panel display.

Sample recipient setting:

  • Server side settings:
[Computer name]: swan
[Share Name]: share
Create a folder called 'Images' within share, and then specify Images as the recipient for sending.
  • The machine's recipient settings:
<Protocol>: Windows (SMB)
[Host Name]: \\swan\share (Shared folder path)
[Folder Path]: \Images
[User]: User name entered in the above step.
[Password]: Password for the above user.
For a sample screen, see the example of Windows 2000/XP/Server 2003/Vista screen.
  • If you use [Browse] to specify each item, press [Browse] after the expiration of the time specified in "Startup Time Settings."
  • Up to 128 alphanumeric characters can be entered for [Host Name] on the control panel. Also, up to 255 alphanumeric characters can be entered for [Folder Path].
  • If you change the language of the touch panel display, [Host Name] and [Folder Path] may not be displayed correctly, or you may not be able to browse the directories.
  • If the language of the touch panel display differs from the computer used as a master browser, [Host name] and [Folder path] may not be displayed correctly, or you may not be able to browse the directories.
  • You can send data using the following formats. A DNS server is required for the latter case.
    \\192.168.2.100\share
    \\host_name.organization.company.com\share
  • You can also specify the user name in the address using the following format.
  • domain_name\user_name (up to 15 alphanumeric characters for the domain name, and up to 20 for the user name)


AppleTalk Network Setup Procedures

To print via an AppleTalk network, it is necessary to perform the following procedures.


  • 1 Macintosh Network Settings

To specify AppleTalk network settings, enable AppleTalk according to the instructions in the documentation provided with your Macintosh.

Specify the protocol settings. To specify the settings, use:

  • The machine's control panel
  • The Remote UI (via a web browser)
  • Canon utilities (NetSpot Device Installer, etc.)

Specify the settings for each computer you use for printing.


Remark
  • You can only specify the AppleTalk protocol settings if you are using the optional UFR II Printer Kit, the optional UFR II/PCL Printer Kit, or the optional PS Printer Kit.
  • It is recommended that the network administrator perform step 2.


Protocol Settings

This section describes how to specify the protocol settings for the machine using the control panel. If you are configuring the settings for the first time, use the control panel of the machine.

After configuring the settings, you can change them using software other than the control panel of the machine. For details, see "Network Setting Items."


Remark

  1. On the Network Settings screen, press [AppleTalk Settings] → specify the following.

[On] for <AppleTalk>: You can use the AppleTalk network.

In [Service Name], enter a name for the printer not longer than 32 characters. The name you enter here appears on the Macintosh screen.

If you are using a network that is set up in zones, enter the name of the zone in [Zone].

  • If there is more than one printer in the same zone, each printer must have a unique name.
  • You can also enter a zone name by pressing [Browse] and selecting the appropriate name from the displayed list.


Setting Up a Computer for Printing

After you have completed the machine protocol settings, install the printer driver on the Macintosh that will do the printing, and then make the settings for the print destination.

Specify the following settings according to the instructions in the manual for each driver.


Remark

  • If you want to use the UFR II printer driver

1. Installation of the UFR II printer driver
See the Mac UFR II Driver Guide.

2. Print settings
Set the machine as the print destination.

  • If you want to use a PS printer driver provided by Apple Inc. with the Mac OS

1. Installation of the PPD file
See Chapter 10, "Before Printing from Computers," in Getting Started.

2. Print settings
Set the machine as the print destination.

3. Selection of the printer name
Select either of the following names displayed in the Macintosh screen. ('xxx' indicates the name of the printer entered in [Service Name].)

  • [xxx_D]: the print job is printed without spooling to the hard disk of the machine.
  • [xxx_S]: the print job is printed after it has been spooled to the hard disk of the machine.


Network Connection Problems and Remedies

This section describes the causes of network connection problems, and how to resolve them.


Unable to Set up a Network

<Check the network connection.> is displayed on the control panel.

The machine automatically connects to a destination other than the intended destination via its dial-up access (when a dial-up router is connected to your network).

Detailed information concerning the machine cannot be set or browsed using the Remote UI or utility.

Unable to Set up a Network

Cause

[Change Settings/Display Connection Confirm.] is set to 'Off'.

Remedy

Set [Change Settings/Display Connection Confirm.] to 'On'.

<Check the network connection.> is displayed on the control panel.

Cause 1

The machine and cable are not properly connected.

Remedy

Turn OFF the machine's power switches, check that the machine is connected to the network using the proper cable, and then turn them ON. (See "Connecting the Machine to a Computer or Network.")

Cause 2

[Change Settings/Display Connection Confirm.] is set to 'On', although the machine is not connected to a network.

Remedy

Set [Change Settings/Display Connection Confirm.] to 'Off'.

The machine automatically connects to a destination other than the intended destination via its dial-up access (when a dial-up router is connected to your network).

Cause

The machine periodically or temporarily communicates with devices on your network. If a dial-up router or NetWare file server is on the network to which the machine is connected, the machine connects to a destination other than the intended destination, depending on the settings of the machine or dial-up router. This may result in subscriber line charges and call charges.
Examples:

  • The file or mail server's host name or IP address set on the machine does not exist on the network.
  • The DNS server exists on an external network.
  • You attempt to access a device connected to an external network, if the device's information is set on the DNS server on the network to which the machine is connected.
Remedy

Check the following:

  • If the dial-up router does not have to send packets via broadcast, change the router settings to ensure that it sends packets via a method other than broadcast. If dial-up router has to send packets via broadcast, check that the settings are correct.
  • Check that the file or mail server's host name or IP address set on the machine is correct.
  • If you attempt to access a device on the network to which the machine is connected, with the DNS server on an external network, set the destination using an IP address, not a host name.
  • If information about a device on an external network is set on the DNS server on the network to which the machine is connected, check the settings.

Detailed information concerning the machine cannot be set or browsed using the Remote UI or utility.

Cause 1

The IP addresses of computers on which the Remote UI or utility is used are not allowed in <Setting/Browsing Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen.

Remedy

If the settings for <Setting/Browsing Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen do not permit the IP address of a computer on which the Remote UI or utility is used, you cannot specify machine setting items or browse information on the machine. Check the settings for <Setting/Browsing Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen. (See step 8 in "TCP/IPv4 Settings," or step 6 in "TCP/IPv6 Settings.")

Cause 2

<Use SNMP v. 1> or [Enable Dedicated Port Settings] is set to 'Off'.

Remedy

Set <Use SNMP v. 1> and [Enable Dedicated Port Settings] to 'On'. (See "Communication Environment Setup.")

