Security Features. Xerox 8560, 6360

Add to My manuals
117 Pages

advertisement

Security Features. Xerox 8560, 6360 | Manualzz

Security Features

This chapter includes:

Basic Concepts on page 4-2

Securing the Printer in a High Security Environment on page 4-5

Setting Up a Certificate on page 4-6

Configuring SSL on page 4-7

Configuring Administrator and Key User Settings on page 4-8

Configuring the Print Host Access List on page 4-9

Controlling Access to Color Printing on page 4-10

Securing the Hard Drive on page 4-11

802.1X Configuration on page 4-14

Locking the Control Panel Menus on page 4-16

Configuring SNMP on page 4-17

System Administrator Guide

4-1

Basic Concepts

Basic Concepts

This section includes:

About Admin and Key User Accounts on page 4-2

About HTTP, HTTPS, and SSL/TLS on page 4-3

About Certificates on page 4-3

About Access Control Lists on page 4-4

About Admin and Key User Accounts

Admin and Key User accounts in CentreWare IS enable you to limit access to specific printer functions by specifying passwords for user classes. CentreWare IS requires a name and password before access to the controlled printer functions are allowed.

The user classes are:

Admin : The person with the ultimate management responsibility and authority for controlling all functions of the printer.

Key User : A person who has some administrative responsibilities and who manages some or all of the printer functions.

Any User : Includes the majority of people who will be sending print jobs to the printer.

Once the passwords are set, select the printer functions from the Feature Authorization list that each user class has the right to access. The three categories of printer functions are:

Administrative

Web Server Printing

Printer Neighborhood

See also:

Configuring Administrator and Key User Settings on page 4-8

System Administrator Guide

4-2

Basic Concepts

About HTTP, HTTPS, and SSL/TLS

HTTP (Hyper Text Transfer Protocol) is the protocol used to communicate across the internet between the printer web server and the web browser (clients). Because the data is transmitted in plain text and passwords are only slightly encrypted, it is not secure; the data can be read or intercepted by other people.

HTTPS (Secure Hyper Text Transfer Protocol) is a secure version of HTTP. HTTPS provides authentication and encrypted communication to preserve the confidentiality of your data.

Instead of using plain text, HTTPS uses either the SSL (Secure Socket Layer) protocol or the

TLS (Transport Layer Security) protocol to encrypt data, thus ensuring reasonable protection from eavesdroppers and man-in-the-middle attacks.

Before using HTTPS, you must set up a certificate and select when to use SSL to encrypt data.

You can set the printer to use SSL either to secure web pages that use passwords or to secure all web pages.

See also:

About Certificates on page 4-3

Setting Up a Certificate on page 4-6

Configuring SSL on page 4-7

About Certificates

A certificate is an electronic message containing information about the printer and a digital signature. A certificate is stored in the printer and is used to validate the identity of the printer to clients and network servers and to allow encrypted communication.

Before configuring passwords, set up a certificate and then configure SSL to encrypt data including passwords for maximum security. You can set up a self-signed certificate or download a root-signed certificate, depending on your requirements.

See also:

Self-Signed Certificates on page 4-3

Root-Signed Certificates on page 4-4

Self-Signed Certificates

Setting up a self-signed certificate is a quick and easy way to establish a certificate on the printer. The printer automatically generates a default self-signed certificate when the printer is turned on for the first time. To modify the certificate so it is specific to your printer, use

CentreWare IS to enter information about the location of the printer.

While self-signed certificates are safe for most applications and allow data encryption, they do not ensure valid authentication. Self-signed certificates are not necessarily secure because the certificate owner is only confirming his own identify instead of verification by a trusted third party. Although self-signed certificates encrypt the data that is exchanged, they do not prevent man-in-the-middle attacks.

System Administrator Guide

4-3

Basic Concepts

If you want to use HTTPS, each printer must have a unique certificate that is accepted by each browser used to access the printer. This allows the printer web server to use HTTPS and encrypt data between the web browser and the printer. In addition, because each printer’s certificate is unique, you must load a different certificate into the browser for each printer the browser will access.

