Zebra Mobile Printer, Microsoft IAS, Cisco Controller TLS and WPA-TLS, Zebra Setup Utility

Similar documents
Zebra Setup Utility, Zebra Mobile Printer, Microsoft NPS, Cisco Controller, PEAP and WPA-PEAP

Zebra Mobile Printer, Zebra Setup Utility, Cisco ACS, Cisco Controller PEAP and WPA-PEAP

Zebra Setup Utility, Zebra Mobile Printer, Microsoft IAS, Cisco Access Point, PEAP and WPA-PEAP

Zebra Setup Utility, Zebra Mobile Printer, IAS, Symbol / Motorola Access point, PEAP and WPA-PEAP

Zebra Setup Utility, Zebra Mobile Printer, Microsoft NPS, Cisco Access Point, PEAP and WPA-PEAP

Zebra Setup Utility, Zebra Mobile Printer, NPS, Symbol / Motorola Access point, PEAP and WPA-PEAP

Zebra Setup Utility, Zebra Mobile Printer, Cisco ACS, Cisco Access Point, EAP-FAST, WPA-EAP-FAST

Using EAP-TTLS and WPA EAP-TTLS Authentication Security on a Wireless Zebra Tabletop Printer

WPA - Setup for the Wireless Printers

Using PEAP and WPA PEAP Authentication Security on a Zebra Wireless Tabletop Printer

Configuring 802.1X Settings on the WAP351

802.1x Radius Setup Guide Working AirLive AP with Win X Radius Server

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

802.1x Port Based Authentication

Understanding ACS 5.4 Configuration

Configuring EAP for Wireless Network Connectivity By Victor Zapata

Internet access system through the Wireless Network of the University of Bologna (last update )

LAB: Configuring LEAP. Learning Objectives

Intelligent IP-Enabled Access Control Solutions

Secure ACS for Windows v3.2 With EAP TLS Machine Authentication

MCSA Guide to Networking with Windows Server 2016, Exam

Configuring the Client Adapter through Windows CE.NET

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

Authentication and Security: IEEE 802.1x and protocols EAP based

Table of Contents. Why doesn t the phone pass 802.1X authentication?... 16

Wired Dot1x Version 1.05 Configuration Guide

Securing Wireless LANs with Certificate Services

AmbiCom WL11-SD Wireless LAN SD Card. User Manual

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Reference Card: How to connect Windows 7 to UniWireless

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

Remote Support Security Provider Integration: RADIUS Server

Secure Access Configuration Guide For Wireless Clients

Configuring the Client Adapter through the Windows XP Operating System

Owner of the content within this article is Written by Marc Grote

Network. NEC Portable Projector NP905/NP901W WPA Setting Guide. Security WPA. Supported Authentication Method WPA-PSK WPA-EAP WPA2-PSK WPA2-EAP

Application Example (Standalone EAP)

Configuring the Client Adapter through the Windows XP Operating System

How to Configure SSL Interception in the Firewall

Wireless for Windows 7

Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya

Implementing Security in Windows 2003 Network (70-299)

Troubleshooting CHAPTER

About 802.1X... 3 Yealink IP Phones Compatible with 802.1X... 3 Configuring 802.1X Settings... 5 Configuring 802.1X using configuration files...

Security Provider Integration RADIUS Server

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

APP NOTES Onsight Rugged Smart Camera Wireless Network Configuration

Internet Access: Wireless WVU.Encrypted Network Connecting a Windows 7 Device

Managing Certificates

Wireless-N. User Guide. USB Network Adapter WUSB300N WIRELESS. Model No.

Managing Certificates

Cisco Exam Questions & Answers

NetMotion Integration with GreenRADIUS - Quick Start Guide

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

Eduroam Wireless Network Configuration (Mac OS X)

Manually Configuring Windows 7 for Wireless PittNet

Protected EAP (PEAP) Application Note

For my installation, I created a VMware virtual machine with 128 MB of ram and a.1 GB hard drive (102 MB).

Configuring the Cisco VPN 3000 Concentrator with MS RADIUS

IMPORTANT INFORMATION FOR CURTIN WIRELESS ACCESS - STUDENT / WINDOWS XP -

NE-2277 Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services

802.1X Environment Establishment and Telephone Set Configuration Description

Cisco Exam Questions & Answers

GHz g. Wireless A+G. User Guide. Notebook Adapter. Dual-Band. Dual-Band WPC55AG a. A Division of Cisco Systems, Inc.