Cause 3

The SNMP community name does not match.

Remedy

If you use an SNMP community name different from the one stored in the machine to access the machine from a utility, the utility will not detect the machine. In this case, check the SNMP community name. (See "Communication Environment Setup.")

Cause 4

Invalid cache data is remaining.

Remedy

If the Remote UI does not start properly and an error message is displayed on your Web browser, delete the cache files.



Printing Problems and Remedies

This section describes how to resolve basic printing problems.


Unable to Install a Driver (TCP/IP Network)

Unable to Install a Driver (NetBIOS Network)

Unable to Print from a TCP/IP Network

Unable to Print from a NetWare Network

Unable to Print from a NetBIOS Network (Windows)

Unable to Print from an AppleTalk Network

Unable to Install a Driver (TCP/IP Network)

Cause

The IP address of the computer in which a driver is to be installed is not permitted by the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen.

Remedy

If you want to use TCP/IP for printing and the IP address of the computer in which a driver is to be installed is not permitted by the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen, the driver cannot be installed successfully. Check the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen. (See step 8 in "TCP/IPv4 Settings," or step 6 in "TCP/IPv6 Settings.")

Unable to Install a Driver (NetBIOS Network)

Cause

The IPv4 address of the computer in which a driver is to be installed is not permitted by the settings for both <RX/Print Range> and <Setting/Browsing Range> in [IP Address Range Settings] on the IPv4 Settings screen.

Remedy

If you are using a NetBIOS network and the IPv4 address of the computer in which a driver is to be installed is not permitted by the settings for both <RX/Print Range> and <Setting/Browsing Range> in [IP Address Range Settings] on the IPv4 Settings screen, the driver cannot be installed successfully. Check the settings for both <RX/Print Range> and <Setting/Browsing Range> in [IP Address Range Settings] on the IPv4 Settings screen. (See step 8 in "TCP/IPv4 Settings.")

Unable to Print from a TCP/IP Network

Cause 1

The machine and cable are not properly connected.

Remedy

Turn OFF the machine's power switches, check that the machine is connected to the network using the proper cable, and then turn them ON. (See "Connecting the Machine to a Computer or Network.")

Cause 2

TCP/IP network is not properly set up.

Remedy

Check the following:

  • Confirm that the IPv4 addresses are properly set up. If the IPv4 addresses were set using DHCP, BOOTP, or RARP, confirm that they are operating.
  • Confirm that the IPv6 addresses are properly set up. After checking the settings of the router, set <Use Stateless Address> to 'On' to confirm whether you can obtain an address. If the IPv6 addresses were set using DHCPv6, confirm that DHCPv6 is operating.
  • Your computer may not be able to recognize the machine even though the IP address settings are appropriate. This problem may be resolved by delaying the startup of network communications for the machine. (See "Startup Time Settings.")
Cause 3

The computer that is printing is not properly set up. (Windows)

Remedy

Check the following:

  • Confirm that the proper printer driver is installed. If you are printing from Windows, each computer must have a printer driver installed. For instructions on how to install printer drivers, see Getting Started.
  • Confirm that the correct printer is set as the output destination for the computer that is printing. Check the output destination in [Printer] in [Control Panel].
Cause 4

The computer that is printing is not properly set up. (Macintosh)

Remedy

Check the following Macintosh settings:

  • Confirm that the proper printer driver is installed.
  • Confirm that the proper printer has been selected as the destination.
  • Confirm that [AppleTalk] is active.
  • Confirm that the AppleTalk connection method is EtherTalk or Ethernet.
Cause 5

The name of the file being printed is too long.

Remedy

Normally LPR sends jobs either under the name of the application software used for printing or under the file name. However, a job name longer than 255 characters cannot be sent to the printer. To correct this problem, rename the file with a shorter name.

Cause 6

The IP address of the computer from which data (print/fax/I-fax job) is to be sent to the machine is not permitted by the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 or IPv6 Settings screen.

Remedy

Check the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv6 Settings screen. (See step 8 in "TCP/IPv4 Settings," or step 6 in "TCP/IPv6 Settings.")

Cause 7

An error message is displayed on the touch panel display of the machine.

Remedy

After confirming the error message, see "Problem Solving," and perform the necessary operations according to the error message displayed.

Unable to Print from a NetWare Network

Cause 1

The machine and cable are not properly connected.

Remedy

Turn OFF the machine's power switches, check that the machine is connected to the network using the proper cable, and then turn them ON. (See "Connecting the Machine to a Computer or Network.")

Cause 2

The NetWare network is not properly set up.

Remedy

Check the following:

  • Confirm that the NetWare file server is running.
  • Confirm that there is sufficient disk space on the NetWare file server. Large files cannot be printed if there is insufficient disk space.
  • Start NWADMIN or PCONSOLE, and then confirm that the print queue is set up properly and is active.
  • Confirm that the network settings of the machine are correctly set. (See "Protocol Settings.") Check the following in particular:
  • A valid frame type is selected from the Frame Type drop-down list.
  • [Print Server] and [Printer Number] are correctly specified.
  • Your computer may not be able to recognize the machine, even though the IP address settings are appropriate. This problem may be resolved by delaying the startup of network communications for the machine. (See "Startup Time Settings.")
Cause 3

The computer that is printing is not properly set up.

Remedy

Check the following:

  • Confirm that the proper printer driver is installed. If you are printing from Windows, each computer must have a printer driver installed.
  • For instructions on how to install printer drivers, see Getting Started.
  • Confirm that the correct printer is set as the output destination for the computer that is printing. Confirm the output destination in [Printer] in [Control Panel].
Cause 4

If you are using an NDS PServer or Bindery PServer and the print server has a password setting, the machine's password setting is incorrect.

Remedy

Perform the following steps to correct the machine's password setting:

  • Confirm the password in the NetWare print server for printing on the machine.
  • Press (Additional Functions) → [System Settings] → [Network Settings] → [NetWare Settings] to open the NetWare Settings screen.
  • Press [Settings] → enter a valid password in [Print Server Password]. (The setting becomes effective when the machine is restarted.)
Cause 5

An error message is displayed on the touch panel display of the machine.

Remedy

After confirming the error message, see "Problem Solving," and perform the necessary operations according to the error message displayed.

Unable to Print from a NetBIOS Network (Windows)

Cause 1

The machine and cable are not properly connected.

Remedy

Turn OFF the machine's power switches, check that the machine is connected to the network using the proper cable, and then turn them ON. (See "Connecting the Machine to a Computer or Network.")