Root-Signed Certificates

Root-signed certificates are from a trusted Certificate Authority (CA). Using a certificate signed by a CA enables you to load one certificate into each browser, allowing access to all printers. Certificates from a trusted third party are considered more secure than self-signed certificates. Unlike self-signed certificates, root-signed certificates are not susceptible to man-in-the-middle attacks.

See also:

Setting Up a Certificate on page 4-6

Configuring SSL on page 4-7

About Access Control Lists

Access control lists enable you to limit access to devices, as well as device configuration and management features. By default, access control lists are unrestricted, which means all computers and host systems are allowed access.

The printer has five access control lists that may be configured using CWIS:

Print Host Access List : The computers from which users can print. For information on

setting up the Print Host Access List, see Configuring the Print Host Access List on page 4-9.

Color Access Control : A 4-digit numeric password is required in order for users to print in color.

Administrator Access List : The computers from which you can change printer settings.

For information on setting up the Administrator Access List, see

Configuring

Administrator and Key User Settings on page 4-8.

Key User Access List : The computers from which key users can change printer settings.

For information on setting up the Key User Access List, see Configuring Administrator and Key User Settings on page 4-8.

SNMP Access List : The host machines that are authorized to access the printer using

SNMP. For information on setting up the SNMP Access List, see Configuring the SNMP

Access Control List on page 4-22.

System Administrator Guide

4-4

Securing the Printer in a High Security Environment

Securing the Printer in a High Security

Environment

If you are concerned about the security of your printer in a high security environment, such as a college or printing kiosk, you can configure settings in CentreWare IS to “lockdown” or fully secure the printer. If you are not concerned about the security of your printer, you may only need to set up a certificate and then configure SSL to encrypt data including passwords.

To fully secure a printer:

1.

Set up a certificate. (See Setting Up a Certificate on page 4-6.)

2.

Select when to use SSL. (See Configuring SSL on page 4-7.)

Note: The following steps may be completed in any order.

3.

Select the Administrator and Key User Settings. (See Configuring Administrator and Key

User Settings on page 4-8.)

Note: To prevent users from changing settings, clear the Modify Configuration Web

Pages check box. To prevent users from viewing settings, clear the View Configuration

Web Pages check box.

4.

Set up the Print Host Access List. (See

Configuring the Print Host Access List on page 4-9.)

5.

Set up the removal of Unprinted Personal, Secure, and Proof Print Jobs. (See Selecting the

Automatic Removal of Secure, Personal, and Proof Jobs Option on page 4-12.)

6.

Select the Hard Drive Overwrite

option. (See Securing the Hard Drive on page 4-11.)

7.

Select the Jam Recovery

option. (See Jam Recovery on page 5-3.)

8.

Lock the control panel menus. (See

Locking the Control Panel Menus on page 4-16.)

9.

Configure SNMP. (See Configuring SNMP on page 4-17.)

10.

Disable unused protocols. (See Protocol Control on page 3-6.)

11.

Disable Job Accounting

. (See To Enable or Disable Job Accounting on page 3-3.)

Note: To secure protocols, disable any protocols you are not using. This prevents unauthorized access through applications that use these protocols. For example, if you want to use IPP for a secure printing channel, disable the other printing protocols,

Port 9100 and LPR. Disabling some protocols also disables some printer functions, such as printer discovery and PrintingScout.

System Administrator Guide

4-5

Setting Up a Certificate

Setting Up a Certificate

To modify a self-signed certificate so it is specific to your printer or to install a downloaded root-signed certificate on the printer:

1.

Launch your web browser.

2.

Enter your printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Security folder on the left navigation panel.

5.

Select SSL .

6.

If prompted, enter your Admin or Key User name and password.

The Current State field displays the current state of the printer. Possible values include:

A Digital Certificate is not established on this machine . This state displays if an error occurred when the certificate was created.

A Self-Signed Certificate is established on this machine . The printer creates a

Self-Signed Certificate by default.

A CSR has been created, and can be accessed through the following location. This allows the administrator to access the Certificate Signing Request, or click Install

Signed Certificate to upload a signed certificate to the printer. This state displays after a CSR is generated, and before a signed certificate is installed.

A Digital Certificate has been installed on this machine . This state displays after a

Signed Digital Certificate is installed.

7.

Click the Create Certificate button.

