manualshive.com logo in svg

SEH primos, User Manual

SEH primos offers a high-quality User Manual for free download on our website. This manual provides comprehensive instructions on how to properly use and maintain our product. Get your manual now from manualshive.com to ensure a seamless experience with your SEH primos product.

Share
Download
background image

primos User Manual

Security

59

Configuring EAP-FAST

Benefits and

Purpose

EAP-FAST (Flexible Authentication via Secure Tunneling) validates the identity of devices
or users before they gain access to network resources. You can configure primos for the
EAP-FAST network authentication. This makes sure that primos gets access to protected
networks.

Mode of

Operation

EAP-FAST uses (as in the case of EAP-TTLS 



57) a channel in order to protect the data

transfer. The main difference is that EAP-FAST does not require certificates for
authentication purposes. (The use of certificates is optional.)

PACs (Protected Access Credentials) are used to build the channel. PACs are credentials
that comprise up to three components.

• A shared secret key that contains the preshared key between primos and the RADIUS

server.

• An opaque part that is provided to primos and presented to the RADIUS server when

primos wishes to obtain access to network resources.

• Other information that may be useful to the client. (Optional)

EAP-FAST uses two methods to generate PACs:

• The manual delivery mechanism can be every mechanism that the administrator

configures and considers to be safe for the network.

• In the case of the automatic delivery, an encrypted channel is established in order to

protect the authentication of primos as well as the delivery of the PACs.

Requirements

primos is defined as user (with user name and password) on a RADIUS server.

1. Start the primos Control Center.
2. Select 

SECURITY – Authentication

.

3. Select 

FAST

 from the 

Authentication method

 list.

4. From the list 

EAP root certificate

 choose the root CA certificate of the certification 

authority that has issued the certificate of the authentication server (RADIUS). 
(Optional) The certificate increases the security when establishing the connection.

(The root CA certificate must have been installed in primos previously

 



54

.)

5. In the

 Anonymous name 

box enter the name for the unencrypted part of the EAP-

FAST authentication.

6. From the list 

Inner authentication

 choose the method intended to secure the com-

munication in the TLS channel.

7. From the 

FAST provisioning

 box choose the provisioning mechanism for PACs.

8. Enter the 

User name

 and 

Password

 that are used for the configuration of primos on 

Summary of Contents for primos

Page 1: ...User Manual...

Page 2: ...roduct Keep the documentation for further reference during the life cycle of the product All rights are reserved Copying other reproduction or translation without the prior written consent from SEH Co...

Page 3: ...5 How to Configure Directory Services 17 4 Device Settings 20 4 1 How to Determine a Description 20 4 2 How to Configure the Device Time 20 4 3 How to Configure Local Users 21 4 4 How to Configure Lo...

Page 4: ...ontrol the Access to primos TCP Port Access Control 48 6 6 How to Use Certificates Correctly 50 6 7 How to Use Authentication Methods 55 7 Maintenance 61 7 1 How to Secure the Configuration Settings B...

Page 5: ...s 2 Documentation 3 Support And Service 5 Your Safety 6 First Steps 6 Find IP address of primos 7 This chapter contains information concerning the device and the documentation as well as notes about y...

Page 6: ...iOS devices with primos These are wired or wireless AirPrint network printers In addition primos enhances AirPrint with various features Wide Area AirPrint directory services support and much more pri...

Page 7: ...er offer a bookmark navigation feature that allows you to view the entire document structure This document contains hyperlinks to the associated information units If you want to print this documentati...

Page 8: ...on The arrow confirms the consequence of an action Requirements Hooks mark requirements that must be met before you can begin the action Option A square marks procedures and options that you can choos...

Page 9: ...d on the SEH Computertechnik GmbH homepage http www seh technology com services downloads download mobility solutions primos html For primos you will find current firmware software current tools curre...

Page 10: ...ore Improper Use All uses of the device that do not comply with the primos functionalities described in the documentation are regarded as improper uses It is not allowed to make modifications to the h...

Page 11: ...4 How Do I Find the IP Address The primos IP address can be determined using the SEH primos App System Requirements of the SEH primos App Windows 7 Windows 8 Windows 10 Mac OS X 10 7 x OS X 10 8 x 10...

Page 12: ...via Bonjour primos is advertised under the name primos ICxxxxxx wherein ICxxxxxx is the default name 67 All devices with iOS and Mac OS X OS X macOS support Bonjour natively On devices with other ope...

Page 13: ...ftware Microsoft Edge Safari Mozilla Firefox Security The access to the primos Control Center is protected 46 The default user profile is User name admin Password admin Note Change the default passwor...

Page 14: ...he URL The primos Control Center is displayed in the browser Open primos Control Center via SEH primos App Requirements primos is connected to the network and the mains voltage primos has a valid IP a...

Page 15: ...e manufacturer s contact details and additional information regarding the product are displayed under Product Company The Sitemap provides an overview of and direct access to all pages of the primos C...

Page 16: ...omputer with a Windows or Mac OS X OS X macOS operating system Different installation files are available depending on the operating system System requirements Windows 7 Windows 8 Windows 10 Mac OS X...

Page 17: ...ntrol Center 2 Select NETWORK IPv4 3 Configure the IPv4 parameters table 1 13 4 Click Save to confirm The settings are saved Table 1 IP parameters You can define various settings for an ideal integrat...

Page 18: ...a field can be omitted Example fe80 0 0 0 0 10 1000 1a4 An IPv6 address may be entered or displayed using a shortened version when successive fields contain all zeros 0 In this case two colons are us...

Page 19: ...lick Save to confirm The settings are saved Table 2 IPv6 parameters Parameters Description IPv6 Enables disables the IPv6 functionality of primos Automatic configuration Enables disables the automatic...

Page 20: ...the automatic recognition of computers devices and network services in TCP IP based networks primos uses Bonjour to search for printers in the network 25 check the IP address assigned via ZeroConf 7 a...

Page 21: ...into an Active Directory by making it member of a domain Requirements A DNS server is configured in primos 16 primos was entered with a type A resource record IPv4 address of the host on the DNS serve...

Page 22: ...llow the communication between participants of different network segments The host name can only be used if a DNS server was configured beforehand Administrator account Defines the name of the adminis...

Page 23: ...gs 19 LDAP CA certificate Choose the root CA certificate of the certification authority that has issued the certificate of the domain controller DC The CA certificate must already be installed on the...

Page 24: ...e server SNTP server in the network A time server synchronizes the time of devices within a network Benefits and Purpose primos needs the device time to join directory services 17 and to provide the p...

Page 25: ...ontrol who can print 35 To do this you can either use directory service users 17 or local users You set up local users on primos Each user needs a name and password In addition a user can be assigned...

Page 26: ...lect the user to be deleted by clicking the icon 4 Confirm the security query The user is deleted 4 4 How to Configure Local Groups When using user authentication users are used to to control who can...

Page 27: ...oup is created Change User Memberships 1 Start the primos Control Center 2 Select DEVICE Users 3 Select the group to be edited by clicking the icon 4 In the Users area select the users 5 To confirm cl...

Page 28: ...Need How to Configure Printers on primos Creating Queues 25 How to Manage Queues 29 How to View the Job History 30 How to Define the Printer Name That Is Displayed on the iOS Devices 32 How to Mainta...

Page 29: ...ert Printer Setup Starts a search for network printers You will then get a list of printers found and queue proposals for those printers You can edit those and create up to 10 queues Knowledge of prin...

Page 30: ...inters and automati cally creates queues for up to 10 printers found Then an overview of the queues cre ated is displayed Note Depending on the size of your network running the Smart Printer Setup may...

Page 31: ...Defines how printers are addressed in the network via Bonjour via hostname or IP address routable Choose hostname IP address if you want to move primos or the printers to a different network after se...

Page 32: ...er Defines the printer The list shows printers automatically discovered in the network You may also define a printer connection manually Connection Connection type Defines the printing protocol IPP IP...

Page 33: ...by comma Example 51 982898 8 493206 Connection Defines the connection to a printer in the form of a device URI uniform resource identifier IPP IPPS In IPP Internet Printing Protocol the print data is...

Page 34: ...jobs are displayed From the 101rd print job onwards the FIFO method first in first out is applied The recorded print jobs will be deleted when primos is reset Note A time server 20 must be configured...

Page 35: ...lect PRINTING Job history The job history is displayed 3 Click the filter button The job history entries are displayed according to the filter Delete print jobs 1 Start the primos Control Center 2 Sel...

Page 36: ...via primos on iOS devices The AirPrint identifier is applied to all queues It can be changed at any time The default is air Chose an identifier that begins with a letter that from the beginning of th...

Page 37: ...imos Control Center 2 Select PRINTING Queues 3 Select the desired queue by clicking the icon 4 In the Device area select the desired printer action from the Action list 5 Click Save to confirm The pri...

Page 38: ...ated on primos 25 A certificate has been installed on primos 50 1 Start the primos Control Center 2 Select PRINTING Queues 3 Select the desired queue by clicking the icon 4 Tick clear Secure AirPrint...

Page 39: ...a directory service Active Directory or LDAP 17 To enter a large number of users more easily the users can be grouped in local 22 or directory service groups The group then is entered instead of each...

Page 40: ...y print content such as documents and pictures from iOS devices iPhone iPad and so on To do so print jobs are sent from iOS apps with AirPrint support to primos via your network primos forwards the pr...

Page 41: ...rPrint on primos 38 Warning The primos subdomain must not end with local This domain is reserved for multicast Bonjour mDNS On primos define the printer which are to be used with Wide Area AirPrint Co...

Page 42: ...context menu choose New Conditional Forwarder The dialog New Conditional Forwarder appears 3 In the DNS Domain box enter the primos subdomain 4 In the area IP addresses of the master servers enter in...

Page 43: ...lect MAINTENANCE Service 3 In the DHCP option 119 area enter your IPv4 DHCP range in the DHCP range box 4 In the DHCP option 119 area enter your primos subdomain in the primos subdo main box The Comma...

Page 44: ...6d 79 64 6f 6d 61 69 6e 03 63 6f 6d 00 Configures option 119 After each execution the successful execution of the command is confirmed The primos subdomain is created on the DHCP server as option 119...

Page 45: ...yboard appears 5 Add the primos subdomain Several search domains are to be separated comma 6 Let the key board fade out The primos subdomain has been configured as search domain on the iOS device The...

Page 46: ...45 How to Manage User Profiles Access Control 46 How to Protect primos from Cross Site Scripting 48 How to Control the Access to primos TCP Port Access Control 48 How to Use Certificates Correctly 50...

Page 47: ...n be selected Any The encryption is automatically negotiated by both communicating parties The strongest encryption supported by both parties will always be chosen Regular High Only cipher suites with...

Page 48: ...t support SSL a connection can then not be established 4 From the Encryption level area select the desired level Warning Do not use the encryption level Low if you use up to date browser software and...

Page 49: ...3 Note When logging into the primos Control Center 46 the password is transmitted in plain text We recommend to only use the HTTPS connection SSL TLS requires a certificate to check the identity of pr...

Page 50: ...Active Directory or LDAP 17 Directory users can be used to log into the primos Control Center To do this they must be defined on primos The users defined can then authenticate themselves with their di...

Page 51: ...vice 17 In the directory service users are defined 1 Start the primos Control Center 2 Select SECURITY Device access 3 Into the Users having access to this device box enter the directory service users...

Page 52: ...ded from locking primos only accepts data packets from network elements defined as exceptions Please note This also applies to iOS devices If the TCP port access control is enabled you can only print...

Page 53: ...ck the options 5 Make sure that the test mode is enabled 6 Click Save to confirm The settings are saved The port access control is activated until the device is restarted 7 Check the port access and c...

Page 54: ...d Upon delivery a certificate the so called default certificate is stored in primos It is recommended that you replace the default certificate by a self signed certificate or a requested certificate a...

Page 55: ...es 3 Click Self signed certificate an 4 Enter the relevant parameters table 10 51 5 Click Create Install The certificate will be created and installed This may take a few minutes Table 10 Parameters f...

Page 56: ...es 6 Select Upload and save the requests in a text file 7 Click OK 8 Send the text file as certificate request to a certification authority When the certificate has been received it must be saved in t...

Page 57: ...ate 6 Click Install The requested certificate is installed in primos Installing a PKCS 12 Certificate in primos PKCS 12 certificates are used to save private keys and their respective certificates and...

Page 58: ...ificate of the authentication server RADIUS in primos Requirements The certificate must be in base64 format 1 Start the primos Control Center 2 Select SECURITY Certificates 3 Click CA certificate 4 Cl...

Page 59: ...ntication server RADIUS First you must define the authentication procedure TLS PEAP TTLS etc to be used and configure it on all network devices involved What is RADIUS RADIUS Remote Authentication Dia...

Page 60: ...rtificate signed by a CA The RADIUS server and primos must validate the certificate After the mutual authentication was successful the access to the network will be freed Since each device needs a cer...

Page 61: ...er authentication The advantage of this procedure is that only the RADIUS server needs a certificate Therefore no PKI is needed Moreover TTLS supports most authentication protocols Requirements primos...

Page 62: ...authentication methods including user passwords and one time passwords Requirements primos is defined as user with user name and password on a RADIUS server 1 Start the primos Control Center 2 Select...

Page 63: ...methods to generate PACs The manual delivery mechanism can be every mechanism that the administrator configures and considers to be safe for the network In the case of the automatic delivery an encryp...

Page 64: ...primos User Manual Security 60 the RADIUS server 9 Install a WPA add on Optional 10 Click Save to confirm The settings are saved...