Cause 2

TCP/IP network is not properly set up.

Remedy

On the assumption that the TCP/IP is working correctly if you print using NetBIOS network, check the following:

  • Confirm that the IPv4 addresses are properly set up. If the IPv4 addresses were set using DHCP, BOOTP, or RARP, confirm that they are operating.
  • If you are using a DHCP server, confirm that the WINS server is working correctly with the DHCP server.
  • Your computer may not be able to recognize the machine even though the IP address settings are appropriate. This problem may be resolved by delaying the startup of network communications for the machine. (See "Startup Time Settings.")
Cause 3

NetBIOS network is not properly set up.

Remedy

Confirm that SMB and WINS are properly set up.

Cause 4

The IPv4 address of the computer from which data (print/fax/I-fax job) is to be sent to the machine is not permitted by the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 Settings screen.

Remedy

Check the settings for <RX/Print Range> in [IP Address Range Settings] on the IPv4 Settings screen. (See step 8 in "TCP/IPv4 Settings.")

Cause 5

The computer that is printing is not properly set up.

Remedy

Check the following:

  • Confirm that the proper printer driver is installed. If you are printing from Windows, each computer must have a printer driver installed.
  • For instructions on how to install printer drivers, see Getting Started.
  • Confirm that the correct printer is set as the output destination for the computer that is printing. Confirm the output destination in [Printer] in [Control Panel].
Cause 6

An error message is displayed on the touch panel display of the machine.

Remedy

After confirming the error message, see "Problem Solving," and perform the necessary operations according to the error message displayed.

Unable to Print from an AppleTalk Network

Cause 1

The machine and cable are not properly connected.

Remedy

Turn OFF the machine's power switches, check that the machine is connected to the network using the proper cable, and then turn them ON. (See "Connecting the Machine to a Computer or Network.")

Cause 2

The AppleTalk network is not properly set up.

Remedy

Confirm the AppleTalk settings. In particular, check the following:

  • Set the [Phase] to a valid phase type.
  • Set the [Zone] to the zone to which the printer belongs.
  • Your computer may not be able to recognize the machine even though the IP address settings are appropriate. This problem may be resolved by delaying the startup of network communications for the machine. (See "Startup Time Settings.")
Cause 3

The computer that is printing is not properly set up.

Remedy

Check the following Macintosh settings:

  • Confirm that the proper printer driver is installed.
  • Confirm that the proper printer has been selected as the destination.
  • Confirm that [AppleTalk] is active.
  • Confirm that the AppleTalk connection method is EtherTalk or Ethernet.
Cause 4

An error message is displayed on the touch panel display of the machine.

Remedy

After confirming the error message, see "Problem Solving," and perform the necessary operations according to the error message displayed.



Data Sending/File Sharing Problems and Remedies

This section describes how to resolve data sending/file sharing problems.


Unable to Send Data/Share Files (FTP)

Unable to Send Data/Share Files (NetWare)

Unable to Send Data/Share Files (Windows and Samba File Sharing)

<Check the server.> is displayed when you try to use a WebDAV server.

<TCP/IP error> is displayed when you try to send to a WebDAV server.

<SSL Error> is displayed, and transmission fails when you try to send to a destination using SSL encrypted communication via a WebDAV server.

<Could not be sent.> is displayed when you try to send via a WebDAV server.

<Check the server.> is displayed when you try to send via a WebDAV server.

<Cannot connect.> is displayed when you try to send to a WebDAV server.

Unable to Send Data/Share Files (FTP)

Cause 1

The FTP server is not set correctly.

Remedy

Perform the following to check the server status. (If you are using Windows, perform these from the command prompt.)

  • Example using UNIX, where the FTP server has the IP address: 192.168.1.195
    U:>ftp 192.168.1.195 *Connect to server
    Connected to 192.168.37.195.
    220 canmfs FTP server (UNIX(r) System V Release 4.0) ready.
    User (192.168.37.195:(none)): user_name *User login
    331 Password required for user_name.
    Password: *Enter password
    230 User user_name logged in.
    ftp>cd /export/share *Move to data destination directory
    250 CWD command successful.
    ftp> bin *Set data transfer type (binary)
    200 Type set to I.
    ftp> put sample.tif *Set transfer file name for verification
    ftp> by *Cut off server connection
    221 Goodbye
  • If the above are confirmed and file sharing still does not operate normally, consult the network administrator for the environment you are using.
Cause 2

The machine's address [User] setting contains one or more spaces after the user name.

Remedy

Ensure that the machine's address [User] setting does not contain spaces after the user name.

Cause 3

The machine was turned OFF while sending data to the FTP server, and when the machine was turned back ON, it attempted to resend the data. (If a Windows 2000/XP/Server 2003/Vista FTP server is being used.)

Remedy

If power to the machine is turned OFF while data is being sent to the FTP server, the FTP server may hold the data in a writing-in-progress state. Therefore, this data cannot be overwritten even when the machine reconnects and sends the same data again. Stop the FTP server temporarily and delete the held data, so it can be sent again.

Cause 4

An error message is displayed on the touch panel display of the machine.

Remedy

After confirming the error message, see "Problem Solving," and perform the necessary operations according to the error message displayed.

Unable to Send Data/Share Files (NetWare)

Cause 1

File sharing settings for the NetWare file server are incorrect. (In Bindery Mode.)

Remedy

Check the following settings:

  • Use your computer to log in to the NetWare file server. From Windows Explorer, double-click [Entire Network] → check that the NetWare server you want to share is listed there. You can also check for the NetWare server as follows: On the [Start] menu, point to [Find] → click [Computer] → enter the name of the server you want to share → check that the server is on the network. (This server name will be the [Host Name] you entered when you set up the recipient settings.)
  • Open the server → open the folder for file sharing. (The path to this folder will be the [Folder Path] you entered when you set up the recipient settings.)
  • Check that files can be written to this folder.
  • If data cannot be sent or file sharing does not work after you do the above, consult your network administrator.
Cause 2

File sharing settings for the NetWare file server are incorrect. (In NDS Mode.)

