WorkCentre® 7400 Series
Multifunction Printer
®
WorkCentre
7425/7428/7435
System Administrator Guide
English
Français Guide de l’administrateur système
Español Guía del administrador del sistema
Português Guia de Administração do Sistema
Copyright © 2009 Xerox Corporation. All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States.
Contents of this publication may not be reproduced in any form without permission of Xerox Corporation.
Copyright protection claimed includes all forms of matters of copyrightable materials and information now allowed by statutory or
judicial law or hereinafter granted, including without limitation, material generated from the software programs which are displayed
on the screen such as styles, templates, icons, screen displays, looks, etc.
®
Xerox
, CentreWare®, WorkCentre®, PrintingScout®, and Walk-Up® are trademarks of Xerox Corporation in the United States and/or
other countries.
Adobe
Reader®, Adobe Type Manager®, ATM™, Flash®, Macromedia®, Photoshop®, and PostScript® are trademarks of
Adobe Systems Incorporated in the United States and/or other countries.
®
Apple
, AppleTalk®, Bonjour®, EtherTalk®, Macintosh®, Mac OS®, and TrueType® are trademarks of Apple Computer, Inc. in the
United States and/or other countries.
®
, HP-UX®, and PCL® are trademarks of Hewlett-Packard Corporation in the United States and/or other countries.
HP-GL
®
IBM
and AIX® are trademarks of International Business Machines Corporation in the United States and/or other countries.
Microsoft
®
, Windows Vista®, Windows®, and Windows Server® are trademarks of Microsoft Corporation in the United States and/or
other countries.
®
Novell
, NetWare®, NDPS®, NDS®, Novell Directory Services®, IPX™, and Novell Distributed Print Services™are trademarks of
Novell, Incorporated in the United States and/or other countries.
®
SGI
IRIX® is a trademark of Silicon Graphics, Inc.
SM
, Sun Microsystems™, and Solaris™ are trademarks of Sun Microsystems, Incorporated in the United States and/or other
Sun
countries.
®
UNIX
is a trademark in the United States and other countries, licensed exclusively through X/Open Company Limited.
As an E
NERGY STAR
efficiency. The E
®
partner, Xerox Corporation has determined that this product meets the ENERGY STAR guidelines for energy
NERGY STAR name and logo are registered U.S. marks.
Contents
1 General Information
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2 Installation
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Changing the Default Main Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Print Driver Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Obtaining Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
TCP/IP Peer to Peer (LPR or Standard TCP/IP) Printing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
NetBIOS over IP Peer to Peer Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
NetBIOS over IP Client/Server Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
IPP Printing – Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
EtherTalk (AppleTalk) Peer to Peer Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Common UNIX Printing System (CUPS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Installing Unicode Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3 Administrative Tools
Configuration Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
CentreWare Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
System Administrator Login ID and Passcode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Changing Internet Services (HTTP) Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Proxy Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Jobs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Print Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Scan Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Properties Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Details of Some Properties Tab Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Support Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4 Network Management
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Ethernet Speed Setting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
TCP/IP Protocol Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Accessing TCP/IP Protocol Settings at the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
TCP/IP LPD Enablement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Changing LPD Settings at the Printer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
WorkCentre 7425/7428/7435
System Administrator Guide
3
TCP/IP Dynamic Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
TCP/IP Configuration Selection List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
IP Filtering (IP Address Restriction) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configure Port 9100 (Raw Printing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Microsoft (NetBIOS over IP) Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
IPP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Changing IPP Settings at the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
EtherTalk (AppleTalk) Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Changing EtherTalk Settings at the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
AS400 Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
AS400 Raw TCP/IP Printing to Port 9100 (CRTDEVPRT) . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
5 Security
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configuring Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring Xerox Secure Access (Authentication) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
802.1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Encryption Service Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Configuration of HTTPS (SSL/TLS) Communication Encryption. . . . . . . . . . . . . . . . . . . . . 76
Configuration of E-mail Encryption/Digital Signature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuration of Scan File Signatures (PDF/XPS Documents) . . . . . . . . . . . . . . . . . . . . . . 81
IP Sec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
FIPS 140-2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Scheduled Image Overwrite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Secure Watermark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring Secure Watermark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Secure Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Using Secure Print from the Print Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Using Secure Print from CentreWare Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Xerox Common Access Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Supported Card Readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Supported Card Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Installing the Common Access Card Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Enabling and Configuring the Common Access Card Feature . . . . . . . . . . . . . . . . . . . . . . 92
6 Scanning and Faxing
Enabling Options with Software Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Special Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
WorkCentre 7425/7428/7435
4
System Administrator Guide
Scan to E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
E-mail Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Preparations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Installation Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
LDAP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Network Scanning (Using Templates) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Installation Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configure a Scan Filing Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Configure a Scan Filing Repository using FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Configure a Scan Filing Repository using SMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Testing Network Scanning (using templates) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Scan to PC (FTP/SMB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Installation Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Enabling Ports and Setting TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Receiving Computer Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Adding the Receiving Computer’s Address to the Address Book . . . . . . . . . . . . . . . . . . . 124
Using the Scan to PC (FTP/SMB) Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Scan to Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Preparing for Scan to Home Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Configure Scan to Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Scanning to the Printer’s Hard Drive (Folders) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Setting Up Folders at the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Setup and Use of Job Flow Sheets with Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Enabling Ports and Setting TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Configuring the SNMP Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Creating Job Flow Sheets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Scan to PC Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Software Installation Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Installing and Using the Network Scanner Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Before Installing the Network Scanner Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Installing the Network Scanner Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Uninstalling the Network Scanner Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Importing Scanned Data from the Folder to an Image-Editing Application . . . . . . . .138
Importing Scanned Data from the Folder using Network Scanner Utility 3. . . . . . . . .139
Xerox Extensible Interface Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
XEIP Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Fax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
LAN Fax (PCL Drivers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
LAN Fax (PostScript Drivers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
WorkCentre 7425/7428/7435
System Administrator Guide
5
Server Fax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Installation Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Configure a Fax Filing Location (Repository) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Configure a Fax Filing Repository using FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Configure a Fax Filing Repository using SMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Configure a Fax Filing Repository using SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Features that Support Server Fax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Internet Fax (iFAX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Installation Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Enabling the E-mail Ports and Setting TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Configuring the E-mail Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Testing iFAX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
7 Printer Management
Xerox Standard Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Enabling Xerox Standard Accounting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Create a Group Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Create a User Account and Set Usage Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Maximum Usage Limits and Resetting Individual Usage Limits . . . . . . . . . . . . . . . . . . . 172
Using XSA at the printer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Resetting Usage Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Print a Usage Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Enable XSA in your Print Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Backing Up XSA Data and Settings and Cloning to Another Device. . . . . . . . . . . . . . . . 174
Audit Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Annotation (Bates Stamping) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Configuring Bates Stamp Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Configuring a Precise Bates Stamp Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Media Card Reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Media Card Reader Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Supported Media and File Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Inserting and Ejecting Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Media Print Text Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Index Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Selecting and Printing Photo Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Problem Solving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
USB Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Supported Media and File Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Selecting and Printing Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185
Selecting and Printing Photo Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
WorkCentre 7425/7428/7435
6
System Administrator Guide
Thumbnail Preview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Hard Disk Data Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
To Verify or Change Hard Disk Data Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Encryption Key For Confidential Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Xerox Smart eSolutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Enable communications with the Xerox Smart eSolutions Server . . . . . . . . . . . . . . . . . .189
Cancelling Communications with the Xerox Smart eSolutions Server . . . . . . . . . . . . . .190
8 Troubleshooting
General Troubleshooting Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
TCP/IP Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
NetBIOS over IP Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
At the DNS or WINS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
IPP Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
EtherTalk Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
At a Macintosh Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Scanning to Hard Drive Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Check Physical Media and Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
At the Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
At the Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203
Image Quality Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Color Calibration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
WorkCentre 7425/7428/7435
System Administrator Guide
7
WorkCentre 7425/7428/7435
8
System Administrator Guide
General Information
This chapter includes:
• Resources on page 10
1
9
General Information
Resources
You can get information about your printer from the following sources.
Information Source
Installation Guide
Quick Use Guide
User Guide (PDF)
User Documentation
Information about menu selection or error
messages on control panel
Information pages
Print Drivers www.xerox.com/office/WC7425_WC7428_WC7435drivers
Recommended Material List – North America
Recommended Material List – Europe
Online Support Assistant
Tec h nic a l Supp o rt
Registration www.xerox.com/office/register
Supplies www.xerox.com/office/WC7425_WC7428_WC7435support
Packaged with printer
Packaged with printer
Customer Documentation CD
www.xerox.com/office/WC7425_WC7428_WC7435docs
Control panel Help (?) button
Control panel menu
www.xerox.com/paper
www.xerox.com/europaper
www.xerox.com/office/WC7425_WC7428_WC7435support
www.xerox.com/office/WC7425_WC7428_WC7435support
WorkCentre 7425/7428/7435
10
System Administrator Guide
Installation
This chapter includes:
• Installation on page 12
• Print Driver Installation on page 13
2
11
Installation
Installation
Overview
1. Connect one end of a Category 5 twisted pair cable to a live network drop. Connect the other end
of the cable to the RJ–45 socket at the rear of the printer.
2. Set the printer's power switch to On and wait until the main screen is displayed.
3. Print a Configuration Report. Refer to the Configuration Report to determine which ports and
protocols are enabled for your network. For more information see Configuration Report on page 22.
4. Enable the printer’s internet services (HTTP) and TCP/IP protocol so that you can configure the
printer using the CentreWare Internet Services Web interface. For more information see
CentreWare Internet Services on page 23.
5. Install the print drivers and set up computers to communicate with the printer.
6. If you have purchased optional features for your printer, such as Scanning to the printer's Hard
Drive, configure these options. For more information see Scanning and Faxing on page 97.
Changing the Default Main Screen
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the Too l s tab.
5. Touch Common Service Settings, touch Screen/Button Settings, select Service Screen Default,
touch Change Settings, make your selection and touch Save.
6. Touch Close until the Tools tab is displayed.
7. Wait for the Auto Clear service to log you out.
WorkCentre 7425/7428/7435
12
System Administrator Guide
Print Driver Installation
Print Driver Installation
Supported Operating Systems
• Windows 2000 Professional, 2000 Server, 2003 Server, XP Professional, Vista
• Macintosh OSX 10.3 and newer
•UNIX
Obtaining Drivers
Drivers are on a CD that came with your printer. If you do not have the CD, you can download drivers at
www.xerox.com/office/WC7425_WC7428_WC7435drivers.
TCP/IP Peer to Peer (LPR or Standard TCP/IP) Printing
Windows Print Driver Installation
1. On the Windows XP desktop, click Start, then Printers and Faxes. The Vista path is Start\Control
Panel\Printer(s).
2. Double-click Add Printer.
3. When the Add Printer Wizard screen displays, click Next.
4. Select Local Printer and deselect Automatically detect and install my Plug and Play printer.
Click Next.
5. Select Create a new port and choose LPR from the Typ e drop down menu. (LPR becomes available
when Print Services for UNIX is installed, as above).
Note: If you prefer to print raw data to Port 9100 on the printer, choose Standard TCP/IP Port. Click
Next.
6. When prompted, enter the IP address of the printer.
7. Enter a name for the print queue (such as raw). If you selected the Standard TCP/IP port, you can
accept the default name provided by Windows. Click Next.
8. You will be prompted for a print driver. Select Have Disk and browse to the location of your print
driver.
9. Select the .INF file, then click Open.
10. When the Install from Disk screen displays, verify that the path and file name are correct and click
OK.
11. Select the model that corresponds to your printer and click Next.
12. Enter a name for your printer and select either Yes or No to make this printer your default printer.
Select Yes if you will be printing primarily to this printer from your applications. Click Next.
13. Select Ye s to print a test page. Click Next.
14. Click Finish.
WorkCentre 7425/7428/7435
System Administrator Guide
13
Installation
Configure the Print Driver
1. Click Start, select Printers and Faxes. The Vista path is Start\Control Panel\Printer(s).
2. Right click the printer's icon and select Properties.
3. Use the available tabs to set the printer's job processing defaults, including enabling Bi-Directional
Communication. Additional settings may be accessed by clicking the Printing Preferences button
on the General Tab.
NetBIOS over IP Peer to Peer Printing
Before You Start
1. Obtain the print driver for your computer's operating system. See Obtaining Drivers on page 13.
2. Print a Configuration Report. See Configuration Report on page 22.
3. On the Configuration Report, verify that SMB and TCP/IP are enabled. Verify that the workgroup's
default name is Workgroup, or a valid, 15 character maximum, workgroup name. Also note the
printer's SMB Host Name (which assures the uniqueness of the printer's name within the
Workgroup). To enable SMB, see Microsoft (NetBIOS over IP) Networks on page 52. Modify the
name of the Workgroup, or printer's name (SMB Host name) using CentreWare Internet Services.
4. Make sure to configure the DNS/WINS Server(s) for NetBIOS name to IP address resolution. Then
provide the printer with the addresses of the Servers. For more information, see TCP/IP Protocol
Configuration on page 43.
An Alternate Procedure for Setting up NetBIOS over IP Peer to Peer Printing
Note: Experienced System Administrators can use the following procedure:
1. On Windows XP computers, from the Properties selection of the Local Area Connection icon,
verify that the Internet Protocol (TCP/IP) is installed. Select the protocol and click Properties. Verify
that TCP/IP is configured for use of the DNS Server. Click the Advanced button and select the DNS
tab. Verify that the check box labeled Register this connection's addresses in DNS is checked. Select
the WINS Tab and verify that the NetBIOS setting is set to either Use NetBIOS Setting from the
DHCP Server, or that NetBIOS is enabled over TCP/IP. Click Cancel twice and verify that the Client
for Microsoft Networks is installed. Finally, with your Operating System Installer Disk readily
available, through Add/Remove Programs and Add/Remove Windows Components, select Other
Network File and Print Services. Click Details, check the box for Print Services for UNIX, and click
OK and Next.
2. When prompted for the Name or address of the server providing LPD enter the printer's SMB Host
Name as seen on the printer's Configuration Report.
3. When prompted for a queue name, enter your preference of an easily-identified name for this
printer.
4. Install the print driver on your computer and, when prompted to select a port to print through,
select the LPR port that you just created.
5. Print a Test Print to verify successful communication with the printer.
WorkCentre 7425/7428/7435
14
System Administrator Guide
Print Driver Installation
NetBIOS over IP Client/Server Printing
Before You Start
1. Obtain the print driver for your computer's operating system. See Obtaining Drivers on page 13.
2. Print a Configuration Report. See Configuration Report on page 22.
3. On the Configuration Report, verify that SMB is enabled. Also, verify that TCP/IP is enabled as one
of the supported protocols. To enable SMB, see Microsoft (NetBIOS over IP) Networks on page 52).
4. Set Up a Server to Queue Jobs to the Printer. If you have not already set up a Server, for a quick-
step set up procedure, for help see Microsoft (NetBIOS over IP) Networks on page 52.
Windows Print Driver Installation
Verify that the Correct Protocols and Services are Installed in the Computer
1. Verify that the Internet protocol (TCP/IP) is installed in the Computer. On the Windows XP desktop,
click Start, Control Panel, and double click Network Connections. Right click the Local Area
Connection icon and select Properties.
On the Windows 2000 Desktop, right click the My Network Places icon and select Properties. Right
click the Local Area Connection icon and select Properties.
2. Verify that the Internet Protocol (TCP/IP) has been loaded. If it has, click this item and click the
Properties button to verify that this computer is using either a dynamic or static method to obtain
a valid TCP/IP address.
3. Also verify that this computer is using a DNS (or WINS) Server for resolution of the NetBIOS Host
name (typically the same name as the computer's Internet host name). If the TCP/IP protocol is
not loaded, click the Install… button, then select Protocol as the type of network component that
you wish to install. Click the Add… button and select Internet Protocol (TCP/IP).
4. With your operating system installer disk readily available, click the Have Disk… button and follow
any remaining instructions.
5. Verify that the Client for Microsoft Networks is installed in the computer. On the Windows XP
desktop, click Start, Control Panel, and double click Network Connections. Right click the Local
Area Connection icon and select Properties.
On the Windows 2000 Desktop, right click the My Network Places icon and select Properties. Right
click the Local Area Connection icon and select Properties.
6. If the Client for Microsoft Networks is not loaded, click the Install… button, then select Client as
the type of network component that you wish to install.
7. Click the Add… button and select Client for Microsoft Networks.
8. With your operating system installer disk readily available, click the Have Disk… button and follow
any remaining instructions.
Add the Printer to the Windows Desktop
1. On the desktop, from Start, select Printers and Faxes.
2. Double-click Add Printer. From Printer Tasks, select
3. When the Add Printer Wizard displays, click Next.
4. Select Network Printer and click Next.
Add a printer.
WorkCentre 7425/7428/7435
System Administrator Guide
15
Installation
5. In Windows XP, on the Specify a Printer screen, select Connect to this printer (or to browse for a
printer, select this option and click Next). As a shortcut, if you know the UNC (Universal Naming
Convention) of the printer, enter it in the text box. Click Next.
In Windows 2000, on the Locate Your Printer screen, select Type the printer name or click next to
browse for a printer. Click Next.
6. When the Browse for Printer screen displays, wait for the screen to finish loading its list of Shared
Printers. The displayed format for many of these Shared Printers is the UNC of the Printer (for
example, \\computer (i.e. Server) name\share (i.e. Printer) name).
7. On the Browse for Printer screen, either click one of the displayed Servers or UNCs, or enter the UNC
of your server and its shared printer. Click Next.
8. When prompted for the driver files, select Have Disk and browse to the location of your print driver.
9. Select the .INF file then click Open.
10. When the Install from Disk screen displays, verify the path and file name are correct and click OK.
11. Select the model that corresponds to your Printer and click Next.
12. Enter a name for your Printer and select either Yes or No for making this printer your default
Windows printer. Select Yes if you will be printing primarily to this printer from your Windows
applications. Click Next.
13. Select Ye s to print a test page. Click Next.
14. Click Finish.
Configure the Print Driver
1. On the desktop, from Start, select Printers and Faxes.
2. Right click the printer's icon and select Properties.
3. Use the available tabs to set the printer's job processing defaults, including enabling Bi-Directional
Communication. Additional settings may be accessed by clicking the Printing Preferences button
on the General Tab.