8.

Do one of the following:

To modify a Self-signed Digital Certificate, select Self-Signed Certificate .

To install a Signed Digital Certificate that includes a private key from a trusted

Certificate Authority (CA), select Install downloaded Certificate .

9.

Click the Next button.

10.

Do one of the following:

If you selected Self-Signed Certificate , enter the appropriate information in the fields, and then click the Finish button to save the settings. For more information, including a description of the fields, click the Help button in CentreWare IS to view the online help.

If you selected Install Downloaded Certificate , click the Browse button to select the certificate from the PC’s hard drive, and then click the Finish button to validate and install the certificate. Once the certificate is installed, the main SSL page displays.

See also:

About Certificates on page 4-3

System Administrator Guide

4-6

Configuring SSL

Configuring SSL

Once a certificate is set up, you can select when to use SSL to secure the connection between the printer and the server.

Note: You can restrict user access to SSL pages in CentreWare IS. For more information, see

Configuring Administrator and Key User Settings on page 4-8.

To configure SSL:

1.

Launch your web browser.

2.

Enter your printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Security folder on the left navigation panel.

5.

Select SSL .

6.

If prompted, enter your Admin or Key User name and password.

7.

In the Use SSL box, select one of the following options:

Never (the default): SSL authentication is not required.

To Secure Passwords : Secures web pages that use passwords. A certificate must exist on the printer before you can use this setting.

■ To Secure Pages and Passwords

8.

Click the Save Changes button.

: Secures all web pages.

See also:

Setting Up a Certificate on page 4-6

System Administrator Guide

4-7

Configuring Administrator and Key User Settings

Configuring Administrator and Key User Settings

To prevent unauthorized changes to printer settings:

1.

Launch your web browser.

2.

Enter your printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Security folder on the left navigation panel.

5.

Select Administrative Security Settings .

6.

If prompted, enter your Admin or Key User name and password.

7.

In the Administrator Settings box, do one or both of the following:

In the Host Access List field, enter the IP addresses or host names of the computers allowed to change printer settings. Separate entries with a blank or a comma, specify ranges with a hyphen (-), and use an asterisk (*) to represent a group of numbers

(e.g., 13.62.156.*). The default setting is Unrestricted , which allows all users to change printer settings.

In the User Name and Password fields, enter your user name and password (up to 10 alphanumeric characters). In Verify Password , re-enter the password. The user name and password should be kept secure.

8.

Repeat Step 7 in the Key User box. When entering the user name and password, enter the user name and password for key users.

Note: If you want to use the Key User account, you must configure an Administrator account. If the Administrator account is empty, then Any User has the same permissions as the Administrator user.

9.

In the Feature Authorization Settings box, select the check boxes next to the settings you want to enable for each type of user. Clear the check boxes next to the settings you want to prevent users from changing. The administrator has full rights and access to all functions.

Any User may not have greater access to a function than the Key User.

Note: If you want to prevent users in the Key User or Any User classes from using

CentreWare IS to change printer settings, clear the Modify Configuration Web Pages check box. If you want to prevent users in the Key User or Any User classes from viewing

CentreWare IS pages that control printer settings, clear the View Configuration Web

Pages check box.

10.

Click the Save Changes button.

See also:

About Admin and Key User Accounts on page 4-2

System Administrator Guide

4-8

Configuring the Print Host Access List

Configuring the Print Host Access List

To prevent unauthorized printing to your printer:

1.

Launch your web browser.

2.

Enter your printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Security folder on the left navigation panel.

5.

Select Printing Security Settings .

6.

If prompted, enter your Admin or Key User name and password.

7.

Enter the IP addresses or host names of the computers allowed printing access in the Host

Access List field. Separate entries with a blank or a comma, specify ranges with a hyphen (-), and use an asterisk (*) to represent a group of numbers (e.g., 13.62.156.*). The default setting is Unrestricted , which allows all users to access the printer to print their jobs.

8.

Click the Save Changes button.

See also:

About Access Control Lists on page 4-4

System Administrator Guide

4-9

Controlling Access to Color Printing

Controlling Access to Color Printing

To control the user’s access to color printing, you can require the use of a 4-digit numeric password to print in color.

