Scenario: More securityāaware environment (802.1X) and
SNMPv3
In this scenario, the network uses 802.1X communication to restrict network access, and secure LDAP to enforce
authentication and authorization for access of device functions. Also, device access is logged and the device is remotely
managed using SNMPv3.
1 Load a CA certificate for the authority you want into the device. For more information, see āInstalling a Certificate
Authority certificate on the deviceā on page 24.
2 Create the CAāsigned device certificate and load it into the device. For more information, see āConfiguring the device
for certificate informationā on page 24.
3 Set up a secure a connection using the 802.1X authentication. Make sure that the usage of 802.1X is specified in
the CAāsigned certificate. For more information, see
āConfiguring 802.1X authenticationā on page 38.
4 To allow remote management of SNMPv3, enable SNMPv3, and then disable SNMPv1,2. For more information, see
āSetting up SNMPā on page 29.
Note: Specify the user credentials for Read/Write and optionally Read/Only users. We recommend setting the
authentication level to Authentication, Privacy.
5 Configure audit logging. For more information, see āConfiguring security audit log settingsā on page 30. Remote
system log for events can be specified by identifying the syslog server and selecting the appropriate settings. We
recommend specifying an eāmail address for the administrator and selectingn the events to be eāmailed.
6 Set up secure LDAP authentication and authorization. For more information, see āUsing LDAPā on page 15.
Note: Specify the LDAP setup name, server address, port, and other appropriate settings. To enhance security,
use a TLS or SSL/TLS connection.
7 Create one or more security templates using the LDAP building block, and then assign them to the appropriate
access controls. For more information, see
āUsing a security template to control function accessā on page 20.
Scenario: Networkābased usage restrictions using access card
Note: Before your begin, make sure that Smart Card Authentication bundle is installed.
In this scenario, the network uses an Active Directory environment. A SIPR access card and a password is used for device
authentication and authorization. Device access is audited and the device is remotely managed using SNMPv3. All ports
except the HTTPS (443) port and the SNMPv3 port are blocked.
1 Configure the Active Directory domain. For more information, see āConnecting your printer to an Active Directory
domainā on page 20.
Make sure to specify the following:
ā¢ Domain name
ā¢ User ID
ā¢ Password
2 Configure the Smart Card Authentication bundle. For more information, see Smart Card Authentication
Administratorās Guide.
Note: To secure access to all applications and printer functions on the home screen, configure Background and
Idle Screen. For more information, see Background and Idle Screen Administratorās Guide.
Security scenarios 57
To Next Page