IPP Printing – Windows
IPP (the Internet Printing Protocol) enables the convenience of printing over the Internet or Intranet
through the creation of an IPP network port. This printing service is available for other computer
operating systems through downloads from the Microsoft Web site. Follow the instructions provided by
Microsoft to install the IPP service on operating systems other than Windows 2000 and XP.
Before You Start
1. Obtain the print driver for your computer's operating system. See Obtaining Drivers on page 13.
2. Print a Configuration Report. See Configuration Report on page 22.
3. On the Report, under the TCP/IP data label, verify that the printer has a valid IP Address, Subnet
Mask, and Gateway displayed. If it does not, assign these addresses to the printer. For more
information see TCP/IP Protocol Configuration on page 43.
4. On the Report, verify that Port 9100 is displayed with a Port Status of Enabled. If it is not, enable
Port 9100. Click the Port Status in the Connectivity folder on the Properties tab of
CentreWare Internet Services and make sure that the Port 9100 check box is selected.
WorkCentre 7425/7428/7435
16
System Administrator Guide
Print Driver Installation
5. On the report, verify that IPP is enabled. If it is not, enable it. See IPP Configuration on page 54.
6. Verify that IPP is using DNS to resolve Host Names to IP Addresses in support of IPP printing. Enter
your printer’s IP address into your Web browser’s address field to access
CentreWare Internet Services. Click the Properties tab. Click the Connectivity folder, then on the
Protocols folder and select IPP. Verify that the DNS Enablement check box is selected.
Verify that TCP/IP is Installed in the Computer
1. On the Windows 2000 Desktop, right click the My Network Places icon and select Properties. Right
click the Local Area Connection icon and select Properties.
On the Windows XP desktop, click Start, Control Panel, and double click Network Connections.
2. Right click the Local Area Connection icon and select Properties.
3. Verify that the Internet Protocol (TCP/IP) has been loaded. If it has, click this item and click the
Properties button to verify that this computer is using either a dynamic or static method to obtain
a valid TCP/IP address.
4. If the TCP/IP protocol is not loaded, click the Install… button, then select Protocol as the type of
network component that you wish to install. Click the Add… button and select Internet Protocol
(TCP/IP).
5. With your Operating System Installer Disk readily available, click Have Disk… and follow any
remaining instructions.
6. Once the protocol has been installed, you can click the item and click the Properties button to verify
or set up the method being used for TCP/IP addressing.
Add the Printer to the Windows Desktop
1. On the desktop, from the Start menu, select Printers and Faxes. The Vista path is Start\Control
Panel\Printer(s).
2. On Windows XP, from Printer Tasks, select Add a printer.
3. When the Add Printer Wizard displays, click Next.
4. Select Network Printer and click Next.
5. To create an IPP printer select Connect to a printer on the Internet….
6. Type http:// followed by the printer's fully qualified Domain name or IP address in the URL field.
You may have to type /ipp after the printer's name or ip address. the printer's name can be either
the Internet Host Name or the SMB Host Name as shown on the printer's Configuration Report,
depending on the name resolution used by your network (DNS or WINS).
7. Click Next.
8. When prompted for the driver files, select Have Disk
and browse to the location of your print driver.
9. Select the .INF file then click Open.
10. When the Install from Disk screen displays, verify the path and file name are correct and click OK.
11. Select the model that corresponds to your printer and click Next.
12. Enter a name for your printer and select either Yes or No for making this printer your default
Windows printer. Select Yes if you will be printing primarily to this printer from your Windows
applications. Click Next.
13. Select Ye s to print a test page. Click Next.
14. Click Finish.
WorkCentre 7425/7428/7435
System Administrator Guide
17
Installation
Configure the Print Driver
1. On the Windows XP desktop, from Start, select Printers and Faxes. The Vista path is Start\Control
Panel\Printer(s).
2. Right click the printer's icon and select Properties. Use the available tabs to set the printer's job
processing defaults, including enabling Bi-Directional Communication. Additional settings may be
accessed by clicking the Printing Preferences button on the General tab.
EtherTalk (AppleTalk) Peer to Peer Printing
Before You Start
1. Obtain the print driver for your computer's operating system. See Obtaining Drivers on page 13.
2. Print a Configuration Report. See Configuration Report on page 22.
3. On the Configuration Report, under the EtherTalk data label, verify that the EtherTalk port is
enabled, and that the printer has been assigned an EtherTalk (Printer) Name and an EtherTalk
zone. If one or more of these parameters needs to be configured, see EtherTalk (AppleTalk)
Configuration on page 57.
Installation Instructions for Macintosh OS X 10.3 and Newer
1. Double click to open the folder containing the drivers.
2. Double click to open the machine model.dmg.
3. Double click to open the machine model.pkg file.
4. When the Welcome screen displays, click Continue.
5. Click Continue, then Agree or Accept to accept the License Agreement.
6. Select the required disk (if necessary) where you want to install the printer. Click Continue.
7. Click Install.
8. Click Close, and restart the computer.
9. When the computer has restarted, double click the hard drive icon.
10. Double click the Applications icon.
11. Double click the Utilities folder.
12. Double click Print Center icon.
13. Double click Add to add a new printer.
14. Select AppleTalk as your network protocol.
15. Select the required AppleTalk zone.
16. Select the printer that you wish to set up.
17. Select the Printer Model (that is, choose the PPD for your printer).
18. Click Add.
19. Print a document from an application to verify that the printer is installed correctly.
WorkCentre 7425/7428/7435
18
System Administrator Guide
Print Driver Installation
Common UNIX Printing System (CUPS)
Overview
The Common UNIXS Printing System (CUPS) was created by Easy Software Products in 1998 as a
modern replacement for the Berkeley Line Printer Daemon (LPD) and AT&T Line Printer (LP) system
designed in the 1970's for printing text to line printers.
Currently available for downloading from a number of sources on the Internet, such as www.cups.org,
CUPS is offered in both source code and binary distributions.
Before You Start
Verify that IPP and Port 9100 are enabled at your printer. For more information see IPP Configuration
on page 54 and Configure Port 9100 (Raw Printing) on page 51.
Installing CUPS on the UNIX computer
The instructions for installing and building CUPS are contained in the CUPS Software Administrators
Manual, written and copyrighted by Easy Software Products and available for downloading at
www.cups.org/documentation.php. An Overview of the Common UNIX Printing System, Version 1.1 by
Easy Software is also available at this site.
A case history of the building and installation of CUPS source code on a FreeBSD 4.2 machine, is
described in the article entitled Using CUPS – the Common UNIX Printing System, by Ralph Krause,
available at www.cups.org, through thes/documentation/tutorials/BSD Today – Using CUPS selections.
Directory locations for the CUPS files, as described in this article, are the following:
• Programs were copied to /usr/local/bin and usr/local/sbin.
• Documentation was copied to /usr/local/share/docs/cups.
• A directory called /usr/local/share/cups was created for various CUPS data files.
• The configuration files were copied to /usr/local/etc/cups.
The binary distribution of CUPS is available in tar format with installation and removal scripts, as well
as in rpm and dpkg formats for RedHat and Debian versions of Linux. After logging into the computer
as root (su) and downloading the appropriate files to the root directory, the CUPS installation process
begins as follows:
Tar format:
After untarring the files, run the installation script with ./cups.install (and press Enter).
RPM format:
rpm -e lpr
rpm -i cups-1.1-linux-M.m.n-intel.rpm (and press Enter).
WorkCentre 7425/7428/7435
System Administrator Guide
19
Installation
Debian format:
dpkg -i cups-1.1-linux-M.m.n-intel.deb (and press Enter).
Note: RedHat Linux, versions 7.3 and newer, include CUPS support, so software downloading is
unnecessary. Also, CUPS is the default printing system used by Mandrake Linux.
Installing the Xerox PPD on the Computer
The Xerox PPD for CUPS should be available on one of the CDs that came with your printer. If you no
longer have the CDs, download the PPD from:
www.xerox.com/office/WC7425_WC7428_WC7435support.
From the CD or from the downloaded Internet file, with root privileges copy the PPD into your cups ppd
folder on your computer. If you are unsure of the folder's location, use the Find command to locate the
ppd's. An example of the location of the ppd.gz files in RedHat 8.1 is /usr/share/cups/model.
Adding the Xerox Printer
1. Use the PS command to make sure that the CUPS daemon is running. The daemon can be
restarted from Linux using the init.d script that was created when the CUPS RPM was installed. The
command is > /etc/init.d/cups restart. A similar script or directory entry should have been created in
System V and BSD. For the example of CUPS built and installed on a FreeBSD 4.2 machine from the
source code, run cupsd from /usr/local/sbin. (cd /usr/local/sbin cupsd press Enter).
2. Type http://localhost:631/admin into the address (URL) box of your Web browser and press Enter.
3. For User ID, type root. For the requested password, type the root password.
4. Click Add Printer and follow the on screen prompts to add the printer to the CUPS printer list.
Printing with CUPS
CUPS supports the use of both the System V (lp) and Berkeley (lpr) printing commands.
• Use the -d option with the lp command to print to a specific printer.
lp -dprinter filename (and press Enter)
• Use the -P option with the lpr command to print to a specific printer.
lpr -Pprinter filename (and press Enter)
For complete information on CUPS printing capabilities, see the CUPS Software Users Manual available
from www.cups.org/documentation.php.
Installing Unicode Fonts
The Xerox Unicode 3.0 font kit for SAP is available for this printer. Install the Unicode fonts to print
documents in multiple languages, in an SAP environment. To order the kit, contact your Xerox
representative.
WorkCentre 7425/7428/7435
20
System Administrator Guide
Administrative Tools
This chapter includes:
• Configuration Report on page 22
• CentreWare Internet Services on page 23
3
21
Administrative Tools
Configuration Report
To print a Configuration Report:
1. Press the Machine Status button on the control panel.
2. Press the Print Reports button.
3. Press the Copy Reports button.
4. Press the Configuration Report button.
5. Press the green Start button, to the right of the control panel’s numeric keypad.
6. The printing process will be displayed on the touch screen.
The Configuration Report is formatted into two columns with horizontal ruled lines indicating four
distinct data display areas on the print.
• The first area displays System Settings.
• The second area displays Copy Service Settings.
• The third area displays Print Service Settings.
• The fourth area displays Communication Settings.
WorkCentre 7425/7428/7435
22
System Administrator Guide
CentreWare Internet Services
CentreWare Internet Services
CentreWare Internet Services is the Web interface to the HTTP server in the printer. It allows you to
configure the printer remotely from a Web browser on a network computer.
Note: You must set your Web browser so that it will not use a proxy server to access
CentreWare Internet Services.
System Administrator Login ID and Passcode
If authentication is enabled, you must enter the system administrator login ID and passcode to access
all printer settings. These credentials are required when accessing printer settings at the control panel.
and through CentreWare Internet Services. You are required to enter system administrator credentials
when accessing settings in the Properties tab in CentreWare Internet Services.
The default settings are:
•Administrator Login ID: admin
•Passcode: 1111
For more information see Authentication on page 62.
Changing Internet Services (HTTP) Settings
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Press the Too l s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. When the Port Settings menu displays, press the down arrow key to view additional selections.
8. Press the Internet Services (HTTP) selection line.
9. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
10. When the Internet Services (HTTP) menu displays, you have two settings available for selection.
The Port Settings menu selections are Port Status and Internet Services Port Number. After
pressing the selection line, to access available settings press the Change Settings button in the
lower right corner of the touch screen.
Enabling Internet Services (HTTP)
1. Press Port Status in the Internet Services (HTTP) menu.
2. Press the Change Settings button.
3. Press Enabled.
4. Press Save.
WorkCentre 7425/7428/7435
System Administrator Guide
23
Administrative Tools
5. To exit the screen, without making any changes, press the Cancel button.
Internet Services Port Number
1. Press Internet Services Port Number in the Internet Services (HTTP) menu.
2. Press Change Settings.
3. On the Port Number screen, use the keypad to enter the port number (default of 80).
4. Press Save.
5. Press Cancel to exit without making changes.
6. To exit the Internet Services Selection Menu touch Close in the upper right corner of the touch
screen.
7. To exit the Port Settings menu, returning to the printer's Tools screen, touch Close again.
Proxy Server Settings
To use the Web Service button on the printer (if available), which enables the printer to access HTTP
file servers on the Internet, you need to enter your Proxy Server information as described here.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select Proxy Server Settings folder.
6. Place a check mark in the Use Proxy Server check box.
7. From the Proxy Setup drop down menu, select either Same Proxy for All Protocols, or Different
Proxy for each Protocol, depending upon your Proxy Server setup.
8. In the Addresses to Bypass Proxy Server box, enter up to 1024 characters of IP addresses, fully
qualified host names, or wildcard host names (such as *.eng), separated by semicolons. Functioning
like the local address exception list in a typical Web browser, these addresses will be permitted to
bypass the Proxy Server.
9. For the HTTP or HTTPS Server Names, provide a name of up to 255 characters in length for one or
both of these Proxy Servers. A fully qualified domain name or IP address can be used.
Note: Make sure that DNS is enabled See TCP/IP Protocol Configuration on page 43.
10. Leave the Port Number set to 8080 (the IANA recognized proxy port) unless you are using a
different port number. If you are using a different port number, enter it in the available box.
11. Check the Authentication box if client authentication is required for the Proxy Server.
12. Enter the Login Name for access to the proxy server. Up to 32 characters can be entered.
13. Enter the Password for access to the proxy server. Up to 32 characters can be entered.
14. Click Apply.
15. Enter the System Administrator user ID and password when prompted and click OK.
WorkCentre 7425/7428/7435
24
System Administrator Guide
CentreWare Internet Services
Overview
CentreWare Internet Services contains the following main menu tabs:
• Status: View the status of the printer's trays and consumables.
• Jobs: View the current job queue, as well as a history of processed jobs.
• Print: Change Job Submission settings.
• Scan: Create and edit Distribution Templates.
• Properties: Allows you to configure the printer for job processing, options support, and network
communications.
Note: If authentication is enabled, you must enter the system administrator User Name and Password
(default admin, 1111) if prompted, to access the Properties tab.
• Support: View system administrator and Xerox contact information.
Status Tab
The Status tab allows you to see the status of the printer’s trays and consumables.
• General for a general description of the printer. Click Reboot Machine to restart the printer.
• Trays: View the status of the desired item.
• Consumables: View the status of the desired item.
Press Refresh a refresh a status page.
Jobs Tab
The Jobs tab allows you to view the current job queue, as well as a history of processed jobs.
• Active Jobs: View the current job queue.
• Job History List Folder: View a list of jobs that have been printed, copied, and scanned.
• Error History: View a list of Errors and the time and date when they occurred.
Print Tab
The Print tab allows you to edit job submission settings. Delivery methods include Immediate Print,
Sample Set, Delayed Print, and Secure Print. Click Browse… to locate your print-ready job. Click Submit
Job when you are ready to submit your job. For information, see Secure Print on page 87.
Note: Print-ready jobs must be in a file format that the printer recognizes (PostScript files with a .ps file
extension, for example).
WorkCentre 7425/7428/7435
System Administrator Guide
25
Administrative Tools
Scan Tab
Includes Job Templates, Folder, and Job Flow Sheets.
• Folder: Lets you create individual folders into which you can direct scanned documents. These
documents can then be retrieved and printed, either at the printer or locally at your computer, as
explained in the Scanning to the printer’s Hard Drive (Folder) topic. For more information see
Scanning to the Printer’s Hard Drive (Folders) on page 128.
• Job Templates: Customize and use Job Templates to scan and transfer documents directly to
Network Servers. For more information see Network Scanning (Using Templates) on page 112.
• Job Flow Sheets: Change the sheet type, and order and assign a user name. For more information
see Setup and Use of Job Flow Sheets with Folders on page 131.
Properties Tab
The Properties tab allows you to configure the printer's job processing options and network
communications settings.
Note: If authentication is enabled, you must enter the system administrator User Name and Password
(default admin, 1111) if prompted to access the Properties tab. You may also be prompted for the user
name and password when changing settings in the Properties tab.
• Configuration Overview: Provides shortcuts to commonly used configuration pages within the
Properties tab. Click Settings, then Configure, to go directly to the page without having to
navigate through the folders in the directory tree on the left.
• Description: Allows you to see and edit basic identification information about your printer.
General Setup Folder
The General Setup folder contains the following pages and folders:
• Configuration: Lists current printer settings such as memory allocation; available page description
languages and their version numbers; firmware (software) versions for the controller and printer
components; hard disk partition information; and hardware information (indicating the availability
of the Ethernet Port and Hard Disk, for example).
• Job Management: Allows you to set permissions that allow system administrators or general (non-
administrator) users to delete jobs from the printer’s print queue.
• Paper Tray Attributes: Provides a display of the available trays (including bypass), their media
settings, and tray selection order.
• Paper Settings: Displays paper settings, which can be manipulated and set for installed trays. See
the printer's User Guide for more information.
• Power Saver Settings: Displays the settings for low power mode and sleep mode. Low Power Mode
is selectable from 1 to 240 minutes. Sleep Mode is selectable from 1 to 240 minutes.
• Stored Job Settings: Set a minimum passcode length for jobs stored on the printer.
• Memory Settings: View or change the amount of memory allocated on the hard drive for spooling
incoming jobs into buffers (dedicated to specific ports or protocols).
• Internet Services Settings: View or change the Auto Refresh Interval, or the Display Language (if
available).
WorkCentre 7425/7428/7435
26
System Administrator Guide
CentreWare Internet Services
• Pool Server Settings: Set up the login details from this device to a remote template pool server.
• Cloning: Copy the settings and Web-generated scan templates of one printer and transfer them to
other printers operating with the same version of system software. Groups of settings can be
cloned, depending on the optional features installed on the printer.
• Alert Notification Folder
• Billing Meter Read Alerts: Set up an e-mail notification to the designated Billing Administrator
whenever billing meters are automatically read by the Meter Assistant.
• Supplies Data Sent Alerts: Set the receiving E-mail address for alerts from the Supplies
Assistant.
• Billing & Counters Folder: View the total number of pages, images, or jobs processed by the
printer.
• Smart eSolutions Folder: Set up automatic billing meter reading and supplies reporting. For more
information see Xerox Smart eSolutions on page 189.