To require a password:

1.

Launch your web browser.

2.

Enter your printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Security folder on the left navigation panel.

5.

Select Printing Security Settings .

6.

Enter a 4-digit numeric password in the Color Permission PIN field.

7.

Click the Save Changes button.

Note: You will not be able to use the TekColor tab until you enter a numeric password in the driver.

To enter a password in the driver:

1.

Access the driver.

Note: Usually you access the driver by clicking Print in your application, and then clicking Properties .

2.

On the Layout tab, click the Advanced button.

3.

In the Color Access field, enter the numeric password.

4.

The TekColor tab is now available for use and the user can print in color.

System Administrator Guide

4-10

Securing the Hard Drive

Securing the Hard Drive

This section includes:

Selecting the Hard Drive Overwrite Security Option on page 4-11

Selecting the Automatic Removal of Secure, Personal, and Proof Jobs Option on page 4-12

Selecting the Hard Drive Overwrite Security Option

When a file is deleted from the printer’s hard drive, only the file name is deleted; the data in the file remains on the hard drive, regardless of the operating system. An unauthorized person could, possibly, retrieve the data in the file that was deleted.

Printers with a hard drive have a Hard Drive Overwrite Security option. This option overwrites the data stored on the hard drive of a file marked for deletion using DOD5200.28-M, a U.S.

Department of Defense three-pass overwriting process: first with a pattern of 0’s, next with a pattern of 1’s, and finally with a random pattern of bits. This is done before the file’s directory entry is removed and the storage space on the hard drive is marked as available for reuse. The random pattern of bits stays on the hard drive until it is overwritten by another file.

By default, the Hard Drive Overwrite Security option is disabled. To select the Hard Drive

Overwrite Security option, you can use one of the following methods:

The printer’s control panel.

CentreWare IS

Using the Control Panel

To select the automatic removal of secure, personal, and proof print files from the hard drive:

1.

On the control panel, select Printer Setup , and then press the OK button.

2.

Select File Security , and then press the OK button.

Note: If File Security is locked on the control panel, use CentreWare IS to select the Hard

Drive Overwrite Security option.

3.

To remove all secure, personal, and proof print job files: a.

Select Overwrite Removals , and then press the OK button to select On or Off .

Note: Remove Job Files does not remove saved or protected print job files.

System Administrator Guide

4-11

Securing the Hard Drive

Using CentreWare IS

To select the Hard Drive Overwrite Security option:

1.

Launch your web browser.

2.

Enter the printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Security folder on the left navigation panel.

5.

Select Printing Security Settings .

6.

If prompted, enter your Admin or Key User name and password.

7.

Under Hard Drive Overwrite Security Options , select one of the following options:

Never overwrite files/jobs : Disables the printer’s overwrite feature.

Always overwrite when deleting files/jobs : Sets the printer to always overwrite the files on the hard drive when they are deleted.

8.

Click the Save Changes button.

Selecting the Automatic Removal of Secure, Personal, and

Proof Jobs Option

The printer enables you to store secure, personal, and proof jobs on the hard drive and then print them later. You can choose how long these jobs remain on the hard drive. This feature is useful when someone:

Forgets about an unprinted secure, personal, or proof job that was stored on the hard drive.

Sends a secure job to the printer, but does not walk to the printer to print the job.

Stores a proof job, prints it once, and then forgets to delete it.

To set the automatic removal of secure, personal, and proof print files from the hard drive, use one of the following methods:

The printer’s control panel

CentreWare IS

Using the Control Panel

To select the automatic removal of secure, personal, and proof print files from the hard drive:

1.

On the control panel, select Printer Setup , and then press the OK button.

2.

Select File Security , and then press the OK button.

Note: If File Security is locked on the control panel, use CentreWare IS to select the Hard

Drive Overwrite Security option.

3.

To remove all secure, personal, and proof print job files: a.

Select Overwrite Removals , and then press the OK button to select On or Off .

Note: Remove Job Files does not remove saved or protected print job files.

System Administrator Guide

4-12

Securing the Hard Drive

4.

To remove all secure, personal, and proof print files every day at a set time: a.

Select Daily Removal , and then press the OK button to select On or Off .

b.