How to configure a Point-to-Point link

Light Mesh AP. User s Guide. 2009/2/20 v1.0 draft

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter. User Guide WIRELESS WUSB54G. Model No.

The table below lists the protocols supported by Yealink SIP IP phones with different versions.

How to configure a Point-to-Multipoint link

Implementing Network Admission Control

Manually Configuring Windows 8 for Wireless PittNet

Lab Configuring LEAP/EAP using Cisco Secure ACS (OPTIONAL)

User Databases. ACS Internal Database CHAPTER

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

How to manage the X.509 Certificates in RUGGEDCOM WIN BS and CPEs Software Version 4.3 RUGGEDCOM WIN FAQ 10/2014

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

A Division of Cisco Systems, Inc. GHz g. Wireless-G. PCI Adapter with SRX 400. User Guide WIRELESS WMP54GX4. Model No.

Layer 2 authentication on VoIP phones (802.1x)

Figure 35: Active Directory Screen 6. Select the Group Policy tab, choose Default Domain Policy then click Edit.

Connecting to the NJITSecure wireless network.

Buna ISD Secure Wireless CougarNet+

A Division of Cisco Systems, Inc. GHz 2, g. Wireless-G. User Guide. PCI Adapter WIRELESS. with SpeedBooster WMP54GS (EU/UK/LA) Model No.

IT Quick Reference Guides Connecting to SU-Secure using Windows 8

Document ID: Contents. Introduction. Prerequisites. Requirements. Components Used. Conventions. Background Information.

Network Access Flows APPENDIXB

What can I do in the settings menu of my WL-330 (which settings are there and what can I change)?

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

RADIUS Authentication and Authorization Technical Note

Manage Administrators and Admin Access Policies

Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3

Implementation Guide for protecting. SonicWall Security Appliances. with. BlackShield ID

Configuring SSL. SSL Overview CHAPTER

Configuring 802.1X Authentication Client for Windows 8

Guide to Configuring eduroam Using the Aruba Wireless Controller and ClearPass RADIUS

TippingPoint Best Practice Guide. RADIUS PEAP Configuration for IPS Devices and Cisco ACS. Version:

Installing the Client Adapter

NCR. Wi-Fi Setup Assistant. User guide

Configure 802.1x - PEAP with FreeRadius and WLC 8.3

Configuring Settings on the Cisco Unified Wireless IP Phone

Transcription:

Zebra Mobile Printer, Microsoft IAS, Cisco Controller TLS and WPA-TLS, Zebra Setup Utility This section of the document illustrates the Microsoft Internet Authentication Service and how TLS and WPA-TLS was configured on this server. This document is meant as an illustration only. Questions on the setup of IAS should be directed to Microsoft. It should be Microsoft that is used to determine if the illustration below is appropriate for your environment. It is important to note that the setup on the IAS server did not differ when using WPA-TLS or TLS. The first series of screenshots shows how a Radius client is added to IAS. In the screenshot below a Cisco controller with the IP address of 10.3.50.50 is added. The IAS server needs to have a client in the clients table to ensure that authentication requests are only being received from valid clients. A secret key is entered on the IAS server. This secret key needs to match the secret key on the radius client ( in this example the Cisco controller).

A Remote access policy is included in the IAS server. The following screenshots illustrate how a remote policy is added.

In the next few screenshots I have illustrated how a policy can be added.

The example that is provided illustrates TLS and WPA-TLS

The next series of screenshots shows how one is able to add a user in the active directory. The username and password that is added in the active directory is the same username and password that is added on the printer.

The following screenshot shows how the properties of the user is modified to grant dial-in permission.

The event log on the IAS server can be used for troubleshooting purposes.

There are three certificates needed for TLS authentication. These certificates are obtained from the IAS server and will be placed onto the printer. In this illustration, I am using a web browser on the IAS server to obtain these certificates. Below is how I obtained the root certificate.

This is how I obtained the client(user certificate and corresponding private key.