Connectivity Folder
• Port Settings: Enable or disable ports. Note that if any selections, such as Port 9100 for example,
are unavailable for setting using the printer's control panel, they can be set here. You can enable or
disable the following ports:
•EtherTalk
• NetWare (for Novell networks)
•SNMP
•SMB
•LPD
• Port 9100
•Send E-mail
• Receive E-mail
• E-mail Notification Service
•Internet Services
•FTP Client
•IPP
• UPnP Discovery
•WebDAV
•Bonjour
•WSD
•SOAP
• Physical Connections Folder
• Ethernet: View or change Ethernet (speed) Settings from a drop down selection list. Selections
include: Auto (auto sensing), (10/100Base-TX), 100Base-TX (Half or Full Duplex), and 10BaseTX (Half or Full Duplex). The MAC Address of the printer is also displayed, but not editable.
• Parallel: View or change the enablement settings for Bi-Directional Communications (a check
box) and Auto Eject Time (Parallel Port Timeout), with a range of 5 to 1275 seconds.
WorkCentre 7425/7428/7435
System Administrator Guide
27
Administrative Tools
• USB: View or change the Auto Eject Time, which is the length of time the Controller will wait for
an end of job command before processing the job.
Note: Parallel and USB are options that must installed before they will be displayed.
• Protocols Folder: View or modify the communication protocols used by the printer. SMTP Server,
and POP3 Setup allow you to configure E-mail server addresses, for E-mail scanning. Set your proxy
server parameters for Meter Assistant and Web Service (if available)on the Proxy Server page.
• LDAP Folder: The LDAP folder contains the same settings available under Authentication
Configuration in the Security folder. This allows you to configure authentication for the printer
using LDAP, or to independently configure LDAP for use with the printer, such as in address
book for E-mail.
Services Folder
• Print Mode: Set the page description language emulation used by the printer's input ports
displayed on the screen. Depending upon the Ports enabled at the printer, the list of ports will
include: Parallel, AppleTalk (with PostScript), SMB, LPD, IPP and Port 9100. Typical page description
selections for each port include: Auto (auto select), PostScript, HP-GL/2, PCL, and TIFF/JPEG.
• Language Emulations Folder: View and change the printer's default preferences for processing
Page Description Languages.
• E-mail Folder: View and change the printer's default E-mail message settings, and import a public
address book from a .CSV file, for use with E-mail, Fax, and Internet Fax. Click the Browse… button
to locate your CSV formatted file, then click Import Now.
• Internet Fax: View and change the printer's default Internet Fax message settings, and import a
public address book from a .CSV file, for use with E-mail, Fax, and Internet Fax. Click the Browse…
button to locate your CSV formatted file, then click Import Now.
• Fax Folder: View and change the printer's default Fax and Server Fax setttings, and import a public
address book from a .CSV file, for use with E-mail, Fax, and Internet Fax. Click the Browse… button
to locate your CSV formatted file, then click Import Now. Enable or disable Confirmation printing
(Server Fax).
• Network Scanning Folder: Set up Network Scanning using Templates.
• Machine Software Folder:
• Upgrades: Enable the printer for software upgrades.
• Manual Upgrade: Upgrade the printer software.
• Xerox Services Folder: Set up the Xerox Communication Server. This is the Xerox server that
supports automatic billing and supplies reporting. For more information see Xerox Smart eSolutions
on page 189.
• Custom Services Folder
• Validation Options: Works with a validation server, which is used in an enterprise network to
certify the authenticity of Digital Certificates used for file encryption. Note that Digital
Certificates typically work with SSL/TLS encryption, which is set up from the Machine Digital
Certificate Management in the Security folder. The host name and path settings for a
validation server are set up through the Validation Server in the Network Scanning subfolder.
• Custom Services: Enable Custom Services and Password Transmission.
WorkCentre 7425/7428/7435
28
System Administrator Guide
CentreWare Internet Services
Accounting Folder
Configure Accounting server and login options.
Security Folder
• Authentication Configuration: Set up the printer with local and remote Authentication. User
Details Setup is used to configure the characteristics of the login prompt for User
Authentication.
• Remote Authentication Server: Configure authentication administered by a remote server.
• IP Filtering: Set up IP address restrictions for access to this device.
• Audit Log: Enable or disable the Audit Log.
• Machine Digital Certificate Management: Manage digital certificates stored on the printer.
• IP Sec: Configure IP Sec encryption.
• Certificates Management: Sets the categories for trusted certificate management (used with
digital certificates).
• 802.1x : Enable and configure 802.1x settings.
• SSL / TLS: Configure the settings for SSL / TLS encryption.
• PDF / XPS Security Settings: Add a digital signature to PDF and XPS files.
• System Administrator Settings: Change the Login ID and Passcode used by the System
Administrator to access Tools on the printer’s control panel, and to modify Properties in
CentreWare Internet Services.
Details of Some Properties Tab Features
Setting TIFF (and other PDL) Processing Properties
To set the Printer's default TIFF / JPEG, PostScript, PCL, or HP-GL/2 processing properties, perform the
following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Services folder.
5. Click the Printing folder, then the Language Emulations folder.
6. Click TIFF / JPEG, or PostScript, or PCL, or HP-GL/2 to access the printer's list of default settings for
processing the selected Page Description Language.
7. Select a Printer number and click Edit (when available) to access a list of numerous processing
settings.
8. Click Apply.
WorkCentre 7425/7428/7435
System Administrator Guide
29
Administrative Tools
Setting PDL Emulations
To set the PDL (Page Description Language) Emulations, used by the printer's Input Ports, perform the
following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Services folder.
5. Click the Printing folder, then the Language Emulations folder.to see the Page Description
Languages currently supported by system software.
6. Click Print Mode to access a list of the printer's Input Ports, displaying the Page Description
Language emulations they are currently set to use.
7. Depending upon the Ports enabled at the printer, the list of displayed Ports includes: Parallel,
AppleTalk (with PostScript), SMB, LPD, IPP, WSD, and Port 9100. Typical Page Description
selections for each Port include: Auto (auto select), PostScript, HP-GL/2, PCL and TIFF/JPEG.
8. Click Apply.
Banner Sheet Printing
When documents are sent to print at the printer, a banner sheet is printed identifying the PC that sent
the print job. The banner sheet is printed on paper from a selected tray. When the selected tray is
empty, the printer will automatically switch to another tray with the same size paper and print the
banner sheet from that tray. The printer will continue to print banner sheets from this secondary tray
until the selected tray is refilled.
To set banner sheet printing and select a banner sheet paper tray:
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Touch System Settings.
6. In the Group column, touch Print Service Settings.
7. In the Features column, touch Other Settings.
8. On the Other Settings screen, in the Items column, touch Banner Sheet, then touch Change
Settings.
9. On the Banner Sheet screen, select one of the following:
•Off
• Start Sheet (the default choice)
•End Sheet
• Start Sheet & End Sheet
10. Touch Save.
WorkCentre 7425/7428/7435
30
System Administrator Guide
CentreWare Internet Services
11. To select a banner sheet tray:
a. On the Other Settings screen, in the Items column, touch Banner Sheet Tray, then touch
Change Settings.
b. Select the tray that will hold the banner sheet paper.
c. Tray 3 is the suggested choice, with Tray 4 as the secondary tray.
12. Touch Save.
Set the Ethernet Speed
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Physical Connections folder.
5. Click Ethernet.
6. Select your network speed from the drop down list.
7. Click Apply, then click Reboot Machine.
Configure TCP/IP Settings
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Click the Connectivity folder, then the Protocols folder.
4. Click TCP/IP.
5. Review the available selections as displayed on your screen and explained in the TCP/IP
Configuration Selection List, below.
6. Accept the default Host Name, or type in your own unique Host Name for this printer.
7. Select the desired method for obtaining an IP Address.
8. If Static is selected, type in the addresses that apply for IP Address, Subnet Mask, and Gateway.
Caution: Changing the IP address for the printer will affect NetBIOS/IP, LPR/LPD, FTP, SNMP, and Port
9100 printing. It will also interrupt the ability to communicate with the printer using the
CentreWare Internet Services. When you change the printer's IP Address, make sure to print out a
Configuration Report so that you have a record of the TCP/IP addresses for use with computers that
need to communicate with the printer using TCP/IP.
Note: If DHCP or BOOTP addressing method is selected, you cannot manually change the IP Address,
Subnet Mask, or Gateway. Select Manual if you wish to manually enter these addresses.
Note: When using DHCP, set a reasonably long Lease Time for the IP Address so that the printer can be
restarted, when taken out of service for maintenance, without being assigned a new IP Address.
Note: Upon rebooting, when the system comes up, if it can’t locate a DHCP server on the network it will
use whatever IP address it was previously configured with.
WorkCentre 7425/7428/7435
System Administrator Guide
31
Administrative Tools
9. Determine the method to use to supply the DNS Server IP Addresses (to resolve Host Names with
IP Addresses).
10. Determine whether or not Dynamic DNS should be enabled.
11. Click Apply, then click Reboot Machine.
TCP/IP Configuration Selection List
As displayed on your screen, the following selections are available for TCP/IP Configuration.
• IP Mode: Select the IP Mode that applies to your network environment.
• General
• Host Name: The default entry assures a name that is unique to this device on the network.
• IP Address Resolution: Use this drop down menu to select the method to use to assign IP
Addresses. Select Static, DHCP, RARP, BOOTP, or DHCP/Autonet. Note that with the Autonet
option selected, if a Windows 2000 client can’t contact the DHCP server, it will assign itself an
IP address from the 169.254.0.0 class B address space. This is also known as zero configuration,
or Bonjour, networking. Make sure to check the Enabled box for Self Assigned Address at the
bottom of your screen.
• IP Address: To be filled in manually only when Static addressing is selected.
• Subnet Mask: To be filled in manually only when Static addressing is selected.
• Gateway Address: To be filled in manually only when Static addressing is selected.
• Domain Name: Enter the fully qualified domain name here. For example: xerox.com.
• DNS Configuration
• DNS Server Address Resolution: If enabled with a check mark, the printer will contact the
DHCP Server for the IP Addresses of up to three DNS Servers. If unchecked, this information
must be entered manually.
• Three DNS Address boxes are supplied for the manual entry of DNS Server addresses.
• Dynamic DNS Update: If your DNS Server does not support dynamic IP address updates there
is no need to enable this check box. Check the Overwrite box to enable DNS information
overwriting.
• Generate Domain Search List Automatically: A check box is provided for enabling automatic
Domain searches.
• Domain Names 1,2,3: Three text boxes are provided for the entry of Domains to search (for
example, Xerox.com).
• Connection Timeout: An entry box is provided for entering a Timeout for searches of Domains.
• Zero Configuration Networking: Used with DHCP/Autonet selected from the IP Address
Resolution drop down menu, when this box is checked the printer will assign itself an IP address
from the 169.254.0.0 class B address space.
Note: Changes to TCP/IP settings will not be applied until you restart (reboot) the printer.
WorkCentre 7425/7428/7435
32
System Administrator Guide
CentreWare Internet Services
Configure LPD
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select LPD in the directory tree.
6. The available selections include:
• Port Number: (Default value is 515.) As this is the port for the TCP Spooler assigned by the
IANA (Internet Assigned Numbers Authority), the default value should not need to be
changed.
• TBCP Filter: (Displayed when PostScript is enabled).
• Connection Time-Out
• Maximum Number of Sessions: Enter the maximum number of simultaneously connected
hosts for this interface.
7. Enter a Time Out value for jobs being sent to the printer through this port. This is the length of
time that the controller will wait for an end of job command before printing the current job.
8. Click the Apply to accept the changes, or Undo to return the settings to their previous values.
Note: Changes to settings are not applied until you restart the printer. A Reboot Machine button is
available on the Status Tab of CentreWare Internet Services.
Configure SNMP
It is possible to remotely define and modify GET (Read Only), SET (Read/Write), and Trap SNMP
(Simple Network Management Protocol) community names for the printer. You can also enter the
System Administrator's Name here for packet identification purposes.
SNMP Community Name properties that can be configured
• Community Name (Read Only): This is the password for SNMP GET requests from the SNMP
Manager to the Agent in the printer. Applications, such as Xerox Printer Map or CentreWare
Conductor, obtaining information from the printer by SNMP use this password.
• Community Name (Read/Write): This is the password for SNMP SET requests from the SNMP
Manager to the Agent in the printer. Applications, such as Xerox Printer Map or CentreWare
Conductor, which set information on the printer by SNMP use this password.
• Community Name (Trap Notification): This is the default password for SNMP TRAPS sent from
the printer to the Manager by SNMP.
WorkCentre 7425/7428/7435
System Administrator Guide
33
Administrative Tools
Configuring SNMP Community Names in CentreWare Internet Services
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select SNMP Configuration in the directory tree, and check the Enable box for the version desired.
6. Enter a name for Community Name (Read Only), also known as GET.
7. Enter a name for Community Name (Read/Write), also known as SET.
Caution: Caution: If you change the GET and/or SET Community Names, you must also change the
names in all network applications that are communicating by SNMP with this printer.
8. Enter a name for Community Name (Trap Notification). This is the default password for SNMP
TRAPS sent from the printer to the Manager by SNMP.
9. Optionally enter the System Administrator's name for packet identification purposes.
10. Select a trap and click Edit in the Trap Notification Settings section.
11. Select your transport method (IPX or UDP) and fill in the trap destination information for your
selected method.
12. Select the event(s) that you wish to report on by checking the applicable box(es).
13. Click Apply to accept the changes, or the Undo button to return the settings to their previous
values.
Note: Changes to settings will not be applied until you restart the printer. A Reboot Machine button is
available on the Status Tab of CentreWare Internet Services.
Configuring IPP
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select IPP in the directory tree.
6. The available selections include:
• Port Number Static Display: This is the port number assigned by IANA (Internet Assigned
Numbers Authority. The default value is 631.
• Additional Port Number: You can enter port 80 (HTTP) here as a backup port.
• TBCP Filter: Displayed when PostScript is enabled.
• Administrator Mode: This is disabled by default.
• DNS
• Connection Time-out
7. Select the DNS check box. The DNS Server will be available to resolve Host Names to IP Addresses,
in support of printing with IPP.
WorkCentre 7425/7428/7435
34
System Administrator Guide
CentreWare Internet Services
8. Enter a Connection Time Out value for jobs being sent to the printer through this Port. This is the
length of time that the Controller will wait for an end of job command before printing the current
job.
9. Click Apply to accept changes, or Undo to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer. There is a Reboot Machine button
on the Status tab of CentreWare Internet Services.
Modify the HTTP (Internet Services) Settings
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select HTTP in the directory tree.
6. The available selections include:
• Port Number: The default value is 80, which is the HTTP Port number assigned by the IANA
(Internet Assigned Numbers Authority). This default value should not need to be changed.
• Maximum Connections
• Connection Time-out
• Secure HTTP (SSL): Select the check box to set all HTTP communications with the printer to
encrypted communications. If you do this you will have to have a digital certificate installed on
the printer. For more information see Configuration of HTTPS (SSL/TLS) Communication
Encryption on page 76.
• Secure HTTP Port Number: HTTP traffic will be routed to this port when using HTTP with SSL
encryption.
7. In the Maximum Connections entry box, accept the default value, or enter a number for the
maximum number of hosts (networked computers) that can be connected to the printer's HTTP
Server (CentreWare Internet Services) at one time.
8. In the Connection Time-Out entry box, accept the default value, or enter the number of seconds
that a browser connection can remain open without any activity.
9. Click Apply to apply setting changes, or Undo to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer. There is a Reboot Machine button
on the Status Tab of CentreWare Internet Services.
WorkCentre 7425/7428/7435
System Administrator Guide
35
Administrative Tools
Configure WSD (Web Services on Devices)
As stated by Microsoft, WSD is Microsoft’s implementation of the printers Profile for Web Services
(DPWS) standard, a specification that enables devices, such as printers, cell phones, cameras, and
home entertainment centers, to use standard Web-based protocols (HTTP and UDP) to discover one
another, advertise their services over the IP (versions 4 or 6) network, and report on their operational
status.
Typically, a device such as a network printer will use a small amount of flash memory to store WSDrelated information. The WSD device then advertises a primary endpoint that can be located through
WS-Discovery (via UDP) on a Windows Vista client.
The endpoint supplies metadata about itself through WS-Metadata Transfer. This information typically
includes manufacturer, device information, and service host metadata (information on offered
services).
WSD provides two way communication, enabling a printer to both receive jobs and to send status
notifications to Windows clients when events occur, such as supplies running low.
To configure this printer for WSD, perform the following steps.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select WSD in the directory tree.
6. The available selections include:
• Port Number: Enter the port number between 1 and 65535. Port 80 is the recommended HTTP
default. Do not use the numbers assigned to the other ports.
• TBCP Filter: Check to enable TBCP Filter when PostScript data is to be processed. This is only
available when the optional PostScript 3 kit is installed. When the transmission data includes
binary data or EPS data, disable this. For Windows, follow the Output Protocol setting in the
printer Settings tab of the Properties screen of the print driver.
• Data Receive Time-Out: Enter the timeout period for receiving data from WSD clients between
1 and 65535 seconds in 1 second increments.
• Notification Delivery Time-Out: Enter the timeout period for notification delivery to WSD
clients between 1 and 60 seconds in 1 second increments.
• Maximum TTL: The Time to Live setting (in seconds) for undelivered IP datagrams (such as
UDP being used with WSD). Enter a value 1 and 10.
• Maximum Number of Subscribers: Enter the maximum number of clients for reserved
notification between 1 and 200.
7. Click Apply to apply setting changes, or the Undo button to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer. There is a convenient button on the
Status Tab of CentreWare Internet Services.
WorkCentre 7425/7428/7435
36
System Administrator Guide
CentreWare Internet Services
Configure Port 9100 (Raw Printing)
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Select Port 9100.
6. The available selections include:
• TCP Port Number: The default is 9100. This does not need to be changed.
• TBCP Filter: Displayed when PostScript is enabled.
• Connection Time-Out
7. Enter a Time Out value for jobs being sent to the printer through this port. This is the length of time
that the Controller will wait for an end of job command before printing the current job.
8. Click Apply to accept changes, or Undo to return settings to their previous values.
Note: Setting changes are not applied until you restart the printer.