Remedy

Check the following settings:

  • Log in as a user with Admin or equivalent authority. From Windows Explorer, double-click [Entire Network] → check that the NetWare server you want to share is listed there. You can also check for the NetWare server as follows: On the [Start] menu, point to [Find] → click [Computer] → enter the name of the server you want to share → check that the server is on the network.
  • Start the NWADMIN for this server. If [Root] is displayed at the upper left corner of the screen, the layer below it is the context. If [Root] is not displayed, go to the [View] menu → click [Go Up a Level] to change to the display below [Root]. (This context will be the value entered to the right side of the expression "o=" when you set up [Host Name] of the recipient.)
  • With <Root> appearing on the screen, go to the [View] menu → click [Go Up a Level] to open the [Set Context] dialog box. The tree name will be displayed in [Tree]. (This tree name will be the value you entered to the right side of the expression ".TREE=" when you set up [Host Name] of the recipient.)
  • If data cannot be sent or file sharing will not work after you do the above, consult your network administrator.
Cause 3

There is a print job in the printing queue, and the machine is still receiving this job.

Remedy

Send the data after the print job has been completely received. The machine cannot send data while it is receiving a print job.

Cause 4

An error message is displayed on the touch panel display of the machine.

Remedy

After confirming the error message, see "Problem Solving," and perform the necessary operations according to the error message displayed.

Unable to Send Data/Share Files (Windows and Samba File Sharing)

Cause 1

File sharing settings for the shared folder are incorrect.

Remedy

Check the following settings:

  • On the computer you are using, go into Windows Explorer → double-click [Entire Network] → check that the computer you want to share is listed there. You can also check for the computer as follows: On the [Start] menu, point to [Find] → click [Computer] → enter the name of the computer you want to share → check that the computer is on the network.
  • If the computer you want to share is listed, double-click its icon to see whether the shared name of the folder you want to share is listed.
Cause 2

An error message is displayed on the touch panel display of the machine.

Remedy

After confirming the error message, see "Problem Solving," and perform the necessary operations according to the error message displayed.

<Check the server.> is displayed when you try to use a WebDAV server.

Cause

The WebDAV server is unavailable.

Remedy

Confirm the status of the WebDAV server.

<TCP/IP error> is displayed when you try to send to a WebDAV server.

Cause 1

The IPv4 address is set to '0.0.0.0', because it cannot be obtained automatically via DHCP, RARP, or BOOTP when the IPv4 address setting in SRAM is set to '0.0.0.0'.

Remedy

See "TCP/IPv4 Settings" to specify the correct IPv4 address.

Cause 2

The static IPv4 address is set to '0.0.0.0' when the IPv4 address setting in SRAM is set to '0.0.0.0'.

Remedy

See "TCP/IPv4 Settings" to specify the correct IPv4 address.

Cause 3

The IPv6 addresses are not properly set up.

Remedy

Check the following:

  • Confirm that the settings for the addresses (<Use Stateless Address>, <Use Manual Address>, or <Use DHCPv6>) are set to 'On'.
  • If you are using a stateless address or DHCPv6, confirm that addresses can be obtained.
  • If addresses cannot be obtained, check the settings of the router or DHCPv6 server.
  • It may take several minutes for a stateless address to be determined.
Cause 4

The IP address of the DNS server is not correct.

Remedy

See "TCP/IPv4 Settings," or "TCP/IPv6 Settings," to check the IP address of the DNS server.

Cause 5

Sending could not be performed due to a lack of resources in the TCP/IP protocol stack.

Remedy

Free up sufficient disk space on the WebDAV server.

<SSL Error> is displayed, and transmission fails when you try to send to a destination using SSL encrypted communication via a WebDAV server.

Cause 1

The WebDAV server does not support SSL encrypted communication.

Remedy

Specify the SSL settings required for your environment on the WebDAV server.

Cause 2

The proxy server does not support SSL encrypted communication.

Remedy

If the WebDAV client is connected to the Internet via a proxy server, set the proxy server to use SSL.

<Could not be sent.> is displayed when you try to send via a WebDAV server.

Cause 1

An error occurred in the WebDAV server or proxy server.

Remedy

Check the following:

  • Check the settings of the WebDAV server.
  • Check the settings of the proxy server.
Cause 2

External access to the target files or directories was denied.

Remedy

Check the following:

  • Check the settings of the WebDAV server.
Cause 3

The WebDAV server is busy because of heavy access.

Remedy

Try sending again later.

Cause 4

Sending files in chunks is not allowed.

Remedy

Press [Off] for <Use Chunked Encoding with WebDAV Sending>. (See "Using the Main Unit to Send/Receive.")

Cause 5

The size of the sent data is too large.

Remedy

Confirm the size of the sent data.

Cause 6

The specified URI (host name and folder path specified as the recipient address) is too long.

Remedy

See "Using the Main Unit to Send/Receive," to confirm the full path for the HTTP server entered in [Host Name] and the WebDAV folder path entered in [Folder Path] as the recipient address.

<Check the server.> is displayed when you try to send via a WebDAV server.

Cause 1

The machine tried to access the destination without using a proxy server, but it was necessary to access via a proxy server.

Remedy

Check the following:

  • Check the settings of the WebDAV server.
Cause 2

Access to the destination was denied.

Remedy

Check the settings of the WebDAV server.

Cause 3

The machine tried to access the destination via a proxy server without using SSL encrypted communication.

Remedy

Press [Off] for <Use Chunked Encoding with WebDAV Sending>. (See "Using the Main Unit to Send/Receive.")

Cause 4

The proxy server failed to communicate with the upstream server.

Remedy

Check the following:

  • Check the settings of the WebDAV server.
  • Check the settings of the proxy server.
Cause 5

According to the request from the WebDAV client, the HTTP protocol version which is not supported by the WebDAV server is used.

Remedy

Check the settings of the WebDAV server.

Cause 6

The disk space on the WebDAV server was insufficient to process the request from the WebDAV client.

Remedy

Free up sufficient disk space on the WebDAV server.

<Cannot connect.> is displayed when you try to send to a WebDAV server.

Cause

Proxy server authentication failed.

Remedy

See step 10 in "Settings Common to TCP/IPv4 and TCP/IPv6," to confirm the settings of the proxy server.



Encrypted SSL Data Communication Problems and Remedies

This section describes how to resolve encrypted SSL data communication problems.


<The default key is not set. Check the [Key and Certificate List] settings in the Certificate Settings> is displayed when SSL is set.

<Cannot delete the default key when SSL is On, or when the [Receive Restrictions for Each Function] setting in Device Information Delivery is Off. Check the SSL or Device Information Delivery setting.> is displayed when you try to erase a key pair.

<Cannot change settings because the selected key is being used. Check the SSL or Device Information Delivery setting.> is displayed when you try to erase the default key pair.

<Cannot register because the algorithm of this key is not supported.> is displayed when you try to register a key pair file.

You cannot use encrypted SSL communication for IPP printing, email/I-fax, the Remote UI, MEAP functions via a web browser, and device information delivery, or confirm Department IDs and passwords even after you have turned SSL on.