Select Remove At HH:MM , and then press the OK button. c.

Enter the hour, and then press the OK button.

d.

Enter the minute, and then press the OK button.

5.

To remove all secure, personal, and proof print files after the files are a certain age or older: a.

Select Age-based Removal , and then press the OK button to select On or Off .

b.

If you selected On , select Remove At Age , and then press the OK button.

c.

Enter 1 to 999 hours, and then press the OK button.

Note: To reset all items in the File Security menu to their default values, select Reset File

Security .

Using CentreWare IS

To select the automatic removal of secure, personal, and proof print files from the hard drive:

1.

Launch your web browser.

2.

Enter the printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Security folder on the left navigation panel.

5.

Select Printing Security Settings .

6.

If prompted, enter your Admin or Key User name and password.

7.

Under Remove Unprinted Personal , Secure and Proof Jobs , select one or more of the following options:

Upon Save Changes : All personal, secure, and proof jobs are removed when you click the Save Changes button.

At this time each day (24hr) : All unprinted personal, secure, and proof jobs are removed at this time each day.

When jobs are : All unprinted, personal, secure, and proof jobs are removed when they are this age or older.

Note: Files deleted using one of these options are overwritten if the Hard Drive Overwrite

Security option has been enabled. For more information, see Selecting the Hard Drive

Overwrite Security Option on page 4-11.

8.

Click the Save Changes button.

System Administrator Guide

4-13

802.1X Configuration

802.1X Configuration

Introduction to 802.1X and EAP

The 802.1X IEEE standard defines port-based, authenticated network access control for

Ethernet local area networks (LANs). With 802.1X, the user or device must pass network access control by successfully authenticating with credentials, such as a name and password, or network access is denied. 802.1X uses the Extensible Authentication Protocol (EAP) to relay port access requests between LAN stations/the clients being authenticated (supplicants),

Ethernet switches or wireless access points (authenticators) and RADIUS servers

(authentication servers).

EAP is the standard authentication mechanism carried over 802.1X. The EAP method is an inner authentication protocol that provides the secure mechanism for the authentication exchange. Multiple EAP methods can be used. EAP methods are defined in International

Engineering Task Force (IETF) Requests for Comments (RFC) documents, RFC drafts, or they can be proprietary. EAP methods have a significant influence on how your network is designed and implemented, because not all supplicants, not all access points, and not all

RADIUS servers support all EAP methods. A careful evaluation of standards can help with selecting appropriate LAN components that will avoid vendor lock-in or dead-end technology.

802.1X Configuration in CentreWare IS

Use the 802.1X configuration pages in CentreWare IS to perform the following tasks.

Required information varies depending on the EAP method(s) that you select.

Note: Access to the 802.1x configuration pages in CentreWare IS can be restricted by the passwords and feature authorization settings under Administrative Security.

1.

Launch your web browser.

2.

Enter the printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Open the Security folder on the left navigation panel and select 802.1X

.

5.

Click the Advanced button for more experienced users or click the Configuration

Wizard button which will guide you through the setup.

For more information, click the Help button in CentreWare IS to view the online help.

6.

Select EAP authentication method(s) – Select one or more authentication methods:

MD5 Challenge

TLS

PEAP-MS-CHAPv2 (PEAP)

If you selected a method that uses X.509 security certificates ( TLS or PEAP ), you can use use a root certificate to validate the authenticating server's certificate.

If you have selected

TLS

authentication, you must either install a signed device certificate that is trusted by the authenticating server, or add the device's self-signed certificate to the authenticating server's trusted certificate store.

System Administrator Guide

4-14

802.1X Configuration

7.

Install root certificate – If you select EAP method(s) that require a root certificate, you can:

Install a new root certificate.

Use the already existing root certificate.

Choose not to validate server.

8.

Install device certificate – If you select EAP method(s) that require a device certificate, you can:

Install a new device certificate.

Use the default self-signed certificate.

Use a custom self-signed certificate.

Use the already existing signed device certificate – if one exists.

9.

Enter credentials – Specify the user name and password that users must provide, if you select EAP method(s) that require credentials.