Note: If Port 9100 is not displayed in the Properties Tab directory tree, click Port Status in the directory
tree. Use your mouse to place a check mark in the check box on the Port 9100 line. Click the Apply
button, then click the Reboot Machine button (always available on the Status Tab) to remotely reboot
the printer.
IP Filtering (IP Address Restriction)
Using CentreWare Internet Services, access to the printer's Services can be restricted by Host IP
Address.
To restrict device access, perform the following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Select IP Filtering.
6. Choose which IP Filtering to apply depending upon the address space used with your network.
Note that IPv4 is the traditional (xxx.xxx.xxx.xxx) address space used with TCP/IP networks.
• IP Filter Enablement: If enabled with a check mark, access to the printer's services will be
restricted to the list of IP Addresses and Subnet Masks specified by clicking the Edit button. If
disabled (unchecked), host access to the printer is universal (unrestricted).
• Add or Edit: When this button is clicked, a list of ten lines of IP Address and Subnet Mask entry
boxes is displayed. Sometimes referred to as a restriction list, this list is used to supply the IP
Addresses and Subnet Masks of up to ten hosts (individual computers) that are authorized to
access the printer's services. All other hosts, not specified in this list, will be prevented from
accessing the printer's services.
WorkCentre 7425/7428/7435
System Administrator Guide
37
Administrative Tools
7. Click Apply when done.
Note: Changes to settings are not applied until you restart the printer. A Reboot Machine button is
available on the Status Tab of CentreWare Internet Services.
Configure EtherTalk (AppleTalk)
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols file folder.
5. Select EtherTalk in the directory tree.
Note: If EtherTalk is not displayed in the Properties Tab directory tree, click the Port Settings in the
directory tree. Use your mouse to place a check mark in the check box on the EtherTalk line. Click the
Apply button.
6. The available selections include:
•Printer Name
• Zone Name
7. Enter the name that you wish to assign to this printer. This is the name that will appear in the
Chooser.
8. Either accept the default zone of * which lets the closest router assign the printer to a zone, or
assign the printer to a zone (with a 32 character naming limit).
9. Click the Apply button to accept changes, or Undo to return settings to their previous values.
Note: Changes to settings are not applied until you restart the printer. A Reboot Machine button is
available on the Status Tab of CentreWare Internet Services.
E-mail, SMTP, and POP3 Settings
You can change E-mail, SMTP, and POP3 settings in CentreWare Internet Services. For complete
information on required E-mail settings, see Scan to E-mail on page 100.
Bonjour (if available)
Bonjour (also called Zero-Configuration Networking) allows devices to communicate using 169.254/16
IPv4 addressing, over the same physical or logical (such as in ad hoc, or isolated (non- DHCP)
networks).
When the Bonjour protocol is enabled on ALL communicating devices, and those devices are
connected, Host names of the individual devices will be resolved to IPv4 addressing, without the use of
a DNS server, and IP communications can then take place.
WorkCentre 7425/7428/7435
38
System Administrator Guide
CentreWare Internet Services
To view the Host Name and Printer Name automatically assigned to this machine under Bonjour, do
the following:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Properties tab.
5. Click the Connectivity folder, then the Protocols folder.
6. Click Bonjour.
Note: If Bonjour is not displayed in the Properties tab, click Port Settings and check Bonjour. Click
Apply. If Bonjour is not available in the Port Settings list, click TCP/IP in the Protocols folder, and scroll
to the bottom of the displayed page to Zero-Configuration networking.
7. Make a note of the Host Name and Printer Name for reference in working with other Bonjour (zeroconfiguration) connected computers.
Note: You can change these names, however the Host Name must be unique on the network. The
automatically generated Host Name should assure its uniqueness. The Host Name has a 32 character
limit, while the Printer Name has a 62 character limit. If you change either name, be sure to click Apply.
You can reboot the printer remotely using the Reboot Machine button, which is available on the Status
Tab of CentreWare Internet Services.
Support Tab
Click Change Settings to edit the contact information.
WorkCentre 7425/7428/7435
System Administrator Guide
39
Administrative Tools
WorkCentre 7425/7428/7435
40
System Administrator Guide
Network Management
This chapter includes:
• General on page 42
• TCP/IP Protocol Configuration on page 43
• TCP/IP LPD Enablement on page 46
• TCP/IP Dynamic Addressing on page 48
• IP Filtering (IP Address Restriction) on page 50
• Configure Port 9100 (Raw Printing) on page 51
• Microsoft (NetBIOS over IP) Networks on page 52
• IPP Configuration on page 54
• EtherTalk (AppleTalk) Configuration on page 57
• AS400 Printing on page 59
4
41
Network Management
General
Ethernet Speed Setting
The printer's Ethernet Interface has speed settings of Auto (10/100Base-TX, 100Base-TX (Half or Full
Duplex), and 10Base-TX (Half or Full Duplex). By default the Ethernet Port Configuration is set to Auto.
To Change the Network Speed
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Protocol Settings.
7. When the Protocol Settings menu displays, the selection line labeled Ethernet Rated Speed.
8. Press the Change Settings button.
9. On the Ethernet Rated Speed screen note which one of the buttons is highlighted as the current
setting for Ethernet speed. The available settings are Auto (default), 100 Mbps Full Duplex, 100
Mbps Half Duplex, 10 Mbps Full Duplex, 10 Mbps Half Duplex.
10. To change settings, press your setting of choice, then press the Save button.
11. To exit the Ethernet Setting screen, without making any changes, press the Cancel button.
12. To exit the Protocol Settings menu, returning to the Tools tab, press the Close button.
13. Wait several seconds and the Auto Clear service should log you out.
Note: Note that if you changed any settings in the Protocol Settings menu, the printer will
automatically reboot to register and enable your new settings.
WorkCentre 7425/7428/7435
42
System Administrator Guide
TCP/IP Protocol Configuration
TCP/IP Protocol Configuration
To view or change the settings of the printer's TCP/IP Protocol Configuration, perform the following
steps:
Accessing TCP/IP Protocol Settings at the Printer
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Protocol Settings.
7. When the Protocol Settings menu displays, note that with the exception of selection one (Ethernet
Rated Speed), the remaining selections are specific to TCP/IP address settings. Choose your setting
by pressing the numbered, horizontal selection line on the touch screen. Note that the current
status of each setting is shown on the applicable line. After pressing a selection line, to access
available settings press the Change Settings button in the lower right corner of the touch screen.
TCP/IP – IP Mode
1. Press the selection line labeled TCP/IP – Mode.
2. Press Change Settings.
3. Select the IP Mode best suited to your network environment. Note that your choices include IPv4
Mode, IPv6 Mode, and Dual Stack. The printer supports IPv6 addressing with an automaticallybuilt Local Address for broadcasting to routers that can supply the network layer configuration
parameters.
4. For traditional networks (using an address space of xxx.xxx.xxx.xxx), select IPv4 and press Save.
5. Note that the printer may reboot.
IP Address Resolution
1. On the Protocol Settings menu, press the selection line labeled IPv4 (or other mode) Address
Resolution.
2. Press the Change Settings button.
3. On the settings screen, note which one of the buttons is highlighted as the current setting for the
TCP/IP Addressing method. The available settings are DHCP, BOOTP, RARP, DHCP/Autonet, and
STATIC. DHCP/Autonet is the default setting.
4. To change settings, press your selection of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
6. Press Close and, if you made any changes, the system will reboot.
WorkCentre 7425/7428/7435
System Administrator Guide
43
Network Management
IPv4 IP Address
1. Used for static IP Addressing (with STATIC selected as your addressing method), on the Protocol
Settings menu, press the selection line labeled IPv4 Address. Note that the IP Address may be
viewed, but not changed, with dynamic addressing enabled.
2. Press the Change Settings button.
3. On the settings screen, use the numeric keypad to enter the appropriate IP Address.
4. To save settings, press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
IPv4 Subnet Mask
1. Used for static IP Addressing (with STATIC selected as your addressing method), on the Protocol
Settings menu, press the selection line labeled IPv4 Subnet Mask. Note that the Subnet Mask may
be viewed, but not changed, with dynamic addressing enabled.
2. Press the Change Settings button.
3. On the settings screen, use the numeric keypad to enter the appropriate Subnet Mask.
4. To save settings, press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
IPv4 Gateway Address
1. Used for static IP Addressing (with STATIC selected as your addressing method), on the Protocol
Settings menu, press the selection line labeled IPv4 Gateway Address. Note that the Gateway
address may be viewed, but not changed, with dynamic addressing enabled.
2. Press the Change Settings button.
3. On the settings screen, use the numeric keypad to enter the appropriate gateway.
4. To save settings, press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
IPv4 IP Filter (IP Address Restriction)
Note: Before enabling the IPv4 IP filter, open CentreWare Internet Services on your computer. This will
prevent you from accidentally disabling communication with the printer from your computer (blocking
your own IP address).
1. In the Protocol Settings menu, press the selection line labeled IPv4 IP Filter.
2. Press the Change Settings button.
3. On the settings screen, note which of the two buttons is highlighted as the current setting for IP
Address restriction. The available settings are Enabled or Disabled. Disabled is the factory default
setting.
4. To change settings, press your setting of choice, then press the Save button.
5. To return to the Protocol Settings menu, without making changes, press the Cancel button.
WorkCentre 7425/7428/7435
44
System Administrator Guide
TCP/IP Protocol Configuration
Exiting the Protocol Settings Menu and Returning to the Tools Tab
1. To exit the Protocol Settings menu, returning to the Tools tab, press the Close button in the upper
right corner of the Protocol Settings menu screen.
2. Wait several seconds and the Auto Clear service should log you out.
Note: If you changed any settings in the Protocol Settings menu, the printer will automatically reboot
to register and enable your new settings.
WorkCentre 7425/7428/7435
System Administrator Guide
45
Network Management
TCP/IP LPD Enablement
To support TCP/IP printing through the computer's LPR port in the case of Windows XP, the LPD (Line
Printer Daemon) must be enabled at the printer.
Changing LPD Settings at the Printer
To view or change the printer's LPD setting, perform the following steps:
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. When the Port Settings menu displays, press the selection line labeled LPD.
8. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
9. When the LPD selections menu displays, note that you have a choice of setting selections by
numbered horizontal lines, with the current status of each setting shown. The Close button in the
upper right corner of the screen returns you to the Port Settings menu. After pressing the selection,
to access available settings press the Change Settings button in the lower right corner of the touch
screen.
Port Status (LPD Enablement)
1. On the LPD selections menu, press the selection line labeled Port Status.
2. Press the Change Settings button.
3. On the LPD Port Status screen, note which of the two buttons is highlighted as the current setting
for LPD Enablement. The available settings are Enabled or Disabled. For the LPD to function, it
must be set to Enabled.
4. To change settings, press your setting of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
LPD Port Number
1. On the LPD selections menu, press the selection line labeled LPD Port Number.
2. Press the Change Settings button.
3. Note the setting of Port 515, which is the recommended, default value. To change the setting, use
the keypad displayed on screen.
4. To change settings, press your setting of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
WorkCentre 7425/7428/7435
46
System Administrator Guide
TCP/IP LPD Enab lement
LPD Maximum Number of Sessions
1. Select LPD – Maximum Number of Sessions.
2. Press Change Settings.
3. Select a number from 1 to 10.
4. To change settings, press Save.
5. To exit, without making changes, press Cancel.
Exiting the LPD Selections Menu
To exit the LPD selections menu, which returns you to the Port Settings menu, press the Close button in
the upper right corner of the touch screen.
Exiting the Port Settings Menu and Returning to the Tools Tab
1. To exit the Port Settings menu, returning to the printer's Tools screen, press the Close button in the
upper right corner of the Port Settings menu screen.
2. Wait several seconds and the Auto Clear service should log you out.
Note: If you changed any settings in the Port Settings menu, the printer will automatically reboot to
register and enable your new settings.
WorkCentre 7425/7428/7435
System Administrator Guide
47
Network Management
TCP/IP Dynamic Addressing
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Click TCP/IP.
6. Review the available selections as displayed on your screen and explained in the TCP/IP
Configuration Selection List, below.
7. Accept the default Host Name, or type in your own unique Host Name for this printer.
8. Select DHCP or BOOTP as your method for obtaining an IP Address.
Caution: Changing the IP address for the printer will affect LPR/LPD, FTP, SNMP, and Port 9100
printing. It will also interrupt the ability to communicate with the printer using
CentreWare Internet Services. When you change the printer's IP Address, make sure to print out a
Configuration Report so that you have a record of the TCP/IP addresses for use with computers that
need to communicate with the printer using TCP/IP.
Note: When using DHCP, set a reasonably long Lease Time for the IP Address so that the printer can be
shut down and serviced, when required, without being continuously assigned a new IP Address.
Note: Upon rebooting, when the system comes up, if it can’t locate a DHCP server on the network it will
use whatever IP address it was previously configured with.
9. Determine the method to use to supply the DNS Server IP Addresses (to resolve Host Names with
IP Addresses).
10. Determine whether or not Dynamic DNS should be enabled.
11. Click Apply when done.
TCP/IP Configuration Selection List
As displayed on your screen, the following selections are available for TCP/IP Configuration.
IP Mode
Select the IP Mode that applies to your network environment.
General
• Host Name: The default entry assures a name that is unique to this device on the network.
• IP Address Resolution: Use this drop down menu to select the method to use to assign IP
Addresses. Select STATIC, DHCP, RARP, BOOTP, or DHCP/Autonet.
WorkCentre 7425/7428/7435
48
System Administrator Guide
TCP/IP Dynamic Addressing
Note that with the Autonet option selected, if a Windows 2000 client can’t contact the DHCP server, it
will assign itself an IP address from the 169.254.0.0 class B address space. This is also known as zero
configuration, or Bonjour, networking. Make sure to check the Enabled box for Self Assigned Address at
the bottom of your screen.
• IP Address: To be filled in manually only when Static addressing is selected.
• Subnet Mask: To be filled in manually only when Static addressing is selected.
• Gateway Address: To be filled in manually only when Static addressing is selected.
Domain Name
Enter the fully qualified domain name here. For example: xerox.com.
DNS Configuration
• DHCP Address Resolution: If enabled with a check mark, the printer will contact the DHCP Server
for the IP Addresses of up to three DNS Servers. If unchecked, this information must be entered
manually.
• DNS Server Addresses
• Dynamic DNS Update: If your DNS Server does not support dynamic IP address updates there is
no need to enable this check box. Check the Overwrite box to enable DNS information overwriting.
• Generate Domain Search List Automatically: A check box is provided for enabling automatic
Domain searches.
• Domain Names 1,2,3: Three text boxes are provided for the entry of Domains to search (for
example, Xerox.com).
• Connection Timeout: An entry box is provided for entering a Timeout for searches of Domains.
Zero Configuration Networking
Used with DHCP/Autonet selected from the IP Address Resolution drop down menu, when this box is
checked the printer will assign itself an IP address from the 169.254.0.0 class B address space.
Changes to TCP/IP settings will not be applied until you restart (reboot) the printer.
WorkCentre 7425/7428/7435
System Administrator Guide
49
Network Management
IP Filtering (IP Address Restriction)
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Properties Tab .
5. Click the Security folder.
6. Select IP Filtering.
7. In either the IPv4 area or the IPv6 area, complete the following steps.
Note: IPv4 is the traditional (xxx.xxx.xxx.xxx) address space used with TCP/IP networks.
a. To allow universal, unrestricted access to the printer, clear the Enabled check box.
b. To restrict access to specific IP Addresses and Subnet Masks:
• Click the Enabled check box.
•Click Add or Edit to add or edit an IP address from which you intend to accept jobs. Click Apply.
Note: IP filtering will not work until at least one IP address has been added. This prevents turning off
ALL access to the printer.
•Click Delete to delete an IP address. Click Apply.
8. Click Apply when done.
9. Send a test job.
WorkCentre 7425/7428/7435
50
System Administrator Guide
Configure Port 9100 (Raw Printing)
Configure Port 9100 (Raw Printing)
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder on the left, then the Protocols folder.
5. Select Port 9100 in the directory tree.
6. The available selections include:
• TCP Port Number: The default value is 9100. This typically does not need to be changed.
• End of Job Timeout: Enter a Time Out value for jobs being sent to the printer through this
Port. This is the length of time that the Controller will wait for an end of job command before
printing the current job.
• TBCP Filter: A check box (displayed when PostScript is enabled).
7. Click the Apply button to accept changes, or the Undo button to return settings to their previous
values.
Note: Setting changes are not applied until you restart the printer.
Note: If Port 9100 is not displayed in the Properties Tab directory tree, click the Port Status in the
Connectivity folder in the tree. In the Port Status table, use your mouse to place a check mark in the
check box on the Port 9100 line. Click the Apply button, then click the Reboot button (always available
on the Status Tab) to remotely reboot the printer.
WorkCentre 7425/7428/7435
System Administrator Guide
51
Network Management
Microsoft (NetBIOS over IP) Networks
Before You Start
1. Print a Configuration Report. See Configuration Report on page 22.
2. Referring to the report, verify that SMB is enabled. To enable SMB at the printer, if required, follow
the procedure below.
3. Referring to the Configuration Report, verify that DNS is enabled. The use of Naming Servers is
required to resolve NetBIOS device names to IP addresses for packet routing over the TCP/IP
network.
4. To enable the printer to communicate with the Naming Servers, see TCP/IP Dynamic Addressing on
page 48.
5. When using WINS or DNS, be sure to refer to your Server Operating System documentation for the
appropriate procedure to use to enable NetBIOS name to IP address resolution on the Server.
Enabling SMB Setting at the Printer
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. When the Port Settings menu displays, press the SMB selection line.
8. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
9. When the SMB selection menu displays, note that you have only one setting available on a single,
numbered horizontal line. Press this selection line.
10. Press the Change Settings button.
11. On the SMB Port Status screen, note which of the two buttons is highlighted as the current setting
for SMB Enablement. The available settings are Enabled or Disabled. To enable SMB at the printer,
select the Enabled setting.
12. Press the Save button on the touch screen, which returns you to the SMB selection menu. (To exit
the screen, without making changes, press the Cancel button.)
13. Exit the SMB selection menu and return to the Port Settings menu by pressing the Close button in
the upper right corner of the touch screen.
14. Exit the Port Settings menu by pressing the Close button in the upper right corner of the Port
Settings menu screen.
