advertisement
Tips for Administrator
Setting an IP Address on the Printer’s Control Panel
After connecting the printer to the network, you need to set the IP address for the network interface.
To set the IP address, subnet mask, and default gateway from the control panel, follow the steps below.
1. Turn on your printer.
2. Press the Menu button on the printer’s control panel.
3. Press the Up or Down button until Network Setup appears. Then press the OK button.
4. Press the Up or down button until IP Address Setting appears. Then press the OK button.
5. Do one of the following to obtain an IP address:
O
Choose Auto when getting the IP address from a DHCP server. The IP address is automatically obtained from the DHCP server whenever the printer is reset or turned on.
O Choose Panel when manually setting the IP address, subnet mask, and default gateway using the printer’s control panel.
Note:
To use Auto, a DHCP server must be correctly configured on the network. See the online help of your operating system for detailed instructions.
Print a network status sheet to confirm the new IP address.
Note:
O
You must first set the IP address before using EpsonNet Config with Web Browser.
O
See the User’s Guide for more information about settings on the printer’s control panel.
Tips for Administrator 48
Secure Communication Using IPsec, Access Control, SSL, and
IEEE 802.1X
Some printers may not support secure communications using IPsec, Access Control, SSL and IEEE802.1X. For information on whether your printer supports these secure communications features, see the printer User’s Guide.
Data format
Supported operating systems
IPsec
Encrypted data
Windows 8.x/7/Vista
Access Control
Unencrypted data
All operating systems supported by this product
IPsec protocol
IPsec is a protocol that is suitable for securing IP communication by encrypting the data or by authenticating client users in a network. To use this function, make the necessary settings on your printer using Remote Manager. Security settings on the client computers
on the network are also required. For more information, see “Secure Communications
(IPsec/Access Control)” on page 50.
Access Control
Access control function allows you to restrict network access to the printer.
O
Restrict access to the printer from specified client users only
O
Restrict data communication to the printer to specified purposes only (such as accessing administrative information by the administrators)
To use this function, make the necessary settings on your printer using Remote Manager.
For more information, see “Secure Communications (IPsec/Access Control)” on page 50.
SSL
SSL prevents unauthorized external access or other malicious acts such as data being read while the product is connected to a network. Enabling SSL allows product settings to be managed securely via a web browser. For more information, see the online help for
Remote Manager.
Tips for Administrator 49
IEEE 802.1X
IEEE 802.1X is the standard protocol for allowing client users to be authenticated to the network before obtaining a connection. It provides effective access control to both wired and wireless networks.
IEEE 802.1X network consists of an authentication server (RADIUS server) and authenticator (switching hub with authentication function). Supplicants (devices such as printers) can join the IEEE 802.1X network by being authenticated by the authentication server and authenticator.
To print via an IEEE 802.1X network, you have to make the necessary network settings using a computer that is not connected to the IEEE 802.1X network before connecting the printer to the IEEE 802.1X network.
1. Connect the printer and computer, which is not connected to the network, using an
Ethernet cable.
2. Assign an IP address to the printer and print the network status sheet to confirm the IP address.
3. Start Remote Manager on the computer and import the digital certificate, then make the
IEEE 802.1X settings and other necessary settings.
4. Turn off the printer and disconnect the printer and computer.
5. Connect the printer to the destination IEEE 802.1X network and turn it on, then print the network status sheet to confirm the settings.
For details on the settings, refer to the Remote Manager help.
Secure Communications (IPsec/Access Control)
This feature prevents unauthorized external access, spoofing, or other malicious acts such as data theft or falsification while the product is connected to a network.
Enabling IPsec/Access Control allows the following tasks to be performed securely:
O
Network printing
O
Managing settings via a web browser
Tips for Administrator 50
Some printers may not support secure communications using IPsec/Access Control. For information on whether your printer supports these features, see the printer manual. This document provides sample IPsec/Access Control configurations and information on setup and troubleshooting.
Overview and Sample Settings
IPsec and Access Control are configured differently and use different connection types.
Review the sample settings and choose a configuration suited to your objectives.
Data format
Supported operating systems
Configuration
Sample settings
IPsec
Secure (encrypted)
Windows Vista, Windows 7, Windows
8.x, Windows Server 2008, Windows
Server 2012
Configure both product and client.
Sample 1: Accept IPsec only
Access Control
Not secure (unecrypted)
All operating systems supported by the printer
Configure product only.
Sample 2: Accept print data only
Sample 3: Accept specified data types only
Sample 1
The product accepts from the client only data secured using IPsec. Normal data (i.e. data not secured using IPsec) are not accepted.
Sample 2
The product accepts print data from specific clients only. Data from other clients and non-print data from the specified clients are not accepted.
Sample 3
The product accepts only specific types of data from specific clients. In this example, security levels are set separately for each client type so that the product accepts all data from administrator clients (including product management and print data) but only print data from print clients and no data at all from other clients.
Product Security Policies: An Overview
O
You can create one Default Policy and Group Policy 1-10.
O
If there is more than one policy, the product will check the policies in order from the top of the display (“Group Policy 1”) and initiate a network connection when it finds a matching policy.
O
Because the product checks the policies in order from the top, more restrictive policies should precede the more general policies on which they are based.
Tips for Administrator 51
Configuration Workflow
IPsec requires a client with secure access to the product and configured according to your purposes. Access Control requires that the product be configured according to your purposes.
The configuration workflow is shown below.
Note:
If your network is already secure, we recommend that you connect the product to a computer on a different network before adjusting settings. There is potential for data theft if the product is connected to a secure network when settings are adjusted. If no other network is available, refer to the “Encrypting communications”, below.
