User`s guide
Zebra Mobile Printers • Wireless Configuration Guide • rev. H 38
INTRODUCTION
EAP-FAST (Extensible Authentication Protocol-Flexible Au-
thentication via Secure Tunneling) is an IEEE 802.1x authenti-
cation protocol developed by Cisco Systems
®
. It is a wireless
security protocol that does not require an advanced password
policy or digital certificates. This authentication protocol re-
quires a specially formatted file called a PAC (Protected Access
Credential) file to be stored on the client (i.e. a mobile printer)
requiring wireless access to the network. The PAC file contains
an initial pre-shared key that is also known by the authentica-
tion server. PAC keys may be continuously updated once the
client has been authenticated. This EAP method has an option
called “auto-provisioning”, which allows a client to originally
receive a PAC file wirelessly from the authentication server,
but this method is less secure, and is not supported by Zebra
mobile printers.
EAP-FAST is implemented using a RADIUS (Remote Authen-
tication Dial-In User Service) server to authenticate a user (a
Zebra mobile printer) before allowing wireless access onto the
network.
You must ensure compatibility of your printer with the EAP-
FAST protocol. At the time of writing the following mobile
printer models and radio options will support EAP-FAST:
Radio Option
Model 802.11b CF
802.11b
PCMCIA
Zebra
802.11b
QL 220,
QL 220 Plus
yes no yes
QL 320,
QL 320 Plus
yes no yes
QL 420,
QL 420 Plus
yes no yes
RW 220 yes no yes
RW 420 yes no yes
NOTE: EAP-FAST is not supported on Zebra mobile printers with
the PCMCIA radio option
.
CONFIGURING THE NETWORK FOR EAP-FAST AUTHENTICATION
EAP-FAST is implemented using a RADIUS (Remote Authen-
tication Dial-In User Service) server to authenticate a user (in
this case a Zebra mobile printer) before allowing wireless ac-
cess onto the network.
You must have your server configured in a manner similar to
the following:
NOTE: It is the responsibility of end users to determine the proper
configuration parameters for their particular network. The
following discussion is intended as an example to follow when
configuring a WLAN network for use with this protocol.
These settings are based on typical settings for a Cisco Aironet
1200 access point. This access point also acts as the EAP au
-
thenticator, transferring the data between the printer and the
RADIUS server. This access point should have a firmware version
of 12.3(7)JA or later. Earlier firmware versions may not support
local EAP-FAST authentication.
• Set Open Authentication with EAP, Network EAP, and no
Key Management
WIreless Security- EAP-FAST and WPA EAP-FAST
continued