15. To exit the Tools screen, wait several seconds for the Auto Clear service to log you out.
WorkCentre 7425/7428/7435
52
System Administrator Guide
Microsoft (NetBIOS over IP) Networks
Viewing or Configuring the SMB Host Name or WINS Server
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Properties Ta b .
5. Click the Connectivity folder, then the Protocols folder.
6. Select Microsoft Networking in the directory tree.
7. The available selections include:
• Tran sport
• Maximum Connections
• Workgroup Name
• SMB Host Name
• TBCP Filter: (Displayed when PostScript is enabled).
• An enabling check box for supporting Unicode (supplying the Host name and Workgroup name
in Unicode characters during SMB transmission).
• An enabling check box for Auto Master Mode. When the master browser for the workgroup
cannot be found, if this box is checked, this host will become the master browser.
• An enabling check box for Password Encryption (during SMB transmission).
• WINS Server: For using a WINS Server to resolve NetBIOS names (SMB host names) to IP
addresses.
8. Select TCP/IP from the Transport menu.
9. Accept the default value, or enter a value from 3 to 10, for maximum number of connections
allowed in Maximum Connections.
10. Accept the Workgroup name shown, or enter your own workgroup name.
11. Either accept the default SMB Host Name, which is automatically built by the printer to assure the
name's uniqueness, or enter your preferred name. Note that this will be the NetBIOS name that is
resolved by the Naming Server (DNS or WINS) to an IP Address for the printer.
12. If using a WINS server, enable the WINS Server Address Resolution check box. When enabled, the
printer will contact the DHCP Server for the IP Addresses of the Primary and Secondary WINS
(Windows Internet Naming Service) Servers. Note that two IP Address lines, with entry boxes, are
provided for manual entry (when DHCP is not selected).
13. To apply setting changes, click the Apply button, then click the Reboot button to reboot the printer.
To exit without making any changes, click the Undo button.
Note: To use the printer's NetBIOS name over the TCP/IP Network, the DNS and WINS Servers must be
configured for NetBIOS name to IP address resolution. Also, make sure that the printer is informed of
the addresses of the DNS/WINS Servers. For more information see TCP/IP Dynamic Addressing on
page 48 and Microsoft (NetBIOS over IP) Networks on page 52.
Setting Up a Computer to Print Directly to the printer
See Microsoft (NetBIOS over IP) Networks on page 52.
WorkCentre 7425/7428/7435
System Administrator Guide
53
Network Management
IPP Configuration
The Internet Printing Protocol provides a convenient way to print over the Internet or Intranet using
the printer's IP address. To support this type of printing, make sure that Port 9100 is enabled at the
printer. Click Port Status in the Connectivity folder on the Properties Tab of CentreWare Internet
Services and make sure that the check box on the Port 9100 line is checked. The Internet Printing
Protocol must also be enabled at the printer, and the Internet Print Service must be available and
installed on the individual computer's version of Windows. IPP support is already built into Windows
operating systems. For other desktop operating systems it is available as a download from Microsoft at
www.microsoft.com. The final step is to install the IPP print driver. For more information, see Print
Driver Installation on page 13.
Changing IPP Settings at the Printer
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. Press the IPP selection line on the Port Settings menu.
8. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
9. When the IPP selection menu displays, note that you have two selections available on numbered
horizontal lines. The first selection is Port Status. The second is IPP – Added Port Number. The Close
button in the upper right corner of the screen returns you to the Port Settings menu. After pressing
the horizontal line selection, to access available settings press the Change Settings button in the
lower right corner of the touch screen.
Port Status (IPP Enablement)
1. On the IPP selection menu, press Port Status.
2. Press the Change Settings button.
3. On the IPP Port Status screen, note which of the two buttons is highlighted as the current setting
for IPP Enablement. The available settings are Enabled or Disabled. To print with IPP, this setting
must be Enabled.
4. To change settings, press your setting of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
WorkCentre 7425/7428/7435
54
System Administrator Guide
IPP Configuration
IPP – Added Port Number
Note: If you just enabled the IPP port, the machine may have to reboot before you can view or change
the Port Number.
1. On the IPP Selection menu, press the selection line labeled IPP – Added Port Number.
2. Press the Change Settings button.
3. Use the displayed keypad to add a Port Number, such as 80 (the displayed default for HTTP).
4. To save the setting, press Save.
5. To exit the screen, without making any changes, press Cancel.
Exiting the IPP Selection Menu
To exit the IPP selection menu, which returns you to the Port Settings menu, press the Close button in
the upper right corner of the touch screen.
Exiting the Port Settings Menu and Returning to the Tools Tab
1. To exit the Port Settings menu, returning to the Tools screen, press the Close button in the upper
right corner of the Port Settings menu screen.
2. Wait several seconds and the Auto Clear service should log you out.
Note: If you changed any settings in the Port Settings menu, the printer will automatically reboot to
register and enable your new settings.
Configuring IPP Settings with CentreWare Internet Services
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Click IPP.
6. The available selections include:
• Port Number: The default value is 631. This is the port number assigned by IANA (Internet
Assigned Numbers Authority.
• Add Port Number
• TBCP Filter: Displayed when PostScript is enabled.
• Administrator Mode: This is disabled by default.
• DNS Enablement
• Connection Timeout
7. Verify that DNS is checked (Enabled) by default. If enabled, the DNS Server will resolve Host
Names to IP Addresses, in support of printing with IPP.
WorkCentre 7425/7428/7435
System Administrator Guide
55
Network Management
8. Enter a Time Out value for jobs being sent to the printer through this Port. This is the length of
time that the Controller will wait for an end of job command before printing the current job.
9. Click the Apply button to accept changes, or the Undo button to return settings to their previous
values.
Note: Setting changes are not applied until you restart the printer.
WorkCentre 7425/7428/7435
56
System Administrator Guide
EtherTalk (AppleTalk) Configuration
EtherTalk (AppleTalk) Configuration
The EtherTalk Protocol enables computer to printer communications over the EtherTalk (AppleTalk)
network.
Changing EtherTalk Settings at the Printer
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Press Connectivity & Network Setup.
6. Press Port Settings.
7. Press the EtherTalk selection line on the Port Settings menu.
8. Press the Change Settings button in the lower right corner of the Port Settings menu screen.
9. When the EtherTalk selection menu displays, note that you have only one selection available on a
single, numbered horizontal line, with the current status of this setting shown. The Close button in
the upper right corner of the screen returns you to the Port Settings menu. After pressing the
horizontal line selection, to access available settings press the Change Settings button in the lower
right corner of the touch screen.
Port Status (EtherTal k En ab le me nt )
1. On the EtherTalk selection menu, press the selection line labeled Port Status.
2. Press the Change Settings button.
3. On the Port Status screen, note which of the two buttons is highlighted as the current setting for
EtherTalk Enablement. The available settings are Enabled or Disabled. To print with EtherTalk, this
setting must be Enabled.
4. To change settings, press your setting of choice, then press the Save button.
5. To exit the screen, without making any changes, press the Cancel button.
Exiting the EtherTalk Selection Menu
To exit the EtherTalk selection menu, which returns you to the Port Settings menu, press the Close
button in the upper right corner of the touch screen.
WorkCentre 7425/7428/7435
System Administrator Guide
57
Network Management
Exiting the Port Settings Menu and Returning to the Tools Tab
1. To exit the Port Settings menu, returning to the Tools screen, press the Close button in the upper
right corner of the Port Settings menu screen.
2. Wait several seconds for the Auto Clear service to log you out.
Note: If you changed any settings in the Port Settings menu, the printer will automatically reboot to
register and enable your new settings.
Configuring EtherTalk Settings with CentreWare Internet Services
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder, then the Protocols folder.
5. Click AppleTalk (EtherTalk).
Note: If this selection is unavailable, click Port Status, check the EtherTalk box, then click Apply.
6. The available selections include:
• Printer Name: Enter the name that you wish to assign to this Printer. This is the name that will
appear in the Chooser.
• Zone Name: Either accept the default zone of * which lets the closest router assign the printer
to a zone, or assign the printer to a zone (with a 32 character naming limit).
7. Click Apply to accept changes, or Undo to return settings to their previous values.
Note: Setting changes are not applied until you restart (reboot) the printer.
WorkCentre 7425/7428/7435
58
System Administrator Guide
AS400 Printing
AS400 Printing
AS400 Raw TCP/IP Printing to Port 9100 (CRTDEVPRT)
This is the procedure to set up printing to a printer from an AS/400 using the SNMP drivers. This
procedure is intended for users familiar with the AS/400 system, especially those experienced with
printing in an AS/400 environment. The AS/400 must run V4R5 of OS/400 so that the SNMP drivers are
present (or V4R3/V4R4 with the most current PTFs installed). The printer must have port 9100 enabled.
To enable port 9100
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Connectivity folder.
5. Click the Protocols folder.
6. Select Port 9100 in the directory tree.
7. Ensure the Enabled box is checked to enable Raw TCP/IP Printing.
8. Leave the TCP Port Number set to 9100 for Port 1.
9. Leave the Bidirectional and Maximum Connections settings at their default values.
10. Set the End of Job Timeout to the number of seconds to wait before processing a job without an
End Of Job indicator.
11. Leave the PDL Switching Enabled box at its default value.
12. Click Apply to accept the changes, Undo to return the settings to their previous values, or Default
All to enter printer defaults for all settings (recommended).
Note: The settings are not applied until you restart the printer.
13. Click the Status Tab.
14. Click the Reboot Machine button and click OK to reboot the printer. The network controller takes
approximately 5 minutes to reboot and network connectivity will be unavailable during this time.
WorkCentre 7425/7428/7435
System Administrator Guide
59
Network Management
To create a device description
To create a device description from your terminal's command line.
1. Select the F-4 key to prompt the CRTDEVPRT command. Enter the following parameters:
• Device Description: Xeroxprinter
• Device Class: *lan
• Device Type: 3812
• Device Model: 1
2. Press Enter to continue, and enter the following parameters:
• Lan Attachment: *IP
• Port Number: 9100
• Online at IPL: *yes
• Font Identifier: 11
• Form Feed *autocut
Note: For some versions of AS400, the default may match some of these parameters.
3. Leave all other parameters at their defaults, press Enter, and enter the following parameters:
• Activation Timer: 170
• Inactivity Timer: *sec15
• Host Print Transform: *yes
4. Press Enter to continue, and enter the following parameter:
• Manufacturer Type and Model: *hp5si
5. Leave the remaining parameters set to their default values and press Enter to continue. Enter the
following parameters:
• Remote Location: Enter the IP address of the printer.
• User defined options: *IBMSHRCNN
• System driver program: *IBMSNMPDRV
6. Leave all other options set to the default values and press Enter. A message indicates that you
created the printer Xeroxprinter.
7. Set the printer on and start a print writer. Then place a spool file in the appropriate queue to test
the printer.
WorkCentre 7425/7428/7435
60
System Administrator Guide
Security
This chapter includes:
• Authentication on page 62
• Scheduled Image Overwrite on page 84
• Secure Watermark on page 85
• Secure Print on page 87
• Xerox Common Access Card on page 89
5
61
Security
Authentication
Overview
Procedure
1. Set up authentication
2. Set up authorization (LDAP authorization access)
3. Set up access control (device access, service access)
Users Types
• Authenticated Users: Are registered with the printer. When using a restricted service,
authenticated users are prompted to type their user IDs on the authentication screen.
• Guest Users: Are permitted to use the printer using the Guest password set by the System
Administrator.
Authentication Types
• No Login Required: Users can access any service without restriction. This is the default type for the
printer.
• Login to Local Accounts: This type uses the user information registered on the printer to manage
authentication.
Note: Setting Login Type to Login to Local Accounts automatically sets Accounting Type to Local
Accounting. Local Accounting cannot be disabed while Login Type is set to Login to Local Accounts.
• Login to Remote Accounts: Network Access (authentication) uses the user information managed
on a remote accounting service to manage authentication. Network Access allows a unified
management of user information for multiple devices.
Note: When registering user information on a remote authentication server, use up to 32 characters for
a user ID and up to 128 characters for a password. For SMB, the password limit is 32 characters.
• Login Type set to Xerox Secure Access: This authentication type is used for third-party solutions
that support Xerox Secure Access.
Effects of Authentication on Job Flow Sheets and Folders
When Login to Local Accounts is enabled, even if authentication is not enabled for the copy, fax, scan,
or print services, authentication will be required for folder and job flow sheet operations.
For full details on the effects of Authentication on Job Flow Sheets and Folders, refer to that topic in
the printer’s User Guide.
WorkCentre 7425/7428/7435
62
System Administrator Guide
Authentication
Configuring Authentication
Preparations:
1. Ensure that the printer is on and connected to the network.
2. Ensure that the TCP/IP and HTTP protocols are configured on the printer, and you can access
CentreWare Internet Services. For more information see CentreWare Internet Services on page 23.
3. Ensure that the Authentication Server to be used is functional on your network. Refer to your
manufacturer’s documentation for instructions to complete this task.
Configuring Local Machine Authentication
When Login to Local Accounts is enabled, the System Administrator can define pass codes for
authorized users (and guests, when the selection is available) to use to authenticate to the system and
access restricted services.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Select the Security folder, then Authentication Configuration. Enter your user name and
password at the prompt (default: admin, 1111).
5. Select Login to Local Accounts from the Login Type drop down list.
6. Select the Print Stored File from Folder, or Folder to PC/Server Enabled check boxes to enable
these services.
7. Select the Non-account Print Enabled check box if you want to enable printing for people without
accounts.
8. Click Apply, then click Reboot Machine.
9. Refresh your browser, click the Security folder, then Authentication Configuration.
10. Click Next.
11. To create or edit a user account, enter an Account Number in the Account Number box and click
Edit. You can have up to 1000 user accounts.
12. Set the following for the user.
• Feature Acce ss: Copy Service, Fax Service, Scan Service, Print Service
• User Role: System Administrator, Account Administrator, User, Authorization Group
Note: Authorization Group is a feature that has its own configuration options in CentreWare Internet
Services.
Note: Set each Feature Access as desired. Do not set a Feature Access to No Access, unless you wish to
deny user access to that specific feature.
13. Click Apply.
WorkCentre 7425/7428/7435
System Administrator Guide
63
Security
To configure Local Machine Authentication at the printer:
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Touch Authentication/Security Settings, then Authentication.
6. Touch Login Type to change the Login Type, or touch Access Control, then Feature Access to
change Feature Access.
To view, create and edit user accounts at the printer:
1. Touch Account in the To ol s tab.
2. Touch View User Accounts.
Configuring Remote Authentication
When Login to Remote Accounts is enabled, users of the printer will be asked to provide a user name
and password to be validated by the designated authentication server. If this validation is successful,
the printer and any restricted services will be available for individual use.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Select the Security folder, then the Authentication Configuration. Enter your user name and
password at the prompt (default: admin, 1111).
5. Select Login to Remote Accounts from the Login Type drop down list.
6. Select the Print Stored File from Folder, or Folder to PC/Server Enabled check boxes to enable
these services.
7. Select the Non-account Print Enabled check box if you wish to allow printing for a user without
and account.
8. If you want to allow guest access to the printer, select On next to Guest User. The default setting is
Off. If you select On, enter a Guest user name and a passcode (4 – 12 alphanumeric characters).
Retype the passcode.
9. To have the printer cache remote account information, select Enabled next to Save remote
accounts in this machine. Specify if you want to have the cached information deleted (click
Delete Remote Accounts), and specify how often you want to delete cached information by
selecting a deletion day, month and time.
10. Click Apply, then Reboot Machine.
11. Click Next.
12. Click Configure for Authentication System.
13. Select your system (Kerberos (Windows 2000), Kerberos (Solaris), LDAP, SMB, or Authentication
Agent)from the Authentication System Settings drop down list and click Apply.
14. Enter the Server Response Time-Out, and the Search Time-Out.
WorkCentre 7425/7428/7435
64
System Administrator Guide
Authentication
15. Select the Enabled check box next to Assign UPN (User Principal Name) if desired.
16. Click Reboot Machine.
Configure Remote Authentication for a Kerberos Server (Windows 2000 or Solaris)
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Click the Remote Authentication Servers folder. Enter your user name and password at the
prompt (default: admin, 1111).
6. Click Authentication System and pick Kerberos (Windows 2000) or Kerberos (Solaris) from the
drop down list. Click Apply, and click Reboot Machine.
7. Navigate back to the Remote Authentication Servers folder and click Kerberos Server.
8. Under Kerberso Server 1 (Default), enter the Primary Server Name / IP Address, Primary Port
Number (default port for a Kerberos server is 88), and the Domain Name (Realm name).
Note: Realm name for a Kerberos (Solaris) server should be in upper case. Example: YOURDOMAIN.NET
9. Enter the IP Address of the Primary Server.
10. The Secondary Server information is optional.
11. Enter details for up to 4 alternate Domain Controllers and backups, if required.
12. Click Apply, and supply the Administrator User name and password if prompted.
Configure Remote Authentication for SMB
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Click the Remote Authentication Servers folder. Enter your user name and password at the
prompt (default: admin, 1111).
6. Click Authentication System and pick SMB from the Authentication System Settings drop down
list.
7. Enter the Server Response Time-Out, and the Search Time-Out.
8. Select the Enabled check box next to
Assign UPN (User Principal Name) if desired.
9. Click Apply, and click Reboot Machine.
10. Click SMB Server.
11. From the SMB Server Setup drop down menu, select your desired method. The selections include:
By Domain Name, and By Domain Name and Server Address / IP Address.
12. Enter the Domain name (up to 15 characters) in the Domain Name box, for every Domain
Controller specified. This entry is required regardless of the selection made from the SMB Server
Setup drop down menu.
WorkCentre 7425/7428/7435
System Administrator Guide
65
Security
Note: FQDN requires DNS and SMB Host Name requires WINS to be enabled on the printer.
13. Enter the IP Address, FQDN, or SMB host name of the domain controller (up to 64 characters) in
the SMB Server 1 Server Name / IP Address box (if By Domain Name and Server Address / IP
Address was selected for SMB Server Setup).
14. Enter the IP Address, FQDN, or SMB host name of up to 4 additional SMB servers, if applicable.
Note: FQDN requires DNS and SMB Host Name requires WINS to be enabled on the printer.