System Administrator Guide

4-15

Locking the Control Panel Menus

Locking the Control Panel Menus

To prevent others from changing settings in the printer setup menus, you can lock some of the control panel menus. This is useful when printers are located in public places, such as schools, libraries, and office/print centers.

Use CentreWare IS to lock or unlock the control panel menus:

1.

Launch your web browser.

2.

Enter your printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Security folder on the left navigation panel.

5.

Select Control Panel Lockout .

6.

If prompted, enter your Admin or Key User name and password.

7.

Select the check box of each control panel menu item you want to lock.

Note: If you lose the Admin password and Reset NVRAM is locked on the control panel, a Fee-For-Service call is required to reset the password and to enable changes to printer settings. When the password is reset, you must reconfigure the printer settings because all the stored data is deleted.

8.

Click the Save Changes button.

System Administrator Guide

4-16

Configuring SNMP

Configuring SNMP

This section includes:

Configuring SNMP for Maximum Security

Configuring SNMP v1/v2c on page 4-18

Configuring SNMP v3 on page 4-20

Configuring the SNMP Access Control List

Disabling SNMP on page 4-23

on page 4-17

on page 4-22

If you are using SNMP, you must configure it using CentreWare IS. If you are not using

SNMP, disable it to prevent unauthorized access through applications that use SNMP. For information on disabling SNMP, see

Disabling SNMP on page 4-23.

SNMP is a set of protocols designed to help manage complex networks. SNMP compliant devices store data about themselves in MIBs and return this data to the SNMP requestors. The

SNMP configuration pages provide control over SNMP security, including the methods to configure:

Administrative and Key User Accounts with privacy and authentication protocols and keys associated with each account.

SNMP user account read or read/write access.

An access control list that limits SNMP access to the printer specific hosts.

Note: The Current State field on the SNMP Configuration page identifies the SNMP enable/disable status. Possible values include SNMP v3 Enabled , SNMP v1/v2c Enabled , and All SNMP Protocols Disabled .

Configuring SNMP for Maximum Security

Note: A SSL certificate must be established on the printer to enable SNMP v3. In most cases, a certificate is automatically established when the printer is first turned on and no other action is required.

Use CentreWare IS to configure SNMP for maximum security:

1.

Launch your web browser.

2.

Enter the printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select SSL: a.

Select the Security folder on the left navigation panel, and then select SSL . b.

If prompted, enter your Admin or Key User name and password.

c.

On the SSL page, for Use SSL , select To Secure Pages and Passwords .

5.

Restrict access to the CentreWare IS SNMP and SSL pages: a.

On the Properties tab, select Security .

b.

Select Administrative Security Settings on the left navigation panel.

c.

If prompted, enter your Admin or Key User name and password.

System Administrator Guide

4-17

Configuring SNMP d.

On the Administrative Security Settings page, clear the View Configuration Web

Pages and Modify Configuration Web Pages check boxes for users who should not have access to these pages.

6.

Configure SNMP v3 by setting up the SNMP Administrative and Key User accounts: a.

Select the Protocols folder on the left navigation panel, and then select SNMP . b.

If prompted, enter your Admin or Key User name and password.

c.

On the SNMP Configuration page, click the Configure SNMP v3 button and set up the SNMP Administrative account. For more information, see

Configuring SNMP v3 on page 4-20, or click the

Help Button in CWIS help.

Configuring SNMP v1/v2c

Configuring SNMP v1/v2c Community Names

To configure SNMP v1v2c community names:

1.

Launch your web browser.

2.

Enter the printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Protocols folder on the left navigation panel.

5.

Select SNMP .

6.

If prompted, enter your Admin or Key User name and password.

7.

On the SNMP Configuration page, click the Configure SNMP v1/v2c button.

8.

To set community names for GET/SET SNMP queries and traps, enter information (up to

32 alphanumeric characters) in one or more of the following fields:

Note: These names are not displayed on this page, but are shown as a row of asterisks (*).

GET Community Name : Allows a host to perform SNMP GETS on the printer using this community name.

SET Community Name : Allows a host to perform SNMP SETS on the printer using this community name.

Trap Community Name : Allows a host to receive traps from the printer using this community name.

Note: Hosts must have these community names configured in their applications to access the printer using SNMP v1/v2c .

9.

