User`s guide
Zebra Mobile Printers • Wireless Configuration Guide • rev. H 53
NOTE: These settings are based on typical settings for a Cisco
Aironet 1200 access point. This access point also acts as the
EAP authenticator, transferring the data between the printer
and the RADIUS server. The access point should have a firmware
version of 12.3(7) JA or later. Earlier firmware versions may not
support local PEAP authentication.
• Set Open Authentication with EAP, and no Key Management
• Set WEP Encryption to Mandatory
• Configure a RADIUS server entry. Select the IP address and
enter its shared secret. (We will edit the shared secret on the
RADIUS server in the next step). By default the FreeRadius server
listens on TCP ports 1812 and 1813.
Select the RADIUS server’s
IP address in the Default Server Priorities (EAP Authentication
section).
Configure the FreeRadius Server
NOTE: The FreeRadius server is available under the
GNU General Public License (GPL), and is freely downloadable
from the Internet. For our example we will be using a Windows
version of the server that can be downloaded from the FreeRa
-
dius.net website (
http://www.freeradius.net). This version of the
FreeRadius server requires the Windows XP operating system.
Download and install the server. In the FreeRadius.net group
click the ‘Edit Clients.conf’ icon. At the bottom of the file add
the following lines to create our test network. This will allow for
a range of access points that must also be configured with this
same shared secret.
client 192.168.1.0/24 {
secret = password
shortname= private-network-3
}
Save the file and open the “Eap.conf” file for editing. If
necessary, edit the line that reads ‘default_eap_type’ to select
the PEAP protocol:
default_eap_type = peap
Save the file if changes are made.
Next we will create user credentials that our printer will use
to login to the network. Open the Users file. Just below the
user ‘FreeRADIUS.net-Client’ add a PEAP user peap’ as shown
below:
# Test PEAP user
peap Auth-Type := eap, User-Password == “password”
Service-Type = Login-User
Save the file if changes are made.
The RADIUS server should now be configured correctly.
Start the server in debug mode by selecting the appropriate
icon. Once the server is initialized it will be ready to process
requests and authenticate users.
CONFIGURING THE PRINTER FOR PEAP AUTHENTICATION
Any necessary certificate files must be acquired and stored on
the printer to enable PEAP authentication. Then the appropriate
printer parameters to enable PEAP authentication must be
configured.
NOTE: Use of this certificate file is optional. The PEAP draft strongly
recommends the use of this certificate, but does not require it. If this
file is present, it must be the appropriate root certificate for the au-
thenticating server, and is used to verify the server’s identity. If it is not
present the server’s identity is automatically trusted. Certificate files
are normally generated by a trusted 3
rd
-party Certificate Authority
(CA).
The following description uses the demo certificates
supplied with the Windows version of FreeRadius. Locate the
‘DemoCerts’ folder of your FreeRadius installation. At the time
of this writing the default path and version is:
C:\Program Files\FreeRADIUS.net-1.0.2-r0.0.8\etc\raddb\certs\
FreeRADIUS.net\DemoCerts
Note that if using certificate files for authentication, only
one such file is required in order to successfully authenticate
our printer using PEAP (a root certificate from a certificate
authority), along with a user name and password that has
also been properly configured in the RADIUS server. (In this