, SquareFold®, and CentreWare®, are trademarks of Xerox Corporation in the United States and/or other
countries. Product status, build status, and/or specifications are subject to change without notice.
Microsoft, Windows, Windows XP, Windows Vista, Internet Explorer, and Word are registered trademarks of Microsoft
Corporation in the United States and/or other countries.
PANTONE
®
is a registered trademark of Pantone, Inc. ScanFlowStore®is a registered trademark of Nuance
Communications, Inc.
®
Apple
, Macintosh®, Mac OS®, and EtherTalk™are trademarks or registered trademarks of Apple Computer, Inc.,
registered in the U.S. and other countries. Elements of Apple's Technical User Documentation used by permission from
Apple Computer, Inc.
Adobe, the Adobe logo, Acrobat, the Acrobat logo, Acrobat Reader, Distiller, Adobe PDF logo, Adobe PDF JobReady,
Illustrator, InDesign, and Photoshop are registered trademarks of Adobe Systems, Inc. PostScript is an Adobe
registered trademark used with the Adobe PostScript Interpreter, the Adobe page description language, and other
Adobe products. This product is not endorsed or sponsored by Adobe Systems, publisher of Adobe Photoshop.
®
Fiery
and PrintMe®are registered trademarks of Electronics For Imaging, Inc. GBC®and AdvancedPunch™are
trademarks or registered trademarks of General Binding Corporation. HP, HPGL, HPGL/2, and HP-UX are registered
trademarks of Hewlett-Packard Corporation. Netscape
®
UNIX
is a registered trademark of the Open Group. Mozilla Firefox™is a trademark of Mozilla Foundation.
®
is a registered trademark of Netscape Communications.
This guide is for a system administrator with network administrator rights who understands
networking concepts and has experience creating and managing user accounts. Use this guide to help
you install, configure, and manage the printer on a network.
14
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Introduction
Configuration Steps
When you configure the printer for the first time, it is recommended that you perform the steps in
this order:
Note: Most configuration settings are in Embedded Web Server, on the Properties tab. If your
printer is locked, log in as the system administrator.
1.Connect an Ethernet cable from your printer to the network.
2.Confirm that your printer is recognized on your network. By default, the printer is configured to
receive an IP address from a DHCP server over a TCP/IP network.
3.Provide basic information such as your location, time zone, and date and time preferences, by
completing the Installation Wizard.
4.Print a Configuration Report that lists the current configuration of the printer. Review the report
and locate the IP address of the printer.
5.Open a Web browser. To access the Embedded Web Server, in the Web browser address field, type
the IP address of your printer. The Embedded Web Server provides administration and
configuration functions for your printer.
6.Configure Authentication.
7.Configure Security.
8.Enable services in the Embedded Web Server.
9.Configure Print, Scan, and Fax features.
Note: The fax feature is an option that is available only on the Xerox®PrimeLink®B9100
device.
10.Configure Accounting.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
15
Introduction
More Information
For more information about your printer, refer to the following sources.
InformationSource
User GuideSoftware and Documentation disc
www.support.xerox.com
Recommended Media Listwww.xerox.com/rmlna: United States
www.xerox.com/rmleu: Europe
Printer Management Toolswww.support.xerox.com
Print Driverswww.support.xerox.com. Search for your device, then download the print
driver for your operating system. Search the site for print driver
documents and brochures.
Online Support Assistantwww.support.xerox.com
Technical Supportwww.support.xerox.com
16
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
1.Connect the power cord to the printer, then plug the power cord into an electrical outlet.
2.Connect one end of a Category 5 or better Ethernet cable to the Ethernet port in the back of the
printer. Connect the other end of the cable to a correctly configured network port.
3.If you have purchased and installed the Fax Hardware Kit, connect the printer to a correctly
configured telephone line.
Note: The fax feature is an option that is available only on the Xerox®PrimeLink®B9100
device.
4.Power on the printer.
