Security

Hi,

I have a wireless printer that supports 802.1x authentication.

I am just wondering what is the best way to go about connecting a wireless printer to a secured SSID?

I was thinking about creating a local user account on the CPPM and use the MAC address of the printer as both the user name and password. Then build out the appropriate rules under the services.

I was also reading that MAC auth. is an option. However, I am honestly drawing a complete blank as to what I would need to modify to get this working.

Any suggestions?

Cheers

I am not sure about this whether it will work or not.

but if you have a lab you can give a try for this.

First in controller create one mac auth profile and use CPPM as authentication server. remember to disable the termination in controller.

In CPPM create one service with 802.1x auth and use local db as auth source.

In local db use mac id of the device as both [user+password]

Thanks for the reply.

I will have to take the time to test it out.

I remember playing around with MAC auth. a long time ago but I can't remember if MAC auth. can be combined with used and machine auth. I can't remember how those settings affect the function of the SSID.

I will have to setup a test SSID to see and refresh my memory.

Cheers

Can you please share the details about this printer (model etc)? MANY people are waiting for an 802.1X-enabled printer.

Absolutely!

Is 802.1x something that isn't very common in the wireless printer world? I haven't yet had to deal with to many of them.

Printer: Brother HL-5470DW

Here is a shot of the wireless security interface:

Cheers

Thanks for the info. Wireless printers with 802.1X support are very rare.

There are many with wired support though.

It's the least I can do!

Interesting. I didn't realize that. I sort of took this one having it for granted.

I'll do some testing with it and see how well it works.

Cheers

I got it all connected up today.

I elected to use a local account on the CPPM and use the MAC as the user name and password.

Not sure if this is the best way to go. But for now it seems to be working well. Suggestions are welcome :D

The behavior of the printer is kind of cool. Upon either a sucessful or failed attempt to connect to the wireless the printer spits out a small message reporting the status.

Here is a screenshot of it profiled

Cheers

This is fantastic info...thanks so much for sharing! I have some Epson receipt printers we're using in a pilot project for Mobile Point-of-Sale (MPOS) with iPods for the registers. The Epson documentation says it will support certs, but it looks painful. We use wired 802.1x with MacAuth fallback and when I just looked at our IAP settings it appears there are a couple checkboxes for MAC Authentication: "Perform MAC authentication before 802.1X" and "MAC authentication fail-thru." Can you describe or even provide screenshots of the security settings for the SSID where you were able to get this working?

You can do 802.1X with MAC auth. So fast it will perform MAC auth then .1X , In IAP nothing much to do. Just you have to create one SSID with your required auth method.

Go through the below scrnsht, may this help you.

---

@Swack wrote:

when I just looked at our IAP settings it appears there are a couple checkboxes for MAC Authentication: "Perform MAC authentication before 802.1X" and "MAC authentication fail-thru." Can you describe or even provide screenshots of the security settings for the SSID where you were able to get this working?

---

not sure what your expectations are but if you looking to reproduce wired dot1x with MAC auth failback on wireless that won't be possible. the IAP option provides MAC before dot1x and if MAC fails you can still get access. but to fail dot1x and still get access based on MAC auth on wireless isn't possible.