<Certificate exp. date error> is displayed.

<Digital sig. cert. access err.> is displayed.

<The default key is not set. Check the [Key and Certificate List] settings in the Certificate Settings> is displayed when SSL is set.

Cause

The key pair or server certificate to use has not been registered.

Remedy

It is necessary to register a key pair and server certificate in order to perform encrypted SSL communication. For instructions on how to register a key pair, see "Generating a Key Pair and Server Certificate," or "Registering a Key Pair File and Server Certificate File Installed from a Computer."

<Cannot delete the default key when SSL is On, or when the [Receive Restrictions for Each Function] setting in Device Information Delivery is Off. Check the SSL or Device Information Delivery setting.> is displayed when you try to erase a key pair.

Cause

The key you are trying to erase is currently being used for encrypted SSL communication or used for the [Receive Restrictions for Each Function] mode in Device Information Delivery Settings.

Remedy

Cancel all SSL settings and encrypted SSL communication. See "Security," to set all settings for the [Receive Restrictions for Each Function] mode in Device Information Delivery Settings to 'On.'

<Cannot change settings because the selected key is being used. Check the SSL or Device Information Delivery setting.> is displayed when you try to change the default key.

Cause

The key you are trying to erase is currently being used for encrypted SSL communication or used for the [Receive Restrictions for Each Function] mode in Device Information Delivery Settings.

Remedy

Cancel all SSL settings and encrypted SSL communication. See "Security," to set all settings for the [Receive Restrictions for Each Function] mode in Device Information Delivery Settings to 'On.'

<Cannot register because the algorithm of this key is not supported.> is displayed when you try to register a key pair file.

Cause

You are trying to register a key pair file which uses the DSA algorithm.

Remedy

Register a key pair file which uses the RSA algorithm.

You cannot use encrypted SSL communication for IPP printing, email/I-fax, the Remote UI, MEAP functions via a web browser, and device information delivery, or confirm Department IDs and passwords even after you have turned SSL on.

Cause1

The generated key pair or server certificate is corrupted.

Remedy

After erasing the key pair you are using, generate a key pair and server certificate.

Cause2

The preinstalled default key pair or server certificate is corrupted.

Remedy

After erasing the key pair you are using, generate a key pair and server certificate.

Cause3

The registered key pair file or server certificate file is corrupted.

Remedy

After erasing the key pair you are using, install the key pair file and server certificate file created on your computer using the Remote UI (See "Remote UI."). Then, register the installed files on the control panel of the machine.

<Certificate exp. date error> is displayed.

Cause

The certificate has expired.

Remedy

Confirm the expiration date for the certificate.

<Digital sig. cert. access err.> is displayed.

Cause1

Access to the user certificate was denied when sending a PDF with a user signature.

Remedy

See "Generating and Confirming a Key Pair and Device Signature Certificate and User Certificate for Adding Digital Signatures to PDF Files" to confirm the user certificate settings.

Cause2

Access to the device certificate was denied when sending a PDF with a device signature.

Remedy

See "Generating and Confirming a Key Pair and Device Signature Certificate and User Certificate for Adding Digital Signatures to PDF Files" to confirm the device certificate settings.



IEEE802.1X Authentication Problems and Remedies

This section describes how to resolve IEEE802.1X authentication problems.


<IEEE802.1X error. Set the correct cert. information.> is displayed.

<IEEE802.1X error. Change the password.> is displayed.

<IEEE802.1X error. Check authentication settings.> is displayed.

<IEEE802.1X error. The certificate has expired.> is displayed.

<IEEE802.1X error. The certificate is incorrect.> is displayed.

<IEEE802.1X error. Cannot analyze the certificate.> is displayed.

<IEEE802.1X error. No reply from the destination.> is displayed.

<IEEE802.1X error. Set the correct cert. information.> is displayed.

Cause

The correct client authentication information (the key pair and certificate, user name and password, and the CA certificate) is not set.

Remedy

Confirm the set authentication method and authentication information (the key pair and certificate, user name and password, and CA certificate).

<IEEE802.1X error. Change the password.> is displayed.

Cause

The correct password is not specified.

Remedy

Confirm the password, and then specify the correct password.

<IEEE802.1X error. Check authentication settings.> is displayed.

Cause

The specified authentication method of the machine does not match the authentication method of the RADIUS server.

Remedy

Confirm whether the authentication method specified for the machine and the authentication method specified for the RADIUS server match, and specify the correct authentication method if necessary.

<IEEE802.1X error. The certificate has expired.> is displayed.

Cause

The server certificate sent from the RADIUS server has expired.

Remedy

Confirm the expiration date for the server certificate of the RADIUS server.

<IEEE802.1X error. The certificate is incorrect.> is displayed.

Cause

An error occurred when verifying the server certificate sent from the RADIUS server using the CA certificate.

Remedy

Confirm the contents of the server certificate of the RADIUS server, as well as the CA certification registered on the machine.

<IEEE802.1X error. Cannot analyze the certificate.> is displayed.

Cause

The machine failed to analyze the server certificate sent from the RADIUS server.

Remedy

Confirm the server certificate contents of the RADIUS server.

<IEEE802.1X error. No reply from the destination.> is displayed.

Cause

An error occurred when communicating with the authenticator.

Remedy

Confirm the authenticator (LAN switch) settings, as well as the RADIUS server settings.



Network Setting Items

If you are configuring the settings for the first time in "Interface Settings," "TCP/IPv4 Settings," "TCP/IPv6 Settings," or "Settings Common to TCP/IPv4 and TCP/IPv6," use the control panel of the machine. After configuring the TCP/IP settings, you can change them using the Remote UI.

In the NetWare or AppleTalk network, the TCP/IP protocol must be used to specify the settings with software other than the control panel of the machine. The setting items are shown below.


Remark
  • Some items can be set using the Remote UI. Use the control panel of the device to set items which cannot be set using the Remote UI.
  • In the following tables, "N/A" stands for "Not Applicable".
  • For more information on Device Information Delivery, see "Security."