18
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Initial Setup
Initial Setup at the Control Panel
TThhee IInnssttaallllaattiioonn WWiizzaarrdd
The first time the printer is turned on, the Installation Wizard starts. The wizard prompts you with a
series of questions to help you configure basic settings for your printer. You are prompted to:
•Set the current date and time.
•Select your local time zone.
•Configure certification, system access level, SMTP, and LDAP.
CCoonnffiigguurraattiioonn RReeppoorrtt
After you complete the installation wizard, you can obtain a Configuration Report. The Configuration
Report lists the current settings for the printer. By default, a Configuration Report prints at startup.
1.At the control panel, press the Machine Status button and touch the Device Information tab.
2.Touch Print Reports.
3.Touch Printer Reports.
4.Touch Configuration Report and press the Start button.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
19
Initial Setup
System Administrator Access at the Control
Panel
To configure the printer from the control panel, press the Machine Status button, then touch the
Tools tab. If the printer is locked, log in as a system administrator.
The default administrator password is the device serial number. You can obtain the serial number
from the back of the printer, from the configuration report, or from the home page of the Embedded
Web Server. You can get the serial number from the control panel touch screen. At the control panel,
press the Machine Status button, then on the touch screen, select Device Information. The serial
number is in the General Information area of the touch screen. The password is case-sensitive.
Note: When the administrator password is set to the device serial number, administrator
functions are not accessible. If the administrator password is set to the device serial number, at
the next administrator login attempt, you are prompted to change the default administrator
password. After you change the default administrator password, you have full access to
administrator privileges.
To log in as a system administrator:
1.At the control panel, press the Log In/Out button.
2.Type admin, then touch Next.
3.Type the administrator password, then touch Enter.
To log out, touch Admin, then touch Logout. On the next screen, touch Logout.
4.To lock the printer, touch On. To unlock the printer, touch Off.
5.If you touched On:
a.Touch Keyboard, type the new system administrator Login ID, then touch Save.
b.Touch Keyboard, reenter the Login ID, then touch Save.
6.Touch Save.
20
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Initial Setup
Manually Setting the Ethernet Interface Speed
The Ethernet interface of the printer automatically detects the speed of your network. If your network
is connected to another auto-sensing device, such as a hub, the hub may not detect the correct speed.
Refer to the Configuration Report to make sure that the printer has detected the correct speed of
your network. To view the Configuration Report, see Printing the Configuration Report.
To set the Ethernet interface speed manually:
1.Log in as a System Administrator.
2.At the control panel, press Machine Status, then touch the Tools tab.
3.Touch System Settings→Connectivity & Network Setup→Protocol Settings.
4.Touch Ethernet Settings, then touch Change Settings.
5.Touch Ethernet - Rated Speed, then touch Change Settings.
6.To match the speed set on your hub or switch, select the Speed.
7.Touch Save, then touch Close.
AAssssiiggnniinngg aa NNeettwwoorrkk AAddddrreessss
By default, the printer automatically acquires a network address from a DHCP server. To assign a
static IP address, configure DNS server settings, or configure other TCP/IP settings, refer to TCP/IP.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
21
Initial Setup
Viewing Services and Options
To see which services and options are enabled or installed:
1.At the control panel, press the Machine Status button, then touch the Device Information tab.
2.Touch Device Configuration.
3.Touch Close.
22
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Initial Setup
Embedded Web Server
The Embedded Web Server allows you to configure and administer the printer from a Web browser on
any computer.
•Ensure that TCP/IP and HTTP are enabled. A TCP/IP or HTTP connection is required to access the
Embedded Web Server.
•To determine the IP address of your printer, do one of the following:
–Obtain a Configuration Report.
–At the control panel, press the Machine Status button.
The default administrator password is the device serial number. You can obtain the serial number
from the back of the printer, from the configuration report, or from the home page of the Embedded
Web Server. You can get the serial number from the control panel touch screen. At the control panel,
press the Machine Status button, then on the touch screen, select Device Information. The serial
number is in the General Information area of the touch screen. The password is case-sensitive.