15. Click Apply.
Configure Remote Authentication for LDAP
1. Set up the LDAP Server. For information about setting up an LDAP server, see LDAP Server
Configuration on page 106.
2. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
3. Click the Properties tab.
4. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
5. Click the Security folder.
6. Click the Remote Authentication Servers folder. Enter your user name and password at the
prompt (default: admin, 1111).
7. Click Authentication System and pick LDAP from the Authentication System Settings drop down
list.
8. Enter the Server Response Time-Out, and the Search Time-Out.
9. Select the Enabled check box next to Assign UPN (User Principal Name) if desired.
10. Click Apply, and click Reboot Machine.
LDAP User Mappings
You ca n clic k LDAP User Mappings to specify the attributes to search for within the LDAP database.
For more information about LDAP user mappings, see LDAP User Mappings on page 108.
LDAP Authentication
To set LDAP for authentication, click LDAP Authentication. For Authentication Method, choose either
Direct Authentication or Authentication of User Attributes. Direct Authentication uses the user name
and password entered by the User for authentication with the LDAP server. Authentication of User
Attributes allows you to specify the what is entered by the user (Attribute of Typed User Name) and
what is used by the device (Attribute of the Login User Name) to authenticate the user. If Use Added
Text String is enabled (default disabled), then what ever text is entered in the Text String Added to User
Name box is added to the user input prior to authentication.
Knowledge of LDAP Server authentication requirements and capabilities are required to properly
configure these settings.
WorkCentre 7425/7428/7435
66
System Administrator Guide
Authentication
LDAP Group Access
LDAP server user groups can be used to control access to the printer. For example, the LDAP server may
contain a group of users called Admin. You can configure the Admin group on the printer so that the
members of that group will have administrator access to the printer. When a user logs in at the printer
with their network authentication account, the printer performs an LDAP look-up to determine if the
user is a member of any groups. If the LDAP server confirms that the user is a member of the Admin
group, the user will have administrator access.
The following groups are available:
• Color Access Group
• System Administrator Access Group
• Account Administrator Authorization Group
In one of the group access boxes, enter a name for the group. Repeat for other group access boxes.
Note: Entries should be in base DN format (for instance, cn=Admin, ou=people, dc=xerox, dc=com).
Configuring Network Authentication (by a Remote Accounting server)
Network authentication uses the user information managed on a remote Accounting server to manage
authentication (access) to available machine services.
Enable Network Authentication
To enable Network Authentication for use with this printer, at your networked computer, perform the
following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Select the Security folder, then the Authentication Configuration.
5. Select Login to Remote Accounts from the Login Type drop down list.
6. Select the Print Stored File from Folder, or Folder to PC/Server Enabled check boxes to enable
these services.
7. Select the Non-account Print Enabled check box if you want to enable printing for people without
accounts.
8. Click Apply, then click Reboot Machine.
9. Refresh your browser, click the Accounting folder, then Accounting Configuration.
10. Select Network Accounting from the Accounting Type drop down list.
11. From the Verify User Details drop down menu, select either Ye s or No (keep logon records). The
Yes selection will verify user information. When No (keep logon records) is selected, User ID and
Account ID must be entered at the printer, but user information will not be checked. A logon record
will be kept by the printer, however.
12. Click Apply, then click Reboot Machine.
WorkCentre 7425/7428/7435
System Administrator Guide
67
Security
Note: Refresh your Web browser, then click User Details Setup to set the Store User Details setting. You
can set either NVM or hard disk as the destination for saved authentication information. User Details
Setup also allows you to configure the characteristics of the login prompt for User Authentication.
Configure Communications Between the Accounting Server and the Printer
Refer to the remote Accounting server manufacturer's documentation for the specific procedures to
follow to configure communications between the server and the printer.
The server will contact the printer based upon Accounting service parameters set up at the server, such
as the printer's IP address and polling frequency.
Required network communications and server settings will be stated by the server's manufacturer.
Sample list of set up requirements for Xerox Secure Access Unified ID System's Accounting service
• Enable TCP/IP and HTTP on the printer.
• Set up a static or reserved DHCP IP address for the printer.
• Enable TCP/IP port 80 communications at the printer.
• Download the Controller Interface for Xerox from the Xerox Secure Access Unified ID System™ Web
site.
• Install the Controller Interface for Xerox at the server.
• Verify that you have purchased a license for the Controller Interface for Xerox, as well as a license
for each device communicating with the server.
• Register each printer at the server (using the printer's IP address for identification).
Enable the Accounting Option in Computer Print Drivers
Use the Windows Add Printer dialogs to add the printer's print driver to individual, networked
computers. For more information see Print Driver Installation on page 13.
In the print driver default setting dialogs, locate and then enable the Accounting option. This step
assures that print jobs from individual computers will be recognized by the authentication system,
rather than being unrecognized and deleted by the printer.
For Windows operating systems, the default setting dialogs are accessed by right clicking on the
printer's icon in the Printers window for Windows 2000, or the Printers and Faxes window for Windows
XP. Select Properties from the displayed menu, then locate and enable the Accounting option.
WorkCentre 7425/7428/7435
68
System Administrator Guide
Authentication
Configuring Xerox Secure Access (Authentication)
Xerox Secure Access enables customers to leverage Xerox Partner Solutions to provide user
authentication with an optional card reader. Users can access the features available at the printer once
they have been authenticated.
Secure Access and Accounting
Secure Access can be enabled with Network Accounting or the Xerox Standard Accounting feature for
accounting purposes. To configure Xerox Secure Access with Network Accounting, refer to the
Configuring Network authentication (by a remote Accounting server) topic in this section. To configure
Xerox Secure Access with Xerox Standard Accounting, refer to the Optional information, in the
Information Checklist below, then see Enabling Xerox Standard Accounting on page 171.
Note: Secure Access cannot be enabled at the same time as Foreign printer Interface.
Information Checklist
1. Ensure that the printer is fully functional on the network. TCP/IP and HTTP protocols must be
configured so that you can access CentreWare Internet Services.
2. Ensure that the Xerox Partner authentication solution (Secure Access Server, Controller, and Card
Reader) is installed and communicating with the printer. Follow the installation instructions from
the manufacturer of the authentication solution to correctly set the printers up.
3. Ensure that SSL (Secure Sockets Layer) is configured on the printer. The Xerox Partner
authentication solution communicates with the printer via HTTPS.
4. (Optional) Ensure that Network Accounting is configured if you want the printer to send user
account information to a Network Accounting server. Open your Web browser and enter the IP
address of the printer in the address field. Press Enter to open CentreWare Internet Services. Click
the Properties tab, click the Security folder, click Authentication Configuration, and select Xerox
Secure Access for Login Type, matched to Network Accounting for Accounting Type.
5. For use with Xerox Standard Accounting, you select Xerox Secure Access for Login Type, then select
Xerox Standard Accounting for Accounting Type. For instructions on setting up Xerox Standard
Accounting, see Enabling Xerox Standard Accounting on page 171. For instructions on setting up
your Network Accounting server, refer to the instructions that came with your accounting package,
and see Configuring Network Authentication (by a Remote Accounting server) on page 67.
Note: When authentication is set to Xerox Secure Access, Xerox Standard Accounting is not available.
You may also need another Authentication Server (running LDAP in an ADS environment, for
example) to communicate with the Secure Access Server providing that server with user credential
information. A second Authentication Server may be necessary for Web User Interface
Authentication, if this feature is additionally desired.
6. If you have an LDAP server on your network, you can configure LDAP on the printer, preferably from
the Remote Authentication Server / Directory Service folder. For more information, see LDAP Server
Configuration on page 106.
WorkCentre 7425/7428/7435
System Administrator Guide
69
Security
Configuring Xerox Secure Access with Remote Authentication
To configure Xerox Secure Access with Remote Authentication:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Click the Security folder, then Authentication Configuration.
5. In the Authentication Configuration > Step 1 of 2 page:
a. Select Xerox Secure Access from the Login Type drop down list.
b. Select the Print Stored File from Folder, or Folder to P C/Server Enabled check boxes to enable
these services.
c. Select the Non-account Print: Enabled check box if you wish to allow printing for a user
without and account.
d. Select Apply, then reboot the printer after the prompt.
e. Select Next to continue to the Authentication Configuration > Step 2 of 2 page.
6. In the Authentication Configuration > Step 2 of 2 page, click Configure next to Authentication
System.
7. In the Authentication System page:
a. Select Authentication Agent from the Authentication System Settings drop down list,
b. Set the Server Response Time-out, and Search Time-out.
c. Select the Assign UPN (User Principal Name): Enabled check box to assign a user principal
name.
d. Select Apply, then reboot the printer after the prompt.
8. To set service access:
a. Refresh your Web browser.
b. Click the Security folder, then Authentication Configuration.
c. In the Authentication Configuration > Step 1 of 2 page, click Next.
d. Under Device Default State Configuration, click Configure next to Service Access.
e. Select one of the following for each service you want to control:
• Unlocked: Allow unrestricted access.
• Locked (Show Icon): Require login for access. The service icon is visible to all users in the all
services screen.
• Locked (Hide Icon): Require login for access. The service icon is hidden until an authorized user
logs in.
f. Click Apply and enter the Administrator User name and password when prompted (default of
admin and 1111).
g. Click
h. Click Reboot Machine when it displays on screen.
OK.
WorkCentre 7425/7428/7435
70
System Administrator Guide
Authentication
Enable Specific Xerox Secure Access Settings
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Select the Security folder.
5. In the Security folder, select the Remote Authentication Servers folder.
6. In the Remote Authentication Servers folder, select Xerox Secure Access Settings.
7. In the Xerox Secure Access Settings area:
a. Enter text in the Default Prompt and Default Title boxes to create the prompt and prompt
title that will be displayed on the printer’s screen informing users how to authenticate
themselves at the printer.
b. If the Title and Prompt have been configured on the Secure Access Server, then that
information will override the information entered here.
c. Select the Enable box for Local Login to allow users to log in locally at the printer.
d. Select the Enable box for Get Accounting Code to get user accounting data from a networked
Accounting Server (if used).
e. Click Apply.
Using Secure Access
1. Read the printer’s prompt to determine what needs to be done to be authenticated at the printer.
Authentication methods include swiping a card, placing a proximity card near the reader, or
entering a user ID or PIN (personal identification number).
2. If the printer requests further information such as accounting details, enter this information at the
printer.
3. The printer will confirm successful authentication allowing access to previously locked system
features.
4. When finished, press the Login/Out button.
Configure Color Copy Access for LDAP Group
Refer to your LDAP server documentation for the full range of information that can be entered into this
LDAP dialog to fully support both e-mail applications and authentication using your LDAP server.
Creating Color Access Group within Active Directory
This procedure describes how to create an Active Directory color access group to be used to restrict
color copying and printing.
Click Start, click Control Panel, double-click Administrative Tools, and then click Active Directory
Users and Computers.
1. In the Active Directory Users and Computers window, expand the domain folder.
2. In the console tree, right-click the Users folder in which you want to add a new group.
3. Click New, and then click Group.
WorkCentre 7425/7428/7435
System Administrator Guide
71
Security
4. Type the name of the new group. Use a name that you can easily associate with the role or service
for which you are creating.
5. To add users and/or groups to the newly created color access group, right-click the group and select
Properties.
6. Click the Members tab, then click the Add button to add members to the group.
7. Click Finish.
LDAP Group Access
1. Click the Properties tab, click the Connectivity folder, click the Protocols folder, then click the LDAP
folder.
2. In the LDAP folder, click LDAP Group Access.
3. On the LDAP Group Access page:
4. In the Color Authorization area, on the Color Access Group line, type
CN=Color,CN=Users,DC=crmttrinity,DC=lab
5. Click Apply, then reboot the printer at the prompt.
6. Continue with the next procedure to set Authentication Configuration.
Authentication Configuration
1. Click the Properties tab, then click the Security folder.
2. Click Authentication Configuration.
3. The Properties tab refreshes and the Authentication Configuration > Step 1 of 2 page appears.
4. On the Authentication Configuration > Step 1 of 2 page, in the Authentication Configuration box:
a. In the Login Type drop down list, click or verify Login to Remote Accounts.
b. On the Folder to PC / Server line, click or verify the Enabled check box.
c. On the Non-account Print line, ensure that the Enabled check box is not checked if you wish to
enable people without accounts to continue to print.
d. On the Guest User line, in the drop down list, click or verify Off.
5. Click Apply, then reboot the printer following the prompt.
6. Continue with the next procedure to set Authentication System.
Authentication System
1. Click the Properties tab, click the Security folder, then click the Remote Authentication Servers
folder.
2. In the Remote Authentication Servers folder, click Authentication System.
3. On the Authentication System page, in the Authentication Type box:
a. In the Authentication System Settings drop down list, click or verify LDAP.
b. Click Apply, then reboot the printer at the prompt.
Configure Color Copy Access Control at the Printer
1. Press the Log In/Out button on the printer control panel.
2. Enter the default User Name (admin) and Password (1111) if prompted.
3. Touch Enter.
WorkCentre 7425/7428/7435
72
System Administrator Guide
Authentication
4. Press the Machine Status button.
5. Touch the To ol s tab.
6. Touch Authentication / Security Settings.
7. In the Group column, touch Authentication.
8. In the Features column, touch Access Control.
9. On the Access Control screen, touch Feature Access.
10. On the Feature Access screen:
a. In the Items column, touch Color Copying.
b. Touch the Change Settings button.
11. On the Color Copy screen, touch Locked, then touch Save.
12. Reboot the printer.
13. Press the Services button, touch the Copy icon, then the Color button.
14. The Login screen appears. The printer is configured for Color Copy Access for LDAP Group.
To Enable Print Color Access Control
This process will restrict a user from printing in color unless they are authorized to do so via the Active
Directory group.
1. Click Start, click Control Panel, double-click Printers and Faxes, then right-click the printer to be
enabled. In the printer pop-up menu, click Properties.
2. In the Properties dialog box, click the Options tab.
3. On the Options tab, in the Options Settings area, click the Predefined Configurations folder.
4. In the the Predefined Configurations area, click the Color Access Control field and click Enabled.
5. Click the Color Access Group field and type or enter the color access group name.
6. Click Apply, then click OK.
Note: On the client side, if the user that installs the print driver is a member of the group given
permission to print in color, then the Output Color option within the driver will be selectable between
Color and Black and White. If the user does not have permission to print in color, then the Output Color
option within the driver will list Black and White and is not selectable.
Access Control
After configuring the Authentication system, you must specify what services and features are to be
controlled by authentication and will require the user login.
• Device Access: Use for restricting access to the Services Pathway, Job Status Pathway, or Machine
Status pathway. Device Access settings are:
• Unlocked: Allow unrestricted access
• Locked: Require login for access.
• Service Access: Use for restricting access to each individual service (copy, e-mail, etc). Services
Access settings are:
• Unlocked: Allow unrestricted access.
WorkCentre 7425/7428/7435
System Administrator Guide
73
Security
• Locked (Show Icon): Require login for access. The service icon is visible to all users in the all
services screen
• Locked (Hide Icon): Require login for access. The service icon is hidden until an authorized user
logs in.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder
5. Click Authentication Configuration.
6. In the Authentication Configuration box, select the Next button.
7. In the Device Default State Configuration section, select the Configure button next to Device
Access and/or Service Access, and Apply and supply the Administrator User name and password if
prompted.
802.1x
The printer supports 802.1x authentication based on the Extensible Application Protocol (EAP). 802.1x
can be enabled for devices connected through both wired and wireless Ethernet networks. As described
here, the 802.1x configuration is used to authenticate the printer, rather than individual users. After
the printer has been authenticated, it will be accessible to users on the network.
The administrator can configure the printer to use one EAP type. EAP types currently supported on the
printer are:
•EAP-MD5
• PEAP/EAP-MS-CHAPv2
•EAP-MS-CHAPv2
Information Checklist
Create a user name and password on your authentication server which will be used to authenticate the
Xerox device.
Ensure your 802.1x authentication server and authentication switch are available on the network.
Configure 802.1x with CentreWare Internet Services
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Click IEEE 802.1x.
6. Select the Enabled check box next to Enable IEE 802.1x.
WorkCentre 7425/7428/7435
74
System Administrator Guide
Authentication
7. Select the required Authentication Method.
8. Enter the User Name and Password required by your authentication switch and server.
9. Click Apply, then Reboot Machine.
Encryption Service Overview
You may have to purchase the Security Kit option to enable encryption with your printer. If you cannot
generate a self-signed certificate, or enable SSL/TLS Communication, as stated under Configuration of
HTTP Communication Encryption, in this section, contact your Xerox Representative to purchase the
option.
The communication data between the printer and computers on a network can be encrypted.
Encryption for the printer is set up using CentreWare Internet Services. Note that the quickest and
easiest, although not the most trusted, method to use to set up initial HTTP communication encryption
is the generation of a self-signed certificate. Click Printer Digital Certificate Management in the
Security folder on the Properties page of CentreWare Internet Services. Use this to manage all the
digital certificates, of various types, stored on the printer.
Types of Encryption Services Available
Encryption of HTTP Communications from a Client to the Printer (Server Certificate)
The SOAP port, Internet service (HTTP) port, IPP port, and WebDAV port use the HTTP server of the
printer.
The SSL/TLS suite of protocols is used in the encryption of HTTP communications from a client to the
printer. A user of a client computer accesses the printer’s HTTP server by typing https://, followed by
the IP address of the printer, into the Address box of a Web browser application. The printer then offers
the client a Digital Certificate, which the client accepts (after reviewing the validity of same). Upon
acceptance of the Digital Certificate, a Public Key exchange takes place, encryption algorithms are
agreed upon between the two parties, and the client uses the server’s Public Key to communicate with
the server using digitally signed and encrypted data.
Digital certificates imported from a Certificate Authority, or self-signed certificates created with
CentreWare Internet Services, can be used as SSL/TLS certificates on the printer’s HTTP server.
Encryption of HTTP Communications from the Printer to a Remote Server (Client Certificate)
The SSL/TLS suite of protocols is used to encrypt HTTP communications with a remote server.
No client certificate is typically required for this activity. However, if a remote server is set to require an
SSL client certificate, an SSL/TLS client certificate must be registered on the printer.
Digital certificates imported from a Certificate Authority can be used as SSL/TLS certificates on the
printer’s HTTP server.