  • Change Settings/Display Connection Confirm.
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Change Settings/Display Connection Confirm. On/Off Off N/A

  • TCP/IP Settings (1/5)
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
IPv4 Settings: Use IPv4
Use IPv4 On/Off On N/A
IPv4 Settings: IP Address Settings
IP Address IP address 0.0.0.0 N/A
Subnet Mask IP address 0.0.0.0 N/A
Gateway Address IP address 0.0.0.0 N/A
DHCP On/Off Off
RARP On/Off Off
BOOTP On/Off Off
IPv4 Settings: PING Command
PING Command IP address 0.0.0.0 N/A N/A
IPv4 Settings: IP Address Range Settings*1
RX/Print Range:
Reject IPv4 Address
Apply Settings: On/Off
Up to 8 IPv4 addresses can be stored.
Off N/A
RX/Print Range:
Permit IPv4 Address
Apply Settings: On/Off
Up to 8 IPv4 addresses can be stored.
Off N/A
Setting/Browsing Range:
Reject IPv4 Address
Apply Settings: On/Off
Up to 8 IPv4 addresses can be stored.
Off N/A
Setting/Browsing Range:
Permit IPv4 Address
Apply Settings: On/Off
Up to 8 IPv4 addresses can be stored.
Off N/A
IPv6 Settings: Use IPv6
Use IPv6 On/Off Off N/A
IPv6 Settings: Stateless Address Settings
Use Stateless Address On/Off On N/A
IPv6 Settings: Manual Address Settings
Use Manual Address On/Off Off N/A
Manual Address IPv6 Address (39 Characters maximum) - N/A
Prefix Length 0 to 128 64 N/A
Default Router Addr. 39 Characters maximum - N/A
IPv6 Settings: Use DHCPv6
Use DHCPv6 On/Off Off
IPv6 Settings: PING Command
IPv6 Address 39 Characters maximum - N/A
Host Name 48 Characters maximum - N/A
IPv6 Settings: IP Address Range Settings*1
RX/Print Range:
Reject IPv6 Address
Apply Settings: On/Off
Up to 8 IPv6 addresses can be stored.
Off N/A
RX/Print Range:
Permit IPv6 Address
Apply Settings: On/Off
Up to 8 IPv6 addresses can be stored.
Off N/A
Setting/Browsing Range:
Reject IPv6 Address
Apply Settings: On/Off
Up to 8 IPv6 addresses can be stored.
Off N/A
Setting/Browsing Range:
Permit IPv6 Address
Apply Settings: On/Off
Up to 8 IPv6 addresses can be stored.
Off N/A

*1 This item is available only if you are using the following optional equipment:
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • PCL Printer Kit
  • PS Printer Kit
  • Super G3 FAX Board
  • Color Universal Send Kit

  • TCP/IP Settings (2/5)
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
DNS Settings: DNS Server Address Settings: IPv4
Primary DNS Server IP Address 0.0.0.0 N/A
Secondary DNS Server IP Address 0.0.0.0 N/A
DNS Settings: DNS Server Address Settings: IPv6
Primary DNS Server IPv6 Address - N/A
Secondary DNS Server IPv6 Address - N/A
DNS Settings: DNS Host Name/Domain Name Settings: IPv4
Host Name 47 Characters maximum Canon
******
("******" represents the last six digits of a MAC address)
N/A
Domain Name 47 Characters maximum (NULL) N/A
DNS Settings: DNS Host Name/Domain Name Settings: IPv6
Use Same Host Name/Domain Name as IPv4 On/Off Off N/A
Host Name 47 Characters maximum Canon
******
("******" represents the last six digits of a MAC address)
N/A
Domain Name 47 Characters maximum - N/A
DNS Settings: DNS Dynamic Update Settings: IPv4
DNS Dynamic Update On/Off Off N/A
DNS Settings: DNS Dynamic Update Settings: IPv6
DNS Dynamic Update On/Off Off N/A
Register Stateless Address On/Off Off N/A
Register Manual Address On/Off Off N/A
Register Stateful Address On/Off Off N/A

  • TCP/IP Settings (3/5)
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
WINS Configuration
WINS Resolution On/Off Off N/A
WINS Server Address IP address 0.0.0.0 N/A
Node Type Auto Set, display only - - N/A
Scope ID 63 Characters maximum (NULL) N/A
LPD Print Settings*2
LPD Print Settings On/Off On
LPD Banner Page*3 On/Off Off
RAW Print Settings*2
RAW Print Settings On/Off On
Bidirectional Communication On/Off Off
SNTP Settings
Use SNTP On/Off Off N/A
Polling Interval Interval for performing time synchronization (1 to 48 hours) 24 N/A
NTP Server Address IP address or host name (NULL) N/A
NTP Server Check - - N/A
FTP Print Settings*4
Use FTP printing On/Off Off
User User name for FTP server login (24 Characters maximum) (NULL) N/A
Password Password for FTP server login (24 Characters maximum) (NULL) N/A
WSD Print Settings*2
Use WSD On/Off On
Use WSD Browsing On/Off On
Use Multicast Discovery On/Off On
Use PASV Mode for FTP*5
Use PASV Mode for FTP On/Off Off
IPP Print Settings*2
IPP Print Settings On/Off On
Use SSL On/Off Off N/A
Use Authentication On/Off Off N/A
User User name for IPP authentication (24 Characters maximum) (NULL) N/A
Password Password for IPP authentication (24 Characters maximum) (NULL) N/A
Multicast Discovery
Response On/Off On
Scope Name Scope name to be used for a multicast discovery (32 Characters maximum) (default) N/A

*2 This item is available only if you are using the following optional equipment:
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • PCL Printer Kit
  • PS Printer Kit
  • Super G3 FAX Board
*3 This item is available only if you are using the following optional equipment:
  • UFR II/PCL Printer Kit
  • PCL Printer Kit
  • PS Printer Kit
*4 This item is available only if you are using the following optional equipment:
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • PCL Printer Kit
  • PS Printer Kit
*5 This item is available only if the optional Color Universal Send Kit is activated by registering a license key.