Note: The default administrator user name is admin. When the administrator password is set
to the device serial number, administrator functions are not accessible. If the administrator
password is set to the device serial number, at the next administrator login attempt, you are
prompted to change the default administrator password. After you change the default
administrator password, you have full access to administrator privileges.
To access the Embedded Web Server:
1.At your computer, open a Web browser.
2.In the address field, type the IP address of your printer. Press Enter. The Embedded Web Server
screen appears.
•You can access the printer using a combination of the host name and the domain name as
the Internet address. A DNS (Domain Name System) is required. The DNS server requires that
the printer host name is registered.
•To specify a port number, for the IP address, type : and the port number.
3.Click the Properties tab.
4.If prompted, type the user name and password of the administrator account, then confirm the
login request.
You can access any administrator functions within the Embedded Web Server.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
23
Initial Setup
Enabling Services and Options
You must enable some services and options before you can use them. To enable these special services
and options, use either the control panel or the Embedded Web Server.
To enable services and options in the Embedded Web Server:
1.In the Embedded Web Server, click Properties→Security→Feature Enablement.
2.Type the Unique Function Code.
3.Click Apply.
4.Click Reboot.
24
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Initial Setup
Changing the System Administrator Password
For security purposes, Xerox®recommends that you change the default administrator password after
you configure the printer. Ensure that you store the password in a secure location.
The default administrator password is the device serial number. You can obtain the serial number
from the back of the printer, from the configuration report, or from the home page of the Embedded
Web Server. You can get the serial number from the control panel touch screen. At the control panel,
press the Machine Status button, then on the touch screen, select Device Information. The serial
number is in the General Information area of the touch screen. The password is case-sensitive.
Note: When the administrator password is set to the device serial number, administrator
functions are not accessible. If the administrator password is set to the device serial number, at
the next administrator login attempt, you are prompted to change the default administrator
password. After you change the default administrator password, you have full access to
administrator privileges.
To change the administrator password:
1.In the Embedded Web Server, click Properties→Security→System Administrator Settings.
2.If needed, change the Administrator Login ID.
3.For Administrator's Passcode, type the new password.
4.Retype the password.
5.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
25
Initial Setup
Using the Configuration Overview Page
In the Embedded Web Server, the Configuration Overview page provides shortcuts to commonly
accessed pages on the Properties tab. To access the Configuration Overview page, click
Properties→Configuration Overview.
AAssssiiggnniinngg aa NNaammee aanndd LLooccaattiioonn ttoo tthhee PPrriinntteerr
The Description page provides a place to assign a name and location to the printer for future
reference.
To assign a printer name and location:
1.In the Embedded Web Server, click Properties→Description.
2.For Device Name, type a name for the printer.
3.For Location, type the location of the printer.
4.In the fields provided, type the System Administrator contact information, the printer email
address, and comment, as needed.
5.Click Apply.
26
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Transmission Control Protocol (TCP) and Internet Protocol (IP) are protocols within the Internet
Protocol Suite. IP manages the transmission of messages from computer to computer while TCP
manages the actual end-to-end connections.
EEnnaabblliinngg TTCCPP//IIPP
Note: TCP/IP is enabled by default. If you disable TCP/IP, ensure that you re-enable it at the
printer control panel to access the Embedded Web Server.
To enable TCP/IP:
1.At the control panel, log in as System Administrator, press the Machine Status button, and touch
the Tools tab.
2.Touch System Settings→Connectivity & Network Setup→Protocol Settings.
3.Touch TCP/IP - Common Settings.
4.Touch Change Settings.
5.Select the item to change and touch Change Settings.
6.Touch IPv4 Mode, IPv6 Mode, or Dual Stack to enable both IPv4 and IPv6.
IPv4 can be used in addition to or in place of IPv6. To configure settings for IPv4:
Note: If both IPv4 and IPv6 are disabled, you cannot access the Embedded Web Server. Re-
enable TCP/IP at the control panel to access the Embedded Web Server. Disabling TCP/IP or
changing the IP address also disables any dependent protocols.
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→TCP/IP.
IPv4 is enabled by default.
2.Type a unique Host Name for your printer.