Note: When Remote Server Certificate Validation is enabled, under SSL/TLS Settings in CentreWare
Internet Services, the root certificate of the remote server must be registered to the printer (imported
with CentreWare Internet Services) to verify the Digital certificate of same.
WorkCentre 7425/7428/7435
System Administrator Guide
75
Security
E-mail Encryption/Digital Signature
S/MIME certificates, imported from a Certificate Authority (in PKCS7 format), can be used on the
printer’s for E-mail Encryption.
Note: To import S/MIME certificates, use the Machine Digital Certificate Management in the Security
folder on the Properties tab of CentreWare Internet Services.
Encryption/Digital Signature of Scanned Files (PDF/XPS Documents)
While no digital signatures are required to encrypt PDF and XPS documents, these documents can be
signed with imported PKCS12 Digital signatures.
When adding digital signatures to PDF or XPS documents, scan file certificates imported to the printer
from a Certificate Authority, are typically used.
To import PKCS12 scan file certificates, use the Machine Digital Certificate Management in the
Security folder on the Properties Page of CentreWare Internet Services.
IP Sec (typically used to encrypt FTP) can be enabled from the Security file folder on the Properties tab
of CentreWare Internet Services.
802.1x can be enabled for devices connected through both wired and wireless Ethernet networks. It is
used to authenticate the printer on the 802.1x network, rather than individual users. 802.1x can be
enabled from the Security file folder on the Properties tab of CentreWare Internet Services.
Configuration of HTTPS (SSL/TLS) Communication Encryption
Two methods are available depending on the type of certificate.
• Create a self-signed certificate on the printer with CentreWare Internet Services, and enable
HTTPS. This method is used primarily for Server certificates.
• Enable HTTPS, and import a signed certificate from a Certificate Authority, using the Machine
Digital Certificate Management in the Security folder on the Properties Page of CentreWare
Internet Services.
• To see this, at least one certificate must have been created and stored on the printer.This is one of
the purposes for creating a self-signed certificate.
Before enabling any encryption or digital signing feature, or importing any digital certificates, check
the status of the certificate and create a new certificate if there is not one already created:
1. In CentreWare Internet Services, click the Properties tab, then click the Security folder.
2. Click Machine Digital Certificate Management.
3. Click Create New Certificate.
4. Select Self-Signed Certificate and click Continue.
5. Select Public Key Size (512 Bits or 1024 Bits).
6. Set Issuer (default device host name)
7. Apply.
WorkCentre 7425/7428/7435
76
System Administrator Guide
Authentication
After clicking Machine Digital Certificate Management in the Security folder, the current status is
displayed. If the status shows "A Self-Signed Certificate is established on this machine", then you do
not need to create new certificate.
Note: You must enable HTTP – SSL/TLS Communication in order to Upload Signed Certificates and to
see Certificate Management , and Certificate Revocation Retrieval Settings in the Security folder.
Configuring Certificates with CentreWare Internet Services
Two methods are available to configure certificates with CentreWare Internet Services: creating a selfsigned certificate (for SSL server), and importing a signed certificate from a Certificate Authority.
This section describes how to create a self-signed certificate (for SSL server).
Note: When importing a certificate, if the same certificate has been already registered in Local Device
or Others, the certificate cannot be imported. Delete the registered certificate before importing.
1. Open your Web browser and enter the printer’s IP address into the Address box of your Web
browser, and press the Enter key.
2. Click the Properties tab.
3. Click the Security folder.
4. Click Machine Digital Certificate Management.
5. When prompted, enter the system administrator user name and password (default: admin, 1111).
6. Generate a certificate.
a. Click the Create Self-Signed Certificate button.
b. Set the size of the Public Key as necessary.
c. Set Issuer as necessary.
7. Click the Apply button.
8. Refresh the Web browser.
9. Click the Security folder.
10. Click SSL/TLS Settings.
11. Select the Enable check box for SSL / TLS Server Communication.
12. Check the SSL / TLS Port Number.
Note: The default port is 443.
13. Click Apply and click Reboot Machine. The printer will be unavailable for a short period of time.
WorkCentre 7425/7428/7435
System Administrator Guide
77
Security
Configuration of E-mail Encryption/Digital Signature
Configuration on the Printer
Import an S/MIME certificate from a Certificate Authority (in PKCS7 format), then configure the
certificate on the printer using CentreWare Internet Services.
To send encrypted e-mail from the machine, you will need the public key of the recipient to be loaded
on the device.
Note: The e-mail address of the machine must match the e-mail address specified in the certificate
must match, otherwise S/MIME will be disabled.
Note: The e-mail address of the device must be set before you are able to select the S/MIME device
certificate to use.
Configuration on a Computer
To send encrypted e-mail to the printer, you will need a copy of the printer’s S/MIME certificate on your
computer to allow you to encrypt E-mail being sent to the printer. The S/MIME certificate represents
the Public Key of the printer, allowing encryption or digital signing to take place.
To acquire the Public Key, you must use the Export feature or send a digitally signed E-mail.
Configuring S/MIME certificates with CentreWare Internet Services
To configure S/MIME certificates with CentreWare Internet Services, first enable HTTP
communications (as stated under Configuration of HTTP Communication Encryption in this section).
Next, import an S/MIME certificate from a Certificate Authority (in PKCS7 format). Finally, enable
S/MIME.
First import an S.MIME certificate:
1. Open your Web browser and enter the printer's IP address, beginning with https, into the Address
box of your Web browser, and press Enter.
Example:
https://192.168.1.1/
2. Click the Properties tab.
3. Click the Security folder.
4. Click Machine Digital Certificate Management.
5. When prompted, enter the system administrator user name and password (default: admin, 1111).
WorkCentre 7425/7428/7435
78
System Administrator Guide
Authentication
6. Click Upload Signed Certificate.
Note: When importing a certificate, if the same certificate has been already registered in Local printer
or Others, the certificate cannot be imported. Delete the existing certificate before importing the new
one.
a. Enter the Password. (if required)
b. Re-enter the Password (if required).
c. Enter a file name for the file you want to import, or select the file to be imported by clicking the
Browse button.
7. Click the Import button.
8. Refresh the Web browser.
9. Click the Security folder.
Configure the certificate:
10. Click Certificates Management.
11. Select Local printer for Category, S/MIME for Certificate Purpose, and then click the Display the
List button.
12. Place a check mark in the box in front of the Certificate you wish to view details for.
13. Click the Certificate Details button.
14. Click the Use this certificate button.
15. Click Reboot Machine. The printer will be unavaillable for a short period of time.
Configure S/MIME settings:
16. Refresh the Web browser.
17. Click the Security folder.
18. Click SSL/TLS Settings.
19. Select the Enable check box for S/MIME Communication.
20. Apply the settings.
a. Click Apply.
b. The right frame on the Web browser will change to the printer reboot display.
c. Click Reboot Machine. The printer will be unavailable for a short period of time.
Configure the settings for S/MIME.
21. Refresh the Web browser.
22. Click the Security folder.
23. Click S/MIME Settings and set the following items.
• Message Digest Algorithm: Select a message digest algorithm from SHA1 or MD5.
• Contents Encryption Method: Select a contents encryption method from 3DES, RC2-40, RC2-
64, or RC2-128.
• Certificate Auto Store: Click the check box to automatically save an S/MIME certificate
attached to an e-mail received from an address registered in your address book.
• Receive Untrusted E-mail: Decide whether or not you wish to receive untrusted E-mail.
• Receive Untrusted iFAX: Decide whether or not you wish to receive untrusted iFAXes.
WorkCentre 7425/7428/7435
System Administrator Guide
79
Security
• Digital Signature – Outgoing E-mail: Decide whether or not to add a digital signature to
outgoing E-mail, and the method to use if a signature is desired. Select Always Add Signature,
Do not add Signature, or Select During Send.
• Digital Signature – Outgoing iFAX: Decide whether or not to add a digital signature to
outgoing iFAXes, and the method to use if a signature is desired.
Note: The Fax option is required.
24. Click Apply.
Configuration on a Computer
The following describes the configuration for a remote, networked computer.
Sending Scanned Data by S/MIME Encrypted E-mail from the Printer to a Computer
An S/MIME certificate must be imported, configured, and stored on the printer as stated in this section
under Configuring S/MIME certificates with CentreWare Internet Services.
When importing the S/MIME certificate, make sure that a root certificate is included for use with the
Supported E-mail applications shown below.
Receiving E-mail with S/MIME Digital Signature from the Printer
No settings are required on a recipient computer.
Sending S/MIME Encrypted E-mail by E-mail Printing from a Computer to the Printer
It is necessary to register the S/MIME certificate of the printer on the computer.
There are two methods to set an S/MIME certificate of the printer on the computer:
• Sending e-mail with S/MIME digital signature from the printer to the computer
To send e-mail with an S/MIME digital signature from the printer, configure to attach the digital
signature when sending E-mail in the Digital Signature – Outgoing E-mail settings.
• Exporting an S/MIME certificate to the computer using CentreWare Internet Services and
registering the exported S/MIME certificate in the certificate storage location of the E-mail
application.
Note that the exporting of certificates is accomplished using the Trusted Certificates Management
under Security folder on the Properties page of CentreWare Internet Services. For information on
how to register a certificate in an E-mail application, refer to the manuals provided with the E-mail
application.
Sending E-mail with S/MIME digital signature from a computer to the printer
It is necessary to register a personal certificate of a sender's E-mail address, an intermediate certificate
authority certificate of the personal certificate, and a root certificate on the printer.
WorkCentre 7425/7428/7435
80
System Administrator Guide
Authentication
Supported E-mail applications
E-mail applications that can send and receive E-mail to and from the printer are:
• Outlook 2000/2002/2003
• Outlook Express 6
• Netscape 7.x
Configuration of Scan File Signatures (PDF/XPS Documents)
Configuration at the Printer
Import a certificate from a Certificate Authority (in PKCS12 format), then configure the certificate on
the printer using CentreWare Internet Services.
Configuration on a Computer
Prepare for verification of the PDF or XPS signature.
Configuring Scan File certificates with CentreWare Internet Services
To configure certificates with CentreWare Internet Services, first enable HTTP communications (as
stated under Configuration of HTTP Communication Encryption in this section). Next, import a
certificate from a Certificate Authority (in PKCS12 format). Finally, set the certificate as a scan file
certificate.
1. Start a Web browser.
2. Enter the printer's IP address, beginning with https, into the Address box of your Web browser, and
press Enter.
Example:
https://192.168.1.1/
3. Click the Properties tab.
4. Click the Security folder.
5. Click Machine Digital Certificate Management.
6. Click Upload Signed Certificate.
Note: When importing a certificate, if the same certificate has been already registered in Local printer
or Others, the certificate cannot be imported. Delete the existing certificate before importing the new
one.
a. Enter the Password.
b. Re-enter the Password.
c. Enter a file name for the file you want to import, or select the file to be imported by clicking the
Browse button.
d. Click the Import button. When a screen to enter the user name and password appears, enter
the System Administrator user ID and password into User Name and Password, and then click
OK.
WorkCentre 7425/7428/7435
System Administrator Guide
81
Security
Note: The default user ID is admin and the default password is 1111.
7. Refresh the Web browser.
8. Click the Security folder.
9. Configure the certificate.
a. Click Trusted Digital Certificate Management.
b. Select Local printer for Category, Scan File for Certificate Purpose, and then click the Display
the List button.
c. Place a check mark in the box in front of the certificate you wish to view details for.
d. Click the Certificate Details button.
e. Click the Use this certificate button.
f. Click Reboot. The printer will reboot and the setting values will be reflected.
10. Configure the settings for PDF/XPS Signatures.
a. Refresh the Web browser.
b. Click the Security folder.
c. Click PDF/XPS Security Settings and then set the following items.
• PDF Signature: Select the setting for PDF Signature from Do not add signature, Always add
visible signature, Always add invisible signature, or Select during send.
• XPS Signature: Select the setting for XPS Signature from Do not add signature, Always add
visible signature, Always add invisible signature, or Select during send.
d. Click the Apply button.
Configuration on a Computer
Confirm that the digital certificate being used by the printer to encrypt PDF and XPS files has been
imported and is registered on the recipient’s computer. This will assure the ability to conduct two way
digital signing of files, should this capability be desired or needed.
IP Sec
IP Sec (IP Security) is comprised of the IP Authentication Header and IP Encapsulating Security
Payload protocols, that secure IP communications at the network layer of the protocol stack, using
both authentication and data encryption techniques. The ability to send IP Sec encrypted data to the
printer is provided by the use of a public cryptographic key, following a network negotiating session
between the initiator (client computer) and the responder (printer or server). To send encrypted data to
the printer, the computer and the printer have to establish a Security Association with each other by
verifying a matching password (shared secret) to each other. If this authentication is successful, a
session public key will be built and used to send IP Sec encrypted data over the TCP/IP network to the
printer.
Providing additional security during the Public Key negotiating process, Digital Certificates can
alternatively be used in place of the Shared Secret, to encrypt the Public Key information being
exchanged between communicating parties. The Digital Certificate resides on the printer (managed as
stated in this Encryption section in the Configuring Scan File certificates topic) and must also have
been imported and stored on the computer that is encrypting data being sent to the printer.
WorkCentre 7425/7428/7435
82
System Administrator Guide
Authentication
Certificates add digital signatures (individualized checksums verifying data integrity) to datagrams
during the public key negotiating process, greatly assisting in securing that data from network sniffers.
Enabling IP Sec
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Select IP Sec in the directory tree.
6. Enable the Protocol by placing a checkmark in the Enabled box.
7. Select Pre-Shared Key to use the Shared Secret (between this device and remote computers also
possessing the secret). Note that if you select Digital Signature, the Shared Secret boxes will be
grayed out and you will have to supply a certificate stored on this device to the remote computer
that wishes to send IP Sec encrypted data to this device.
8. Enter the Shared Secret (a password) in the Shared Secret and Verify Shared Secret boxes.
9. Select Enabled (default setting) for the Communicate with Non-IP Sec Device setting, so that
computers not set up for encryption can still communicate with this device.
10. Click Apply when done and supply the Administrator User Name and Password, if prompted.
Note: The default user ID is admin and the default password is 1111.
FIPS 140-2
To enable FIPS 140-2 encryption:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Click the Security folder and click FIPS140 Validation Mode.
5. Click the Enabled check box and click Apply.
Note: FIPS 140-2 encryption does not apply to the following services and protocols: SMB, NetWare,
SNMP v3, PDF Direct Print Service.
WorkCentre 7425/7428/7435
System Administrator Guide
83
Security
Scheduled Image Overwrite
A TCP/IP network-connected device can be set to overwrite image data on a scheduled basis.
The Image Overwrite will delete all image data from the hard disk.
To enable a scheduled image overwrite, perform the following steps:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Click the Security folder.
4. Click Scheduled Image Overwrite.
5. Click the Scheduled Image Overwrite Enabled check box.
6. Configure the Frequency, Day, Week, Hour, and Minute settings.
Note: The printer will be taken off-line each day at the specified time to perform the overwrite.
7. Click Apply.
8. Click OK to confirm.
9. If prompted, enter the system administrator user name and password (default: admin, 1111).
WorkCentre 7425/7428/7435
84
System Administrator Guide
Secure Watermark
Secure Watermark
This procedure enables the System Administrator to set parameters for the inclusion of a Secure
Watermark as the background for any documents that are copied or printed on this, or another
identical model machine.
Secure Watermark works with copy job, client print, folder print, media print, incoming fax prints and
reports.
You must purchase the Security option to enable this feature. Contact your Xerox representative to
purchase the option.
Secure Watermark configuration items include:
• Default Watermark Effect
• Default Watermark
•Font Size
•Background Pattern
• Date Format
•Font Color
•Density
• Watermark / Background Contrast
• Force Watermark – Copy Job
• Force Watermark – Client Print
• Force Watermark – Print Stored File
• Force Watermark – Media Print
• Custom Watermark 1
• Custom Watermark 2
• Custom Watermark 3
Configuring Secure Watermark
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Touch System Settings.
6. Touch Common Service Settings.
7. Touch Watermark. If not visible, use the scrolling arrow in the Features column.
8. On the Watermark screen, in the Items column, touch the item to be configured, then touch
Change Settings. The screen for the item will open.
9. On the selected item screen, make your change and touch Save.
WorkCentre 7425/7428/7435
System Administrator Guide
85
Security
10. Touch Close to return to the Tools tab.
11. Press the Log In/Out button.
12. Select Log Out.
13. Place a copy in the document feeder of the printer and press the Start button.
14. Place the copy just made into the document feeder of the same, or an identical model, machine,
and attempt to make a copy. Note that copying of this document is prohibited.
WorkCentre 7425/7428/7435
86
System Administrator Guide
Secure Print
Secure Print
Supported by the printer’s print driver, or CentreWare Internet Services Print tab, this feature directs
the printing of confidential documents, or documents which should not be seen by third parties, to a
User Account on the printer. The user can then access his or her Account, with a numeric password, at
the printer, and privately print out the stored documents.
Using Secure Print from the Print Driver
To use the Secure Print feature from the print driver, installed on a networked computer, perform the
following steps.
1. Open a document to print from the computer.
2. Select Print in your software application, select the Printer, then select Properties.
3. On the Paper / Output tab, select Secure Print as your Job Type.
4. Enter Passcode (1-12 digits). Enter the Passcode again in the Confirm Passcode field.
5. Click Setup… and enter a User ID (such as 001) and a numeric password.
6. Click OK on successive driver screens until the job prints.
7. Go to the printer and press the Job Status button.
8. Press the Secure Print Jobs & More tab.
9. Press Secure Print.
10. Highlight your user ID and press Job List.
11. Enter Passcode and select Confirm.
12. Select a job or select Select All.
13. Click Print.
14. Press Close several times, when done, to return to the Job Status screen.
15. Press the Services button on the control panel to return to the Services screen.
Using Secure Print from CentreWare Internet Services
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Print tab.