  • TCP/IP Settings (4/5)
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Certificate Settings: Generate Network Communication Key
Key Name 24 Characters maximum (NULL) N/A
Key Algorithm RSA, display only - - N/A
Key Length (bit) 512/1024 512 N/A
Start Date of Validity Year, Month, Date (01/01/2000 - 31/12/2048) (NULL) N/A
End Date of Validity Year, Month, Date (01/01/2000 - 31/12/2048) (NULL) N/A
Country/Region Country/Region name and code (2 Characters maximum) Singapore (SG) N/A
State 24 Characters maximum (NULL) N/A
City 24 Characters maximum (NULL) N/A
Organization 24 Characters maximum (NULL) N/A
Orgnztion Unit 24 Characters maximum (NULL) N/A
Common Name IP address or FQDN (24 Characters maximum) (NULL) N/A
Certificate Settings: Generate Key
Generate/Update Device Signature Key*6 - - N/A
Certificate Settings: Key and Certificate List: Key and Certificate List for this Machine
Certificate Details Version/Serial Number/Signature Algorithm/Issue Destination/Start Date of Validity/End Date of Validity/Issuer/Public Key/Certificate Thumbprint/Certificate Verification - N/A
Erase - - N/A
Display Use Location Displays what the key pair is being used for - N/A
Certificate Settings: Key and Certificate List: Key and Certificate List for Users*7
Certificate Details Version/Serial Number/Signature Algorithm/Issue Destination/Start Date of Validity/End Date of Validity/Issuer/Public Key/Certificate Thumbprint/Certificate Verification - N/A
Erase - - N/A
Certificate Settings: CA Certificate List
Certificate Details Version/Serial Number/Signature Algorithm/Issue Destination/Start Date of Validity/End Date of Validity/Issuer/Public Key/Certificate Thumbprint/ Certificate Verification - N/A
Erase - - N/A
Certificate Settings: Register Key and Certificate
Register Key Name (24 Characters maximum)
Password (24 Characters maximum)
- N/A
Erase - - N/A
Certificate Settings: Register CA Certificate
Register - - N/A
Erase - - N/A

*6 [Generate/Update Device Signature Key] is enabled if the optional Universal Send Security Feature Set is activated by registering a license key.
*7 [Key and Certificate List for Users] is enabled if the optional Digital User Signature Kit is activated by registering a license key.

  • TCP/IP Settings (5/5)
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Use HTTP
Use HTTP On/Off On
SSL Settings
SSL Settings Functions using SSL encrypted communications - N/A
Key and Certificate
Set as the Default Key - - N/A
Certificate Details Version/Serial Number/Signature Algorithm/Issue Destination/Start Date of Validity/End Date of Validity/Issuer/Public Key/Certificate Thumbprint/Certificate Verification - N/A
Display Use Location Displays what the key pair is being used for - N/A
Proxy Settings*8
Use Proxy On/Off Off N/A
Server Address IP address or FQDN (128 Characters maximum) (NULL) N/A
Port Number 1 to 65535 80 N/A
Use Proxy within the Same
Domain
On/Off Off N/A
Authentication Settings
Use Proxy Authentication On/Off Off N/A
User 24 Characters maximum (NULL) N/A
Password 24 Characters maximum (NULL) N/A
Permitted Receiving MAC Address Settings
Permitted Receiving MAC Address Settings Apply Settings: On/Off
MAC addresses (a maximum of 100 addresses can be registered)
Off N/A
Dept. ID Management Password Confirmation*2
Dept. ID Management Password Confirmation On/Off On N/A

*2 This item is available only if you are using the following optional equipment:
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • PCL Printer Kit
  • PS Printer Kit
  • Super G3 FAX Board
*8 This item is available only if you are using the following optional equipment:
  • PS Printer Kit
  • Direct Printing Kit
  • Web Access Software

  • IPSec Settings
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Use IPSec On/Off Off N/A
Receive Non-policy Packets Allow/Reject Allow N/A
Edit - - N/A
Erase - - N/A
Policy On/Off - - N/A
Register: Policy Name
Policy Name 24 Characters maximum (NULL) N/A
Register: Selector Settings
Local Address All IP addresses/IPv4 Address/IPv6 Address/IPv4 Manual Settings/IPv6 Manual Settings All IP addresses N/A
Remote Address All IP addresses/All IPv4 addresses/All IPv6 addresses/IPv4 Manual Settings/IPv6 Manual Settings All IP addresses N/A
Port Specify by Port Number/Specify by Service Name Specify by Port Number N/A
Register: IKE Settings
IKE Mode Main/Aggressive Main N/A
Authentication Method Pre-Shared Key Method/Digital sig. Method Pre-Shared Key Method N/A
Auth./Encryption Algorithm Auto/Manual Settings Auto N/A
Register: IPSec Network Settings
Validity: Time 1 to 65535 minutes 480 N/A
Validity: Size 1 to 65535MB 65535 N/A
PFS On/Off Off N/A
Auth./Encryption Algorithm Auto/Manual Settings Auto N/A
Connect. Mode Transport, display only - - N/A

  • NetWare Settings*1
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
NetWare On/Off Off
Frame Type Auto Detect/Ethernet II/Ethernet 802.2/Ethernet 802.3/Ethernet SNAP Auto Detect N/A
IPX External Network Number Auto Set, display only - - N/A
Node Number Auto Set, display only - - N/A
Print Service Bindery PServer/R Printer/NDS PServer/NPrinter NDS PServer N/A
Packet Signature Auto Set, display only - - N/A
Bindery PServer Settings
Print Server 47 Characters maximum (NULL) N/A
File Server 47 Characters maximum (NULL) N/A
Print Server Password 20 Characters maximum (NULL) N/A
Printer Number 0 to 15 0 N/A
Polling Interval 1 to 15 seconds 5 N/A
Printer Form 0 to 255 0 N/A
Buffer Size 1 to 20 (KB units) 20 N/A
Service Mode Service only currently mounted form/Change forms as needed/Minimize form changes across print queues/Minimize form changes within print queues Minimize form changes within print queues N/A
RPrinter Settings
Print Server 47 Characters maximum (NULL) N/A
File Server 47 Characters maximum (NULL) N/A
Printer Number 0 to 15 0 N/A
NDS PServer Settings
Print Server 64 Characters maximum (NULL) N/A
Tree 32 Characters maximum (NULL) N/A
Context 256 Characters maximum (NULL) N/A
Print Server Password 20 Characters maximum (NULL) N/A
Printer Number 0 to 254 0 N/A
Polling Interval 1 to 255 seconds 5 N/A
Printer Form 0 to 255 0 N/A
Buffer Size 3 to 20 (KB units) 20 N/A
Service Mode Service only currently mounted form/Change forms as needed/Minimize form changes across print queues/Minimize form changes within print queues Minimize form changes within print queues N/A
NPrinter Settings
Print Server 64 Characters maximum (NULL) N/A
Tree 32 Characters maximum (NULL) N/A
Context 256 Characters maximum (NULL) N/A
Printer Number 0 to 254 0 N/A

*1 This item is available only if you are using the following optional equipment:
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • PCL Printer Kit
  • PS Printer Kit
  • Super G3 FAX Board
  • Color Universal Send Kit

  • AppleTalk Settings*1
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
AppleTalk On/Off Off
Phase Phase 2 (fixed) - - N/A
Service Name 32 Characters maximum Model name N/A
Zone 32 Characters maximum * N/A