3.Select the desired method for obtaining a dynamic IP address from the IP Address Resolution
drop-down menu, or select Static to define a static IP address.
4.If you select Static, type the IP Address, Subnet Mask, and Gateway Address in the appropriate
fields.
Note: If you select BOOTP or DHCP, you cannot change the IP address, Subnet Mask, or
default gateway.
5.Type a valid Domain Name.
6.Click Apply.
30
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
DDNNSS CCoonnffiigguurraattiioonn ffoorr IIPPvv44
To configure settings for IPv4:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→TCP/IP.
2.Next to Obtain DNS Server Address Automatically, select Enabled to allow your DHCP server to
provide the DNS server address. Clear the check box to manually provide the DNS server address,
and type an IP address for the Preferred DNS Server, Alternate DNS Server 1, and Alternate DNS
Server 2 in the appropriate fields.
Note: If DHCP or BOOTP is the IP Address Resolution setting, you cannot change the
Domain Name, Primary DNS Server, Alternate DNS Server 1, and Alternate DNS Server 2
settings.
3.Next to Dynamic DNS Registration (IPv4), select Enabled to register the printer's host name in
the DNS server. Select Overwrite if you want to overwrite existing entries in the DNS server.
Note: If your DNS Server does not support dynamic updates, you do not need to enable
DDNS.
4.Next to Generate Domain Search List Automatically, select Enabled if you want the printer to
generate a list of search domains. Type the domain names if the option is disabled.
5.Next to Connection Time-Out, type the time allowed until the printer stops attempting to
connect to the server.
6.Next to Release Current IP Address When the Host is Powered Off, select Enabled if you want
the printer to release its IP address when it restarts.
IPv6 hosts can configure themselves automatically when connected to a routed IPv6 network using
the Internet Control Message Protocol Version 6 (ICMPv6). ICMPv6 performs error reporting for IP
along with other diagnostic functions. When first connected to a network, a host sends a link-local
multicast router solicitation request for its configuration parameters. If suitably configured, routers
respond to the request with a router advertisement packet containing network-layer configuration
parameters.
Note: IPv6 is optional and can be used in addition to, or in place of, IPv4. If both IPv4 and
IPv6 protocols are disabled, you cannot access the Embedded Web Server. The host name is
the same for IPv4 and IPv6. If you change the host name for IPv6, the host name changes for
IPv4 too.
Note: If both IPv4 and IPv6 are disabled, you cannot access the Embedded Web Server. To
access the Embedded Web Server, at the control panel, re-enable TCP/IP. If you disable TCP/IP
or change the IP address, the actions disable any dependent protocols.
To configure settings for IPv6:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→TCP/IP.
2.For IP Mode, select IPv6, or, to use both IPv4 and IPv6, select Dual Stack. By default, IPv6 is
disabled.
3.Type a unique Host Name for the printer.
®
Xerox
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
31
Network Connectivity
4.To assign an IPv6 address manually, for Enable Manual Address, select Enabled. Type the IP
Address and Gateway Address.
5.To allow your DHCP server to assign an IP address to the printer, for Get IP Address from DHCP,
select Enabled.
6.Type the required Domain Name.
7.Click Apply.
Note: If you enable or disable IPv6, then click Apply, the printer restarts.
DDNNSS CCoonnffiigguurraattiioonn ffoorr IIPPvv66
To configure settings for IPv6:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→TCP/IP.
2.Select a method for obtaining the DNS server address:
•To allow the DHCP server to provide the DNS server address automatically, for DHCPv6–Lite,
select Enabled.
•To specify the DNS server addresses manually, for DHCPv6–Lite, clear the check box for
Enabled. Type the IP addresses of the Preferred DNS Server, the Alternate DNS Server 1,
and the Alternate DNS Server 2.
3.To register the printer host name in the DNS server, for Dynamic DNS Registration (IPv6), select
Enabled. To replace existing entries in the DNS server, select Overwrite.
4.To generate the domain search list automatically, for Generate Domain Search ListAutomatically, select Enabled.