1. Connect the product and the computer that will be used to configure the product to the network.
2. Adjust Remote Manager settings.
See the following page information on Remote Manager settings.
3. Transmit the settings to the printer.
*
4. Adjust client computer security settings (not required for Access Control).
5. Connect the printer to a secure network.
* Encrypting communications: There is potential for data theft if product settings are adjusted over a secure network. If no other network is available, follow the steps below to encrypt the data for transmission.
(1) In the product control panel, select Network Setup > IPsec Setting > Enable and enter the pre-shared key.
(2) Set up IPsec on the computer that will be used to configure the product.
(3) Connect the product and the computer that will be used to configure the product to the network.
Important:
The network connection will close if Network Setup > IPsec Setting is enabled in the product control panel and a blank key is entered for PSK Setting (i.e. no pre-shared key is entered). Be sure to enter a key for PSK Setting after enabling Network Setup > IPsec Setting in the product control panel.
Tips for Administrator 52
Product Security Policies
Start the product Remote Manager from your computer, open the Setup tab, and adjust
Security > IPsec/Access Control settings for security policies that match how the product will be used.
Note:
We recommend that the product be assigned a static IP address for secure access using IPsec or
Access Control. Settings will be invalidated if the IP address changes.
Sample 1
Open the Setup tab in Remote Manager and configure Security > IPsec/Access Control
> Default Policy settings as follows:
Option
IPsec/Access Control
Default Policy > Access Control
Pre-Shared Key
Setting
Enable
Use IPsec
Enter a key (maximum 127 alphanumeric characters)
Sample 2
Open the Setup tab in Remote Manager and configure Security > IPsec/Access Control
> Group Policy settings for each client.
Refusing Access from Unauthorized Clients
Open the Setup tab in Remote Manager and configure Security > IPsec/Access Control
> Default Policy settings as follows:
Option
IPsec/Access Control
Default Policy > Access Control
Setting
Enable
Access Refuse
Print Client Settings
Separate IPsec/Access Control > Group Policy settings must be created for each of the
Service Name > RAW (Port 9100), ENPC,
1
and SNMP options as shown in the example below. Group policies are applied in order from Group Policy 1.
Tips for Administrator 53
Option Setting
RAW (Port 9100)
Enable
ENPC SNMP
Group Policy n
(n = 1–10)
Access Control
Remote Address
(Host)
2
Access Permission
Enter the print client IP address (prefix length can be used to specify range if desired).
Example (IPv4): 192.168.0.0/24
Service Name Method of Choose
Port
Service Name RAW (Port 9100) ENPC SNMP
1. An Epson protocol used by Epson printer and scanner drivers and such applications as EpsonNet Config to find the printer.
2. A static IP address is recommended. If DHCP or “obtain automatically” (IPv6) is selected, the connection may terminate when the lease or address expires.
Note:
Select TCP or UDP for Protocol when Local Port is selected for Method of Choose Port > Port
Number.
Sample 3
Open the Setup tab in Remote Manager and configure Security > IPsec/Access Control
> Group Policy settings for each client.
Refusing Access from Unauthorized Clients
Open the Setup tab in Remote Manager and configure Security > IPsec/Access Control
> Default Policy settings as follows:
Option
IPsec/Access Control
Default Policy > Access Control
Setting
Enable
Access Refuse
Administrator Client Settings
Separate settings must be created for each Group Policy in IPsec/Access Control.
Group policies are applied in order from Group Policy 1.
Tips for Administrator 54
Option
Group Policy n (n = 1–10)
Access Control
Remote Address (Host)
*
Setting
Enable
Access Permission
Enter the administrator client IP address
* A static IP address is recommended. If DHCP or “obtain automatically” (IPv6) is selected, the connection may terminate when the lease or address expires.
Print Client Settings
Create separate settings for each of the Service Name > RAW (Port 9100), ENPC,
1
and
SNMP options using Setup > Security > IPsec/Access Control > Group policy settings that differ from those used by the administrator. Group policies are applied in order from
Group Policy 1; when setting up policies for both administrators and print clients, order the list so that the group policies for administrators precede those for print clients.
Note that EpsonNet Config (Windows/Mac OS) will be unable to detect the printer if separate group policies are not created for the Service Name > ENPC, SNMP options.
Sample settings are shown below.
Option Setting
RAW (Port 9100)
Enable
ENPC SNMP
Group Policy n
(n = 1–10)
Access Control
Remote Address
(Host)
2
Access Permission
Enter the print client IP address (prefix length can be used to specify range if desired).
Example (IPv4): 192.168.0.0/24
Service Name Method of Choose
Port
Service Name RAW (Port 9100) ENPC SNMP
1. An Epson protocol used by Epson printer and scanner drivers and such applications as EpsonNet Config to find the printer.
2. A static IP address is recommended. If DHCP or “obtain automatically” (IPv6) is selected, the connection may terminate when the lease or address expires.
Note:
Select TCP or UDP for Protocol when Local Port is selected for Method of Choose Port > Port
Number.
Tips for Administrator 55
Supported Security Methods
The product supports the security methods listed below; choose one of these combinations when selecting the computer security method. In most cases computers can use default
IPsec settings.
Security method
Authentication algorithm
Encryption algorithm
Key exchange algorithm
Option
SHA-256
SHA-1
MD5
AES-CBC 256
AES-CBC 192
AES-CBC 128
3DES
DES
Elliptic Curve Diffie-Hellman P-384
Elliptic Curve Diffie-Hellman P-256
Diffie-Hellman Group 14
Diffie-Hellman Group 2
Diffie-Hellman Group 1
Tips for Administrator 56
advertisement
Related manuals
advertisement