*1 This item is available only if you are using the following optional equipment:
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • PS Printer Kit

  • SMB Server Settings*1
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Use SMB Server On/Off On N/A
Server 15 Characters maximum (NULL) N/A
Workgroup 15 Characters maximum (NULL) N/A
Comment 48 Characters maximum (NULL) N/A
LM Announce On/Off Off N/A
SMB Printer Settings
Use SMB On/Off On N/A
Printer 13 Characters maximum (NULL) N/A

*1 This item is available only if you are using the following optional equipment:
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • PCL Printer Kit
  • PS Printer Kit
  • Super G3 FAX Board
  • Color Universal Send Kit

  • SNMP Settings
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Get Printer Mgmt Info from Host On/Off Off
Use SNMP v. 1 On/Off On
Community Name 1 Settings
Community Name 1 On/Off On N/A
MIB Access Permission Read/Write/Read Only Read Only N/A
Community Name Community Name (32 Characters maximum) public N/A
Community Name 2 Settings
Community Name 2 On/Off Off N/A
MIB Access Permission Read/Write/Read Only Read Only N/A
Community Name Community Name (32 Characters maximum) public2 N/A
Use SNMP v. 3 On/Off Off N/A
User Settings
User On/Off - - N/A
Register User/MIB Access Permission/Security Settings/Authent. Algorithm/Authent. Password/Encryption Algorithm/Encryption Password - N/A
Details/Edit User/MIB Access Permission/Security Settings/Authent. Algorithm/Authent. Password/Encryption Algorithm/Encryption Password - N/A
Erase - - N/A
Context Settings
Register Context name (32 Characters maximum) - N/A
Edit Context name (32 Characters maximum) - N/A
Erase - - N/A

  • Enable Dedicated Port Settings
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Enable Dedicated Port On/Off On

  • Spool Settings*1
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Use Spooler On/Off Off

*1 This item is available only if you are using the following optional equipment:
  • UFR II Printer Kit
  • UFR II/PCL Printer Kit
  • PCL Printer Kit
  • PS Printer Kit
  • Super G3 FAX Board

  • Startup Time Settings
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Startup Time Settings 30 to 300 seconds 30 N/A

  • Ethernet Driver Settings
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Auto Detect On/Off On N/A
Communication Mode Half Duplex/Full Duplex Half
Duplex
N/A
Ethernet Type 10 Base-T/100 Base-TX/1000 Base-T 10 Base-T N/A
MAC Address Display only - - N/A

  • E-Mail/I-Fax Settings*1
Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
SMTP Receipt On/Off On
POP On/Off On
SMTP Server Server name or IP address (48 Characters maximum) (NULL) N/A
E-mail Address 64 Characters maximum (NULL) N/A
POP Server Server name or IP address (48 Characters maximum) (NULL) N/A
POP Address 64 Characters maximum (NULL) N/A
POP Password 32 Characters maximum (NULL) N/A
POP Interval 0 to 99 (If the interval is set to '0', the incoming e-mail is not checked automatically.) 0 N/A
Authent./Encryption
POP AUTH Method Standard/APOP/POP
AUTH
Standard N/A
POP Authentication before Sending On/Off Off N/A N/A
SMTP Authentication (SMTP AUTH) On/Off Off N/A N/A
User User name for SMTP authentication (64 Characters maximum) (NULL) N/A N/A
Password Password for SMTP authentication (32 Characters maximum) (NULL) N/A N/A
Allow SSL (POP) On/Off Off N/A N/A
Allow SSL (SMTP Send) On/Off Off N/A N/A
Allow SSL (SMTP Receive) SSL/On/Off Off N/A N/A

*1 This item is available only if the optional Color Universal Send Kit is activated by registering a license key.

  • IEEE802.1X Settings

Item Setting Description Default Setting Can be set in Remote UI Device Information Delivery
Use IEEE802.1X On/Off Off N/A
User Name of the user to be authenticated with IEEE802.1X authentication (NULL) N/A
Password Password of the user to be authenticated with IEEE802.1X authentication (NULL) N/A
TLS Settings
Use TLS On/Off Off N/A
Key and Certificate
Set as the Default Key - - N/A
Certificate Details Version/Serial Number/Signature Algorithm/Issue Destination/Start Date of Validity/End Date of Validity/Issuer/Public Key/Certificate Thumbprint/Certificate Verification - N/A
Display Use Location Displays what the key pair is being used for. - N/A
TTLS Settings
Use TTL On/Off Off N/A
MSCHAPv2 - - N/A
PAP - - N/A
PEAP Settings
Use PEAP On/Off Off N/A

Remark
  • Use the control panel of the device to set items which cannot be set using the Remote UI.


Viewing the Network Access Log

This machine logs attempts to gain access from IP addresses that it has been set to reject. The procedure for referring to the access log is as follows.

For instruction on how to set the machine to permit or reject specific IP addresses, see step 8 in "TCP/IPv4 Settings" or step 6 in "TCP/IPv6 Settings."


Remark
  • To display [Log], set <Job Log Display> in [System Monitor Screen Restriction] in the System Settings screen (from the Additional Functions screen) to 'On'.

  1. Press [System Monitor] → [Print] → [Log] → select [Network] from the drop-down list.

The log pertaining to the rejected IP addresses is displayed.

Up to 100 logs can be displayed.

You can export the log to a CSV format file, using the Remote UI. For instructions, see "Remote UI."



Obtaining the Public Key of the Machine to Use SSL with Windows Vista

If you want to use IPPS printing, it is necessary to obtain the public key of the machine and install it in Windows Vista by following the procedure below.


  1. Start the Remote UI of the machine → click [Continue to this website (not recommended)] to display the Remote UI screen.
  1. Double-click [Internet | Protected Mode:On], located on the bottom-right of the web browser.
  1. Select [Trusted sites] → click [Sites].
  1. Confirm that 'https://<IP address of the machine>' is displayed → click [Add] → [Close].
  1. If [Enable Protected Mode (requires restarting Internet Explorer)] is selected, deselect it → click [OK] to return to the Remote UI screen → close the web browser → restart the web browser → repeat the procedure in step 1.
  1. Click [Certificate Error] on the right of the address bar → select [View certificates].
  1. Click [Install Certificate] in the displayed dialog box to start the Certificate Import Wizard.
  1. Click [Next] → select [Place all certificates in the following store] → click [Browse].
  1. Select [Trusted Root Certification Authorities] → follow the instructions on the screen to close the wizard.
  1. If you deselected [Enable Protected Mode (requires restarting Internet Explorer)] in step 5, select it again.