Click the Apply button to save the changes.

System Administrator Guide

4-18

Configuring SNMP

Adding or Editing Traps for SNMP v1/v2c

To add or edit traps for SNMP v1v2c:

1.

On the SNMP Configuration page: Click the Configure SNMP v1v2c button, and then click the Configure Traps button.

The Configure Traps page lists the current Trap Destination Addresses for the SNMP protocol.

The Address column lists the Trap Destination IP address or DNS Name.

The Version/Type column lists the SNMP Trap version or Inform Request for sending to the specified trap address. SNMP Trap versions include SNMP v1 Traps, SNMP v2c Traps, and SNMP v2c Inform Requests.

The Traps column lists the types of traps to send to the Trap Destination Address.

Traps to be received include Printer Traps, Job Monitoring Traps, Cold Start, and

Authentication Traps.

2.

Do one of the following:

To add traps for SNMP v1v2c, click the Add Destination button, and then go to

Step 3.

To edit the settings for a Trap Destination Address, click the corresponding Edit button, and then go to Step 3.

To delete a Trap Destination Address, click the corresponding Delete button.

3.

To add or edit a Trap Destination IP Address, click the IP Address radio button, and then enter the IP Address in the fields.

4.

To add or edit a Trap Destination DNS Name, click the DNS Name radio button, and then enter the DNS Name in the field.

5.

For a non-standard UDP port, enter the UDP Port Number in the field.

6.

Select the SNMP trap version to send to the specified address. SNMP versions include

SNMP v1 Traps (default), SNMP v2c Traps, and SNMP v2c Inform Requests.

SNMP v1 Traps is the default.

7.

Enter the community name of the destination device in the Community Name field.

8.

For Traps to be received , select the check boxes of the different types of traps to send to the specified address. Traps to be received include Printer Traps (default), Job Monitoring

Traps, Cold Start Traps, and Authentication Traps. At least one trap type must be selected.

9.

Click the Apply button to save the changes.

System Administrator Guide

4-19

Configuring SNMP

Configuring SNMP v3

When configuring SNMP v3, you can set up:

■ Administrative, Key, Any User, and Driver accounts with Privacy and Authentication Keys associated with each account.

SNMP user read and write access.

An access control list that limits SNMP printer access to the specific hosts. See

Configuring the SNMP Access Control List on page 4-22.

To configure and enable SNMP v3:

1.

Launch your web browser.

2.

Enter the printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Protocols folder on the left navigation panel.

5.

Select SNMP .

6.

If prompted, enter your Admin or Key User name and password.

7.

On the SNMP Configuration page, click the Configure SNMP v3 button.

8.

Click the Configure Account(s) button. A series of pages display that enable you to configure SNMP v3 and the Administrative User , Key User , and Any User/Driver settings. The first page displays Administrative User account information after the account has been created.

9.

Do one of the following:

To create the Administrative User account and to enable SNMP v3, enter a user name or accept the default name admin , and then click the Create button.

To configure the Key User and other account settings, click the Next button.

To delete the Administrative User account and disable SNMP v3, click the Delete button. This also deletes all other accounts, including the Key User and Any User settings.

The Administrative User Account Settings

User Name : The Administrative User account name defined on the Configure SNMP v3:

Administrative User Account page.

Authentication Protocols: The protocol associated with the Authentication Key; selected on the Configure SNMP v3: Administrative User Account page.

Authentication Key : The Authentication Key defined on the Configure SNMP v3:

Administrative User Account page is displayed as a row of asterisks (*) here.

Privacy Protocol : The protocol associated with the Privacy Key; selected on the

Configure SNMP v3 Administrative User Account page.

Privacy Key : The Privacy Key defined on the Configure SNMP v3: Administrative

User Account page is displayed as a row of asterisks (*) here.

MIB Access : The Administrative User account's MIB access permissions, which are set to

Read/Write by default.

System Administrator Guide

4-20

Configuring SNMP

The Key User Account Settings

User Name : The Key User account name defined on the Configure SNMP v3: Key User

Account page.

Authentication Protocol : The protocol associated with the Authentication Key; selected on the Configure SNMP v3 Key User Account page.