In my example I am not using a private key password

You should now have three certificate files. The root certificate, the client or user certificate and the private key for the client. Example below. The printer requires certificates to be in the PEM format. The certificates shown above need to be converted into the PEM format. This is an example of PEM format -----BEGIN CERTIFICATE----- MIIEdDCCA1ygAwIBAgIQXkycNtooCY9Dan4qroszcDANBgkqhkiG9w0BAQUFADAw

MSAwHgYKCZImiZPyLGQBGRYQMjAwM1NlcnZlckRvbWFpbjEMMAoGA1UEAxMDSUFT MB4XDTA5MDkwMjIwMjUwMloXDTE0MDkwMjIwMjUwMlowMDEgMB4GCgmSJomT8ixk ARkWEDIwMDNTZXJ2ZXJEb21haW4xDDAKBgNVBAMTA0lBUzCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAI87TCa3RHsp/yeJfOp8hrYDnj3EOcdyz58CfSbL qdepyqu1xrrbdjfckb+5frjvjeudi0/e3r2/ymnfv7sjt5ly6bhvjgfdluumm2ir CJ+YIWX0CiPe1YQbp4mrnmHX6cr+RwEOU25tB+X4VyRnCRkAAsbszvHw7S7BDL2P 9ILtYPBt5f2slXWqbJwlUnpDmkm4JFHkex4x4ekWdaQBr+VwhZi8Hi2TouBtJVfj jmur0j8ngzdu0fngqh/jc+aiy8moisjawohwhfjpmrjpi//t+x3my4cpuhgscnpo knudv+h2aqesep+xlxeibewofkwrtsgdklifgjzpoxs7usmcaweaaaocaygwggge MAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSV3+v3e3V2 bwcqr2kdj/nqfrtu8jccaqoga1udhwscaqewgf4wgfuggfiggfwggbvszgfwoi8v L0NOPUlBUyg0KSxDTj1MYWIyMDAzU2VydmVyLENOPUNEUCxDTj1QdWJsaWMlMjBL ZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPTIw MDNTZXJ2ZXJEb21haW4/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29i amvjdensyxnzpwnsterpc3ryawj1dglvblbvaw50hjtodhrwoi8vbgfimjawm3nl cnzlci4ymdazc2vydmvyzg9tywlul0nlcnrfbnjvbgwvsuftkdqplmnybdasbgkr BgEEAYI3FQEEBQIDBAAEMCMGCSsGAQQBgjcVAgQWBBQ+SW/Qioe4qllHBvPIxmKu cpybljanbgkqhkig9w0baqufaaocaqeazffdsgopmajsdcgujcaqaruxi3homb4a W8yZgSAq1ecYuN4wSy1daOSkoI6GJJYhZENqmdklAPlzzBZ2ezbKHfR1NJvXKCOu Byi4jZZlpWwduWhIQf9P+9bahKSQg0RHPyNu3se8zxTdWfTv738cKBnuFOJaz6Z8 Gr3qtDzfmWnywAG3rp2/LNEdq0nTgiI76ugG148DjtAukjsruVQf7/QBCUwJuJEU mlgsjvhnypbdmj8ojm2/6nln3bij2ohhqxjfyrxf8jiz4tyi+bb26/usethjea+d f8vnk5ll27watr3ftcz3kupehagdfute3y/bh/eenkkquixoju1aqq== -----END CERTIFICATE----- This is an example of the private key in PEM format. -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDDu0oOlA3LtI26ubm9dc0OYLJ+bs+rzfvYI4r5iE2nbdy/Q4ZJ PQMHuiuhv91Dl8KM6D24HLOltxnIMbPGLI6AQgAAGne9GJlwjZ4xvpk3whJYVrWw kegflsxt79vx74cyumsk2yn0ksgdyb4rimlxxyk6xxbr0/nsqpk0yz7irwidaqab AoGBAKjU2nJsvuGhYkdYgKCuBiyKuCxaxQM68CtlrTDEo8bx+uF4C1MNL5nwukYR S3hMZWJJyUMQbt1YbQLD7H/aWydAmt+oMbAMRpzyVvjhf+vN36s2XsjfD/Hx02MP X+xSuoKuVWv2x5AbQO/xGrmPyp+Pbgv2rUrRa0IB+V5ZmZnBAkEA4F+ui2pkNWsn ntibgur9ji5abbcb1phz9g98xu8ijae/k9efwmw0qgpgsnbs2jqdgg6tg+twfgda TzWRNOKHlwJBAN9SFPPhENaLCJPYoQSvqJQUbKt3y4bYVgnZHcG3eEsz0zO/mFWc XtRIGdfvwQaelOtnUjzX6a9hVYB9vyIJUNECQQCehvvrxN/IXk1ACWB+f7G2I0oA 9hTFRDNLhuXCKGEBjvejIlXeI72Ya2pGx4FxRCJrwMcXzeECiXEGhfJySxtBAkAe par78cv9qlxi8zykjnvy29qnlekgnc4ws7npemlm7pvr5d3igtibrmldxef+iiqo SH7gGj/V8GTq3FX9NYoBAkEAmnH326NyghQVwg1JFUHN6U2a49UM94k7HS689xM+ emetcg2r85lyjg/meiehgpmjjvw35p9dz0ocf7wl/muxgg== -----END RSA PRIVATE KEY----- The tools that I will illustrate the conversion are openssl.exe ( http://www.openssl.org ) and pvk.exe (http://www.drh-consultancy.demon.co.uk/pvk.html)