3. Scroll down to the bottom of the page to see the Secure Print radio button.
4. Click the Secure Print radio button to enable it.
5. Enter a User ID (such as 001).
6. Enter your desired, numeric passcode in the two boxes provided.
7. Use the Browse… button to locate your PRINT READY file.
8. Click Submit Job. Then go to the printer and press the Job Status button.
9. Press the Secure Print Jobs & More tab.
10. Press Secure Print.
WorkCentre 7425/7428/7435
System Administrator Guide
87
Security
11. Highlight your user ID and press Job List.
12. Enter Passcode and select Confirm.
13. Select a job or select Select All.
14. Click Print.
15. Press Close several times, when done, to return to the Job Status screen.
16. Press the Services button on the control panel to return to the Services screen.
WorkCentre 7425/7428/7435
88
System Administrator Guide
Xerox Common Access Card
Xerox Common Access Card
Xerox Common Access Card is an optional solution which provides an advanced level of security to
sensitive information. By using this solution, you can restrict access to the walk-up features of the
printer. This ensures that only authorized users are able to copy, scan, E-mail, and fax information.
The key benefit of this solution is its two-factor identification requirement. Users must insert their
access card and enter a unique Personal Identification Number (PIN) at the device. This provides
added security in the event that a card is lost or stolen.
The Xerox Common Access Enablement kit integrates with Xerox multifunction printers and existing
common access and personal identity verification cards and readers.
Supported Card Readers
The customer is responsible for providing a card reader for each Printer. The following card readers are
compatible with the solution:
• Gemplus GemPC Twin
• Gemplus GemPC USB SL
•SCM Micro SCR3310
• Panasonic ZU9PS
• Omnikey Cardman 3021USB
• Omnikey Cardman 3121USB
Note: Other CCID compliant readers may function with the solution, but have not been validated.
Supported Card Types
The customer is also responsible for purchasing and configuring the access cards. The following card
types are recommended:
• Axalto Pegasus 64K / V2
• Axalto Cyberflex 32K / V1
• Axalto Cyberflex 64K \ V2
• Gemplus GemXpresso 64K / V2
• Oberthur 72K \ V2
• Oberthur Cosmopoll 32K / V1
• Oberthur D1 72K / V2 (contact-less and PIV)
Note: Other card types may function with the solution, but have not been validated.
WorkCentre 7425/7428/7435
System Administrator Guide
89
Security
Preparation
The following items and information are required before installation
• Compatible Card Reader: See Supported Card Readers on page 89.
• Compatible Access Card: See Supported Card Types on page 89.
• Common Access Card Enablement Kit
• TCP/IP enabled on the Printer
• DNS Host name or static IP address assigned
• Network Settings to be checked to ensure network is fully functional
• Domain Controller (DC) information:
• Domain Controller authentication environment
• IP address or Host Name
• Domain information
• Domain Controller Root and Intermediate certificates
• Check that all certificates are in 64 bit X.509 format
• Determine if the DC is registered with the OCSP at this site
• OCSP Server information:
•OCSP Server URL
• OCSP Root and Intermediate Certificates
• Check that all certificates are in 64 bit X.509 format
• Proxy Server configuration details
To set up the Domain Controller (DC) validation, you will need to determine if your site validates the
DC against the OCSP server. Many sites use OCSP to validate individuals, but do not register the DC
with it. If you set up the Printer to validate the DC and it isn’t registered, the procedure will fail.
The retrieved DC certificate is compared to the one stored at installation. This provides a high level of
security as it prevents rogue DCs masquerading as the real DC.
Note: Certificates are often obtained from the Information Technology professionals that support your
organization.
Server Requirements
Ensure your network infrastructure supports Common Access Card or Personal Identification
Verificati on (PIV ).
Names or IP addresses of all servers and domains are required during setup.
Electrical Requirements
The USB port on the back of the printer’s network controller provides the power required for any of the
supported card readers.
WorkCentre 7425/7428/7435
90
System Administrator Guide
Xerox Common Access Card
Installing the Common Access Card Software
Ensure that you have downloaded the Xerox WorkCentre software before performing these
instructions.
If you are using a Proxy Server to reach external addresses, turn the proxy off at your browser before
beginning the software install process. You can also send the printer to the list of exceptions that do
not use the Proxy Server.
Follow the instructions below to install the Xerox WorkCentre software.
Enable software upgrades:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Click the Services folder.
5. Select Machine Software, then Upgrades.
6. Select the Enabled check box, and then select Apply.
Locate the Software:
7. Select Properties then Services.
8. Select Machine Software then Manual Upgrade.
9. Browse to the location of the software which was downloaded from the Xerox Web site and select
the file.
10. The path to the software file displays in the browse window.
Install the software on the Printer:
11. Select Install Software. The software file will begin uploading, and a message will be displayed
when finished.
The status of the upgrade is shown at the printer and the CentreWare Internet Services interface is no
longer accessible.
Check the upgrade status:
12. Check the upgrade status at the printer, by pressing the Machine Status button on the control
panel and verifying the updated System Software level.
13. Once the software has been upgraded, the printer reboots automatically.
Note: The system may reboot more than once, depending on the software level of the machine before
the upgrade.
14. Print out a Configuration Report to verify the new software level.
15. The Common Access Card settings are now ready for configuring, using the CentreWare Internet
Services interface.
WorkCentre 7425/7428/7435
System Administrator Guide
91
Security
Enabling and Configuring the Common Access Card Feature
Enabling the Common Access Card Software Option
Once the correct version of the software has been successfully loaded and verified, the Common
Access Card software feature needs to be enabled on the printer.
This procedure should be performed by your System Administrator, or someone with System Admin
access rights.
1. Press the Log In/Out button on the control panel.
2. Using the keyboard screen, enter the following PIN number into the System Administrator’s Login
ID field: *6421145151.
Note: To de-activate the PIN number, simply enter the following PIN number into the System
Administrator’s Login ID field: *6421145150.
3. Touch Next.
4. Touch Logout. The printer will reboot.
5. Login as the System Administrator and select the Machine Status button.
6. Locate the Tools tab and select the System Settings followed by the Common Settings option,
and then the Maintenance option.
7. Next, select the Software Option button and select the Keyboard button to enter the supplied
number.
8. When finished, press the Save button, followed by the Reboot button for changes to take effect.
Configuring the Date and Time to update automatically using Network Time
Protocol (NTP)
Ensure that the NTP Enable box is enabled on the printer. In order to do so, the System Administrator
must log in to the printer.
1. Press the Log In/Out button on the control panel.
Note: In order to login as the System Administrator, you must select System Administrator from the
pull down menu. Verify that this selection is being made. If you see the option for Registered User, then
you will not be able to login as the System Administrator.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Next, select the Machine Status button.
4. Touch the To ol s tab.
5. On the right side of the display, under Features, select the Machine Clock/Timers option.
6. Select the option for NTP Time Synchronization.
7. Select the Change Settings option and select the On option.
8. Select the Save option.
9. Select the Time Server Address option.
WorkCentre 7425/7428/7435
92
System Administrator Guide
Xerox Common Access Card
10. Select the Change Settings option and enter the IP address of the server in which the network
time will be synched with.
11. Press the Save button.
12. Press the Log In/Out button.
13. Touch Logout. The printer will automatically reboot.
Configure Authentication settings for CAC
Note: These installation steps can also be performed at the printer. This is be done by logging in as the
System Administrator, selecting the Machine Status button, then proceeding to the Tools tab and
navigating to the Authentication/Security Settings button. From the Authentication/Security
Settings button, continue to navigate to Authentication, followed by Login Type. Then navigate back
to the To ol s menu option for System Settings. Select Common Service Settings and navigate to
Connectivity & Network Setup. Select Remote Authentication Server Settings, followed by
Authentication Systems. Then select Kerberos (Windows 2000). Enter the network settings for the
Authentication server by selecting Kerberos Server Settings.
To configure the Authentication settings from your computer, you must use CentreWare Internet
Services.
Note: Verify that your Common Access Card reader is plugged in and operational.
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. Enter the system administrator User Name and Password (default admin, 1111) if prompted.
4. Click the Security folder.
5. Select the option for Authentication Configuration, and select Login to Remote Accounts from
the pull down menu. After selected, press the Apply button. The system will automatically reboot.
6. While still in the Security folder, scroll down and click the Remote Authentication
Servers/Authentication System Settings folder.
7. Locate and select the Authentication System folder.
8. Press the pull down arrow and select the option for Kerberos (Windows 2000) and select Apply.
9. Enter the Kerberos server network address and realm name for all available Kerberos servers.
10. When entering the domain names, make sure to use ALL CAPS in the field.
Configuring the CAC Device Access Control
Note: This installation process can also be performed at the printer. This can be done by logging in as
the System Administrator, selecting the Machine Status button, then proceeding to the Tools tab and
navigating to the Authentication /Security Settings button. From the Authentication/Security
Settings button, continue to navigate to Authentication, followed by Access Control.
1. Continuing from the previous setup, select Authentication Configuration in the Security folder.
2. Select either the Device Access configure button, or the Service Access configuration button.
3. If you select the Device Access configure button, the following window will appear.
WorkCentre 7425/7428/7435
System Administrator Guide
93
Security
Note: If you wish to “Lock” individual device pathways, you may choose to lock any combination of All
Services, Job Status Pathway, or Machine Status Pathway. After you have made your selection, or
selections, press the Apply button for your selections to be saved.
Use this option to Lock individual Services as well as configure your desired combination of services.
Note: When the Common Access Card is enabled, the full Copy Service feature is locked by default.
Configure CAC Settings at the Printer
Note: Be sure that the Common Access Card Reading device has been installed prior to the following
procedure steps.
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Select the Authentication/Security Settings button, followed by the Authentication button.
4. Select the User Details Setup button, and set the Use of Smartcard option to Enabled.
Note: If you set this value to Enable PKI Only, the smartcard is used only for signing and/or encrypting
the scan document, not for authentication.
5. Set the SmartCard Link Mode to No Passcode required.
6. Set the SmartCard Certificate Verification Mode to Disabled.
Note: By setting the option to Disabled, you are only verifying the PIN on the card. By selecting the
option for Enabled, you are verifying both the PIN and the Certificate.
Setting up Certificates for Authentication
The following procedure is performed using the CentreWare Internet Services. Access the Printer by
typing in the device’s’ IP address in your Web browser’s address field.
Note: Certificates can only be registered on the device when SSL is enabled on the device. This can be
accomplished by first creating a self-signed certificate on the device and then enabling SSL. This
procedure must be performed by someone with System Administrator rights.
1. At your computer, Login to the CentreWare Internet Services as the System Administrator.
2. Select the Properties tab, and select the Security folder and navigate down until you locate the
Machine Digital Certificate Management option.
3. Select the Create New Self Signed Certificate option.
4. Select Apply.
5. Next, while still under the Security folder, scroll down the list and locate the option for SSL / TLS
Settings.
6. The following window will be displayed. Under the HTTP – SSL / TSL Communication check box,
make the selection for Enabled, and then select Apply.
7. The Printer will need to be rebooted before the changes can take effect. Select the Reboot
Machine option.
WorkCentre 7425/7428/7435
94
System Administrator Guide
Xerox Common Access Card
Note: After the Printer has returned online, the System Administrator can load the required Root
Certificate Authority certificates for the Domain Controllers and the OCSP Server.
8. At your computer, within the option for Machine Digital Certificate Management locate and
select the option for Upload Signed Certificate. This option should now be available to you based
on the machine reboot.
Uploading Signed Certificates
After selecting the Upload Signed Certificate option, the System Administrator will perform the
following procedures.
1. Upon selecting the Upload Signed Certificate button, the following window will display. The
System Administrator can browse to the directory location on the PC where the certificates will be
stored.
2. After the certificate has been saved to the PC, the System Administrator can manage certificates
that are loaded onto the Printer, as well as the functions they are to be used for.
Note: In order to review all the certificates, select the option for Other to view the available
certificates.
3. Select the desired options and select the Display the list button.
4. When the certificates are listed, you can select one by checking the box and then select Certificate
Details to review.
5. The Certificate Details window will allow the System Administrator to Export this certificate, Delete,
or Use this certificate.
Checking Proxy Server details
If required by your network environment, ensure the Proxy Server details have been configured.
1. At your computer, select the Properties tab in CentreWare Internet Services.
2. From the displayed window, select the option for Connectivity.
3. Next, select the option for Proxy Server.
4. The Proxy Server option needs to be Enabled and the server address needs to be configured.
5. Select the option for Apply.
Certificate Revocation Retrieval Settings
The System Administrator can use the functionality found in the Certificate Revocation Retrieval
Settings option to configure the desired Online Certificate Status Protocol (OCSP) or Certificate
Revocation List (CRL).
1. Under the Security folder, select the option for Certificate Revocation Retrieval Settings.
2. Under the Level of Certificate Verification section, select the Level of Certificate Verification
setting for the Common Access Card to High.
The following Level of Certificate Validation descriptions are listed below;
• Low: The revocation status of certificates is not checked.
WorkCentre 7425/7428/7435
System Administrator Guide
95
Security
• Medium: The revocation status of certificates is checked, but if the certificate status cannot be
obtained due to a network issue, the certificate will be considered valid.
• High: The revocation status of certificates is checked. A certificate is only considered valid after
verifying that the certificate has not been revoked.
3. Next, under Retrieval of Certificate Status, select the option for By OCSP for Common Access
Card setup.
Note: The By Retrieving CRL option checks the certificate status on the Printer after retrieving a CRL.
4. Next, under the URL for the OCSP Responder With option, this should be setup by the System
Administrator for the Common Access Card setup. There is also an option to use an URL that’s
available on a certificate.
5. Next, set the OCSP Communication Timeout Value option based on your network performance.
6. Under the CRL options, verify that the check mark box for Auto Retrieval of CRL is unchecked.
Note: The CRL Retrieval Time-out is not required for Common Access Card setup.
7. Upon making your selections, select the Apply button to register your selections. This will initiate
the printer to reboot, allowing the settings to take effect.
Configuring E-mail Signing Feature
The following procedure will be performed at the printer.
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Select the option for System Settings.
6. Locate and select the option for Connectivity & Network Set-up.
7. On the right side of the display, scroll down the list and locate the option for Security Settings.
8. Select the option for S/MIME Settings.
• For Option #6 Digital Signature – Outgoing Mail, select the option for Always Add Signature
and press the Save button.
• For Option #7 Signing Certificate – Outgoing Email, select the option for SmartCard
Certificate and press the Save button.
9. Press the Log In/Out button, and select the option for Reboot.
WorkCentre 7425/7428/7435
96
System Administrator Guide
Scanning and Faxing
This chapter includes:
• Enabling Options with Software Keys on page 98
• Special Features on page 99
• Scan to E-mail on page 100
• Network Scanning (Using Templates) on page 112
• Scan to PC (FTP/SMB) on page 121
• Scan to Home on page 126
• Scanning to the Printer’s Hard Drive (Folders) on page 128
• Setup and Use of Job Flow Sheets with Folders on page 131
• Scan to PC Desktop on page 136
• Installing and Using the Network Scanner Utility on page 138
• Xerox Extensible Interface Program on page 140
• Fa x on page 142
• Server Fax on page 154
• Internet Fax (iFAX) on page 162
6
97
Scanning and Faxing
Enabling Options with Software Keys
Options such as Scanning (E-Mail, Folder, Network, Twain), Security (Disk Overwrite, Secure
Watermark), Internet Fax (iFAX), Server Fax, and Job Based Accounting, require purchase and
subsequent enabling with a supplied 12 character key. Software keys are usually included with the kit
documentation as a sticker on the manual, or they may be already installed on the printer as per the
purchase agreement.
Upon receipt of the software key, use the following procedure to enable the associated Option.
1. Press the Log In/Out button on the control panel.
2. Enter the System Administrator’s Login ID and Passcode if prompted (default admin, 1111), and
press Enter.
3. Press the Machine Status button.
4. Touch the To ol s tab.
5. Touch System Settings.
6. Touch Common Service Settings.
7. Touch Maintenance. Note that you may have to use the scrolling arrow to see this selection.
8. Touch Software Options and touch Keyboard. Enter the key, using the on-screen keyboard, in the
box provided.
9. Touch Save, then touch Reboot.
WorkCentre 7425/7428/7435
98
System Administrator Guide
Special Features
Special Features
Some features can be customized, and special features can be enabled. For example, you can change
the duration of built-in timers. Contact your Xerox representative for more information about special
features, and special feature codes.
To enable a special feature:
1. Open your Web browser and enter the IP address of the printer in the address field. Press Enter to
open CentreWare Internet Services.
2. Click the Properties tab.
3. If prompted, enter the system administrator user name and password (default: admin, 1111).
4. Click the Security folder, then Feature Enab lement .
5. Enter the code for the special feature and click Apply.
WorkCentre 7425/7428/7435
System Administrator Guide
99
Scanning and Faxing
Scan to E-mail
E-mail Overview
You must purchase the Scanning option to Scan to E-mail. If you did not, contact your Xerox
Representative to purchase this option.
The following E-mail features are available.
• E-mail: Scanned documents can be converted into an electronic format and transmitted via E-mail.
• iFAX: Unlike conventional fax machines which utilize public phone lines, the printer can transmit or
receive scanned data as e-mail attachments using either corporate networks or the Internet.
Contents of E-mail are processed according to the settings of Print iFAX Headers and Contents in
CentreWare Internet Services.
• E-mail Printing: E-mail with attachments in either TIFF or PDF format can be sent to the printer.
Received E-mail will automatically be printed. Contents of E-mail are processed according to the
settings of Print Mail Headers and Contents in CentreWare Internet Services.
• Job Completion Notice: When a computer has submitted a job to the printer, a notification of the
job’s completion can be sent by E-mail.
Xerox recommends that you register the address of a network administrator or a shared address.
Preparations
Before you set up the Scan to Email feature, confirm that:.
1. The printer is turned on and connected to a network.
2. TCP/IP protocol is enabled on the printer.
3. The device has been set up with DNS.
4. The Domain Name settings for the network have been correctly setup for the printer.
Obtain the following information:
Item Description
SMTP, POP3, or SMTP mail server
Host Name or IP address.
SMTP, POP3, or SMTP login and
password.
The printer’s assigned email address. This E-mail address will appear in the From field on E-mails sent from
Email addresses (optional). A local address book can be created to store E-mail addresses.
LDAP server host name. Email addresses stored in a network address book LDAP can be
If using an external mail server, ask your internet service provider to
provide this information.
the printer.
referenced from the printer.
WorkCentre 7425/7428/7435
100
System Administrator Guide
Loading...