Authentication Key : The Authentication Key defined on the Configure SNMP v3: Key

User Account page is displayed as a row of asterisks (*) here.

Privacy Protocol : The protocol associated with the Privacy Key; selected on the

Configure SNMP v3: Key User Account page.

Privacy Key : The privacy key defined on the Configure SNMP v3: Administrative User

Account page is displayed as a row of asterisks (*) here.

MIB Access

The Key User account's MIB access permissions selected on the Configure

SNMP v3: Key User Account page. MIB access for the Key User account can be set to

Read or Read/Write .

Note: SNMP Read and SNMP Write access for the Any User account must be equal to or less than the read and write access privileges set for the Key User account. Once the Key User account is created, if the Any User account is set to have read and/or write access, but the Key

User account access is not set, the Key User account is set with the same access privileges as the Any User account by default. Similarly, if the Key User account does not have SNMP

Write access, the Any User account cannot be set with write access.

The Any User/Driver Account Settings

User Name : Displays anyuser by default and cannot be changed.

MIB Access : Displays the Any User account’s MIB access permissions selected on the

Configure SNMP v3: Other Account Settings page. This can be set to Read or

Read/Write .

SNMP Read : Displays a check symbol if SNMP Read access is enabled. SNMP Read access can be enabled for the Any User account after the Key User account is created.

SNMP Write : Displays a check symbol if SNMP Write access is enabled. SNMP Write access can be enabled for the Any User account after the Key User account is created.

Driver Account Enabled : Displays a check symbol if the Driver Account is enabled

(default).

Note: If the Driver Account is disabled, it breaks communication between the printer and any applications using SNMP v3, such as Xerox printer drivers and PrintingScout. For a complete list of applications disabled, see

Disabling SNMP on page 4-23.

System Administrator Guide

4-21

Configuring SNMP

Configuring the SNMP Access Control List

To set up a list of hosts that are authorized to access the printer using SNMP:

1.

Launch your web browser.

2.

Enter your printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Protocol folder on the left navigation panel.

5.

Select SNMP .

6.

If prompted, enter your Admin or Key User name and password.

7.

Enter up to ten host IP addresses in the SNMP Access Control List field. Separate entries with a blank or a comma, specify ranges with a hyphen (-), and use an asterisk (*) to represent a group of numbers (e.g., 13.62.156.*).

8.

Click the Save Changes button.

See also:

About Access Control Lists on page 4-4

System Administrator Guide

4-22

Configuring SNMP

Disabling SNMP

If you are not using SNMP, disable it to prevent unauthorized access through applications that use these protocols. If you disable SNMP, the following driver features are also disabled:

PrintingScout alerts

Walk-Up Printing Installer

Smart Trays

PhaserSMART

Auto supplies ordering

Consumable levels

Warning and error status

Synchronization with installed options, such as hard drive, memory, and extra trays

To disable SNMP:

1.

Launch your web browser.

2.

Enter your printer’s IP address in the browser’s Address field (http://xxx.xxx.xxx.xxx).

3.

Click Properties .

4.

Select the Protocols folder on the left navigation panel.

5.

Select SNMP .

6.

If prompted, enter your Admin or Key User name and password.

7.

Click the Disable SNMP Now button.

8.

Click the Save Changes button.

System Administrator Guide

4-23

advertisement

Key Features

  • Fast print speeds up to 30 ppm in color and 35 ppm in black and white
  • High-quality output with a resolution of up to 1200 x 1200 dpi
  • Versatile paper handling with a standard input capacity of 250 sheets and a maximum capacity of 850 sheets
  • Easy-to-use control panel with a 4.3-inch color touchscreen
  • A variety of connectivity options including Ethernet, USB, and Wi-Fi
  • Energy Star certified for energy efficiency

Related manuals

Frequently Answers and Questions

What is the maximum paper capacity of the Xerox 8560?
The maximum paper capacity of the Xerox 8560 is 850 sheets.
What is the print resolution of the Xerox 8560?
The print resolution of the Xerox 8560 is up to 1200 x 1200 dpi.
What is the fastest print speed of the Xerox 8560?
The fastest print speed of the Xerox 8560 is 30 ppm in color and 35 ppm in black and white.

advertisement

Table of contents