CA (root certificate example below) C:\openssl_pvkfiles\openssl.exe x509 -inform der -in C:\Zebra_TLS_certs\certnew.cer -out C:\Zebra_TLS_certs\ROOTCERT.pem Client (user certificate below). C:\openssl_pvkfiles\openssl.exe x509 -inform der -in C:\Zebra_TLS_certs\ZEBRA_TLS_CLIENT.cer -out C:\Zebra_TLS_certs\CLIENTCERT.pem

Below is an example of how I converted the private key.

The three files ending in.pem extension here need to be placed onto the printer. (Later in this illustration)

The Event Viewer on the IAS server can be used for troubleshooting purposes. In the screenshots below the event viewer is showing a successful authentication. Additional screenshots from IAS server used in testing. Please consult with Microsoft to see if these settings would be appropriate for your environment. This section of the document illustrates a Cisco Wireless controller. This document is meant as an illustration only. Questions on the setup of your Cisco controller should be directed to Cisco. It should be Cisco that is used to determine if the illustration below is appropriate for your environment This illustration shows how the Cisco Controller was configured for TLS initially and then WPA-TLS. With TLS or WPA-TLS the authentication request is forwarded to a Radius server. The following screenshots illustrate how a radius server can be added.

The example below shows an entry of a radius server with an IP address of 10.3.50.38 and utilizing the port number of 1812. 1645 and 1812 are common port numbers used with the RADIUS protocol. A secret key is also entered. This secret key needs to match the secret key that is entered on the RADIUS server. The first step illustrated here is how an ESSID is created. In this example the ESSID is ZebraTLS1 Please note that ESSID s are case sensitive.

This screenshot shows how to configure 802.1x (TLS)

The next screen is showing where the controller is passing the authentication packets to.

The screenshots below show the advanced eap settings used in the illustration. Please consult with Cisco to determine the appropriate values for your environment.

The screenshots below show what a successful TLS connection appears on the controller.

The next screenshots show how the controller was set for WPA-TLS. In this example that I have enabled both wpa and wpa2 as shown below.

With WPA-TLS, the authentication is often done by an external radius server. In this example I have entered the ip address for the radius server as shown below. Below is an example of what the controller shows for a successful WPA-TLS authentication.

This section of the document illustrates how to configure the printer for TLS and will continue by illustrating how to configure the printer for WPA-TLS. The illustration will use the Zebra Setup Utility as the method for configuring the printer. Please ensure that you are using the most current version of the Zebra Setup Utility before continuing. The most current version of the Zebra Setup Utility can be downloaded at www.zebra.com.

There are three certificate files needed for TLS. These files need to be stored on the printer with specific names. CACERTSV.NRD for the CA root certificate CERTCLN.NRD for the user/client certificate PRIVKEY.NRD for the user/client private key certificate. In my illustration, I have created three files or certificates that are now in the PEM format. THESE ARE THE THREE CERTIFICATES THAT CAN BE STORED. ROOTCERTIFICATE.PEM = CACERTSV.NRD PRIVATEKEY.PEM = PRIVKEY.NRD CLIENTCERT.PEM = CERTCLN.NRD The files that were created earlier in this illustration were renamed CACERTSV.NRD (Rootcertificate.pem), PRIVKEY.NRD (PRIVATEKEY.PEM) and CERTCLN.NRD(CLIENTCERT.PEM) The screenshots below illustrate how the Zebra Setup Utility to configure the printer for both EAP-TLS and WPA-EAP-TLS

In this illustration I am configuring the printer for DHCP. In this example I have chosen the following radio information. Please note that this screen is only available on select printers. It may not be applicable for other printers.

One needs to set the printer to match the ESSID that was previously configured on the Cisco controller. (NPS_TLS) The screenshot below illustrates EAP-TLS The screenshot below illustrates WPA-EAP-TLS

Click Next

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback