Skip to Content Information Center
Lexmark C3224

Lexmark C3224

WPA2- Enterprise (802.1x) setup guide using Marknet 27X6410

Issue description

Use the printer's EWS page to configure your Wi-Fi network and security settings on the printer and allow it to join the wireless network.

Solution

  1. Connect printer over wired Ethernert connection.

    Note:  IP address obtained by the printer.

  2. From the Embedded Web Server (accessible via https://<ip address of printer>, go to “Security” (under settings tab on the right) then select “Certificate Management”. Then click on “Certificate Authority Management

  3. From Certificate Authority Management, hit New, then Upload CA from the Radius Server (must be in .pem format). After upload, you should see the CA appear as noted below.

  4. On the embedded web server page, go to “Security > Certificate Management > Device Certificates”.

  5. Hit “Generate”, fill in the fields. You should see it in the list as shown below:

  6. Click on the link for the name of the new entry that is generated (not the default).

  7. Select “Download Signing Request”. This will have to be signed by the Radius Server, usually via a script.

    Note:  This screenshot is from a previous product, but the options are the same.

  8. After getting the request signed, go back into the Device Certificate Manager, click on Name of entry (i.e. “hostapdtest” in this example not “default”) and choose “Install Signed Certificate”. Upload the signed cert as instructed. After doing this step, you should see the certificate show up in signed.

  9. Now go into Wireless Setup by selecting “Network/Ports” > “Wireless”. Enter the SSID of the AP for the network with the radius sever. For “Wireless Security Mode” select 802.1x‑Radius, for WPA3‑Enterprise mode without 192 bit security (which we do not support), select ”WPA2+PMF” for the field “802.1x Encryption Mode”. Fill in other fields. Hit Save to save settings.

  10. Scroll down to the 802.1x filed on this page and expand settings.

    • Enable 802.1x radio button.
    • For 802.1x Certificate, select the name created in steps #4-#8
    • For 802.1x entries, select only the authentication mechanism desired
    • Device login name should correspond to the login name defined for the radius server, usually in the conf file on the radius server. Likewise, device login password must correspond to the password defined in the radius server conf file (i.e. it is not the shared secret entered during cert signing necessarily).
    • If testing WPA3‑Enterprise mode the checkbox for “Enable Server Certificate” is greyed out, as server certificate validation is always performed, and we do not allow users to deselect. If it is not greyed out, make sure step 9 was performed and saved.
    • TTLS Authentication mode is typically MSCHAP‑V2

    When fields are complete, hit Save.

    After setup is complete, disconnect wired connection and reboot the printer so it will come up in wireless mode. Monitor radius server logs if unable to connect to network.

Debug tip:

  • If repeatedly unable to connect when expected to, perform the following:
  • **411 to get to the SE menu.
  • Under “Network” enable “Enable wpa_supplicant debugging”.
  • Reset printer and capture failure.
  • Connect a USB thumb drive to front port (if wireless option is installed on USB front port, you can connect a thumb drive to its port without removing the wireless option).
  • Go back into SE menu (**411).
  • Select “General SE Menu” then select “Capture Logs to USB Drive”. Send the file to Lexmark for debug.

If the issue persists, then search for more information related to this issue or contact customer support.

Was this article helpful?
Top