Page 65: ...onfiguration Settings Backup 62 How to Reset primos to Its Default Settings Reset 62 How to Perform an Update 63 How to Restart primos 64 How to Shut Down primos 65 How to Use the Service Function 65...

Page 66: ...same major version of primos software Major software versions are distinguished by the second level of numbering Example A backup created for primos software 17 1 x cannot be installed on primos with...

Page 67: ...Reset Button LEDs various ports and the reset button can be found on primos These components are described in the Quick Installation Guide Using the reset button you can reset the primos the configur...

Page 68: ...e files can be downloaded from the homepage of SEH Computertechnik GmbH http www seh technology com services downloads download mobility solutions primos html Note Every update file has its own readme...

Page 69: ...th your request e g via email Logging Per default only some information is stored in the service file If logging is enabled much more detailed information will be logged The SEH support can perform a...

Page 70: ...our client Send the service file to the SEH support Configuring the SSH Access Note The SSH connection may only be established and used after consultation with the SEH support Using SSH for purposes o...

Page 71: ...Name 67 Gateway 67 Hardware Address 68 Host name 68 IP Address 68 Subnet Mask 68 Default Name The primos default name is made up of the two letters IC and the device number The device number consists...

Page 72: ...ppear only once in your local network The IP address must be saved in primos to make sure that it can be addressed within the network Subnet Mask With the help of the subnet mask large networks can be...

Page 73: ...s the BIOS mode if the activity LED blinks regularly Warning primos is not operational in the BIOS mode If a primos is in the BIOS mode the device will be marked accordingly in the SEH primos App with...

Page 74: ...check the cabling connections the primos IP address 7 and the proxy settings of your browser If you still cannot establish any connection the following safety mechanisms might be the cause The access...

Page 75: ...e the same time server SNTP server for primos and the directory service Check the primos time server configuration 20 Make sure that a DNS server is configured in primos and that primos can access it...

Page 76: ...t settings 62 Description 20 Device settings 20 DHCP 13 Directory service 17 35 Active Directory 17 35 46 LDAP 17 35 46 User 35 DNS Domain Name Service 16 DNS server 38 Documentation 3 Downloads 5 E E...

Page 77: ...out 11 Security 9 Start 9 Structure 10 Print 24 36 Across subnets 37 Print center 37 Print Jobs 30 Print jobs Accept 33 Delete 33 Reject 33 Print queue See Queue Printer Action 33 Name 32 Start 33 Sto...

Page 78: ...ubnet mask 13 68 Support 5 Switching Off 65 T TCP Port Access Control 48 Test mode 48 Test page 33 Time of the device 20 Time server 20 Time zone 20 Troubleshooting 69 U Update 63 URI Uniform Resource...

Reviews:

No comments

Related manuals for primos

Olympus P 400 Owner'S Manual preview
P 400
Brand: Olympus Pages: 71
Canon imagePRESS Server G200 Service Manual preview
imagePRESS Server G200
Brand: Canon Pages: 82
Canon P 400 Service Manual preview
P 400
Brand: Canon Pages: 88
PaloAlto Networks M-100 Hardware Reference Manual preview
M-100
Brand: PaloAlto Networks Pages: 30
IBM eserver pSeries 690 Installation Manual preview
eserver pSeries 690
Brand: IBM Pages: 142
IBM eServer 370 xSeries User Reference Manual preview
eServer 370 xSeries
Brand: IBM Pages: 218
IBM BladeCenter PS703 Service Manual preview
BladeCenter PS703
Brand: IBM Pages: 298
IBM BladeCenter T Type 8720 Hardware Maintenance Manual preview
BladeCenter T Type 8720
Brand: IBM Pages: 180
Oki B930dn Guide Utilisateur preview
B930dn
Brand: Oki Pages: 222
Oki B930dn Brochure & Specs preview
B930dn
Brand: Oki Pages: 4
Oki B6250dn Guía Del Usuario preview
B6250dn
Brand: Oki Pages: 160
Oki PACEMARK 4410 Service Handbook preview
PACEMARK 4410
Brand: Oki Pages: 189
Zebra GX420t Instruction Manual preview
GX420t
Brand: Zebra Pages: 29
Xerox DocuPrint C3300 DX User Manual preview
DocuPrint C3300 DX
Brand: Xerox Pages: 200
Oki OKIPOS 425D Developer'S Manual preview
OKIPOS 425D
Brand: Oki Pages: 137
Epson Stylus C110 Series Start Here preview
C110 Series
Brand: Epson Stylus Pages: 4
idp SMART-21S User Manual preview
SMART-21S
Brand: idp Pages: 63
FujiFilm 16558126 User Manual preview
16558126
Brand: FujiFilm Pages: 28

Brands by name

Popular brands

Load more brands