Security

Reply
Super Contributor II
Posts: 383
Registered: ‎09-05-2012

Wireless Printer and 802.1x

Hi,

 

I have a wireless printer that supports 802.1x authentication.

 

I am just wondering what is the best way to go about connecting a wireless printer to a secured SSID?

 

I was thinking about creating a local user account on the CPPM and use the MAC address of the printer as both the user name and password. Then build out the appropriate rules under the services.

 

I was also reading that MAC auth. is an option. However, I am honestly drawing a complete blank as to what I would need to modify to get this working.

 

Any suggestions?

 

Cheers

Regular Contributor II
Posts: 225
Registered: ‎10-29-2014

Re: Wireless Printer and 802.1x

[ Edited ]

I am not sure about this whether it will work or not.

but if you have a lab you can give a try for this.

 

First in controller create one mac auth profile and use CPPM as authentication server. remember to disable the termination in controller.

 

In CPPM create one service with 802.1x auth and use local db as auth source.

 

In local db use mac id of the device as both [user+password]

HTH
Cheers
SumaN
Super Contributor II
Posts: 383
Registered: ‎09-05-2012

Re: Wireless Printer and 802.1x

Thanks for the reply.

 

I will have to take the time to test it out.

 

I remember playing around with MAC auth. a long time ago but I can't remember if MAC auth. can be combined with used and machine auth. I can't remember how those settings affect the function of the SSID.

 

I will have to setup a test SSID to see and refresh my memory.

 

Cheers

Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Wireless Printer and 802.1x

Can you please share the details about this printer (model etc)? MANY people are waiting for an 802.1X-enabled printer.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II
Posts: 383
Registered: ‎09-05-2012

Re: Wireless Printer and 802.1x

Absolutely!

Is 802.1x something that isn't very common in the wireless printer world? I haven't yet had to deal with to many of them.

 

Printer: Brother HL-5470DW

 

Here is a shot of the wireless security interface:

Printer_001.png

 

Cheers

Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Wireless Printer and 802.1x

Thanks for the info. Wireless printers with 802.1X support are very rare.

 

There are many with wired support though.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II
Posts: 383
Registered: ‎09-05-2012

Re: Wireless Printer and 802.1x

It's the least I can do!

 

Interesting. I didn't realize that. I sort of took this one having it for granted.

 

I'll do some testing with it and see how well it works.

 

Cheers

 

 

Super Contributor II
Posts: 383
Registered: ‎09-05-2012

Re: Wireless Printer and 802.1x

I got it all connected up today.

I elected to use a local account on the CPPM and use the MAC as the user name and password.

Not sure if this is the best way to go. But for now it seems to be working well. Suggestions are welcome :D

 

The behavior of the printer is kind of cool. Upon either a sucessful or failed attempt to connect to the wireless the printer spits out a small message reporting the status.

 

Here is a screenshot of it profiled

Printer_002.png

 

Cheers

Frequent Contributor I
Posts: 69
Registered: ‎05-06-2013

Re: Wireless Printer and 802.1x

This is fantastic info...thanks so much for sharing! I have some Epson receipt printers we're using in a pilot project for Mobile Point-of-Sale (MPOS) with iPods for the registers. The Epson documentation says it will support certs, but it looks painful. We use wired 802.1x with MacAuth fallback and when I just looked at our IAP settings it appears there are a couple checkboxes for MAC Authentication: "Perform MAC authentication before 802.1X" and "MAC authentication fail-thru." Can you describe or even provide screenshots of the security settings for the SSID where you were able to get this working?

Regular Contributor II
Posts: 225
Registered: ‎10-29-2014

Re: Wireless Printer and 802.1x

You can do 802.1X with MAC auth. So fast it will perform MAC auth then .1X , In IAP nothing much to do. Just you have to create one SSID with your required auth method.

Go through the below scrnsht, may this help you.

mac+802.1X.jpg

HTH
Cheers
SumaN
Search Airheads
Showing results for 
Search instead for 
Did you mean: