Skip to Content Information Center
Lexmark C3326

Lexmark C3326

Configuring the 802.1X/EAP authentication on Lexmark wireless devices


This article describes:

  • The supported 802.1X/EAP (Extensible Authentication Protocol) authentication types.
  • Summarizes certificate installation.
  • Explains how to enable and configure 802.1X/EAP after installing the required certificates.

Supported EAP Types

The 25XX dot matrix printers support the following EAP types:

  • EAP - MD-5 (Message Digest Algorithm)
  • EAP - Cisco Wireless or LEAP (Lightweight Extensible Protocol)
  • EAP - TLS (Transport Layer Security)
  • EAP - TTLS (Tunneled TLS)
  • PEAP - Protected EAP
  • EAP - MSCHAPv2

802.1X/ EAP Configurations: Certificate Installation (2009 - 2011 Lexmark Devices)

To install and use certificates for TLS, TTLS, and PEAP authentication:

  1. Access the printers EWS(Embedded Web Server) by typing http://printer's_IP_address in the address bar, using the IP address of the printer.

  2. Click Configuration.

  3. Click Security.

  4. Click Certificate Management. Click here for image.

Configurations for 802.1X/ EAP (2009 - 2011 Lexmark Devices)

  1. Access Printers EWS.

  2. Click Configuration > Security > 802.1X.

  3. Turn on 802.1X then place a check next to authentication type.

    Note:  Deselect the authentication types that are not needed.

  4. If using TTLS, select the proper password protocol. Click here for the sample image.

Configurations for 802.1X/ EAP (2012 - 2019 Lexmark Devices)

  1. Connect the printer over a wired connection.

  2. Access the printers EWS, go to Security/Certificate Management > Certificate Authority Management.

  3. Click New, then Upload CA (Certificate Authority) from Radius Server (must be in .pem format). After upload, you should see the CA appear as noted below.

  4. On EWS, go to "Security / Certificate Management / Device Certificate Management".

  5. Hit New, Fill in the fields. You should see it in the list as shown below.

  6. Click on the link for the name of the new entry that is generated (not the default). For instance in the above picture, it is "wctestagain".

  7. Select "Download Signing Request". This will have to be signed by the Radius Server, usually via a script.

  8. After getting request signed by the Radius Server, go back into the Device Certificate Manager as in step 4, click on Name of entry (i.e. "wctestagain") as before, and choose "Install Signed Certificate".

  9. Go into Wireless setup. Enter the SSID of the AP for the network with the radius server. For security select 802.1x-Radius, fill in other fields.

  10. In Wireless Setup, for 802.1x Certificate, select the name created in step #6 (for instance "wctestagain") from pulldown.

  11. Under wireless setup, for 802.1x entries, select only the authentication mechanism desired.

  12. Device login name should correspond to the login name defined for the radius server, usually in the conf file on the radius server.

  13. Likewise, device login password must correspond to the password defined in the radius server conf file (for example it's not the shared secret entered during cert signing necessarily). Note that some authentication mechanisms do not require a password.

After setup is complete, disconnect wired connection so it will come up wireless. Monitor radius server logs if unable to connect to network.


Was this article helpful?