5.Type the names for Domain Name 1, Domain Name 2, and Domain Name 3.
6.For Connection Timeout, type a number between 1–60 seconds.
7.To enable DNS Resolution via IPv6 First, select Enabled.
8.To make the printer release the IP address when the printer restarts, for Release Current IPAddress When the Host is Powered Off, select Enabled.
To support zero-configuration networking, the printer assigns a self-signed address automatically. The
self-signed address is for IPv4, IPv6, or both, for a dual stack configuration. If the printer cannot
connect to a DHCP server to obtain an IP address, the printer assigns itself a Link-Local address.
32
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
SNMP
Simple Network Management Protocol (SNMP) is used in network management systems to monitor
network-attached devices for conditions that require administrative attention. It consists of a set of
standards for network management including an application layer, a database schema, and a set of
data objects. Agents, or software modules, reside in the printer's SNMPv3 engine. A manager is an
SNMPv3 management application such as OpenView, that is used to monitor and configure devices
on the network. The agent responds to read (GET) and write (SET) requests from the manager and
can also generate alert messages, or traps, based on certain events.
SNMP settings can be configured in the Embedded Web Server. You can also enable or disable
Authentication Failure Generic Traps on the printer. SNMPv3 can be enabled to create an encrypted
channel for secure printer management.
EEnnaabblliinngg SSNNMMPP
To enable SNMP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For SNMP, select Enabled.
3.To enable the UDP transport protocol if necessary, for UDP, select Enabled.
4.Click Apply.
CCoonnffiigguurriinngg SSNNMMPP
To configure SNMP settings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→SNMP Configuration.
2.For SNMP Properties, select Enable SNMPv1/v2c Protocols, or Enable SNMPv3 Protocol.
To use SNMPv3, enable and configure HTTPS.
3.To allow remote management servers to change SNMP settings on the printer, select AllowWrite.
4.To make the printer generate a trap for every received SNMP request that contains an invalid
community name, for Authentication Failure Generic Traps, select Enabled.
3.Type a name up to 256 characters for the Community Name (Read Only) or use the default value
of public.
GET returns the password for the SNMP GET requests to the printer. Applications obtaining
information from the printer using SNMP, such as the Embedded Web Server, use this password.
4.Type a name up to 256 characters for the Community Name (Read / Write) or use the default
value of private.
SET returns the password for the SNMP SET requests to the printer. Applications that set
information on the printer using SNMP, use this password.
5.Type a name up to 256 characters for the default Trap Community Name or use the default value
of SNMP_TRAP.
Note: The Default Trap Community Name is used to specify the default community name
for all traps generated by this printer. The Default Trap Community Name can be
overridden by the Trap Community Name specified for each individual trap destination
address. The Trap Community Name for one address may not be the same Trap
Community Name specified for another address.
6.Type the System Administrator's Login ID.
7.Click Apply.
EEddiittiinngg SSNNMMPP vv33 SSeettttiinnggss
Note: Before SNMPv3 can be enabled, install a digital certificate on the printer, and enable
SSL.
To edit SNMP v3 properties:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→SNMP Configuration.
3.Under Administrator Account, click Account Enabled to create the administrator account.
4.Type an Authentication Password then confirm it. The Authentication Password must be at least
eight characters in length and can include any characters except control characters. This
password is used to generate a key used for authentication.
5.Type a Privacy Password and confirm it. The Privacy Password is used for encryption of SNMPv3
data. The password used to encrypt the data needs to match with the Server.
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
4.Type the IP address of the host running the SNMP manager application to be used to receive
traps.
Note: Port 162/UDP is the default port for traps. Select v1 or v2c based on what the trap
receiving system supports.
5.Under Traps, select the type of traps to be received by the SNMP manager.
6.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
35
Network Connectivity
LPD
The Line Printer Daemon (LPD) protocol is used to provide printer spooling and network print server
functionality for operating systems such as HP-UX, Linux
Note: For information on setting up print queues on your client system, refer to your client
system documentation.
®
, and MAC OS X.
EEnnaabblliinngg LLPPDD
To enable the LPD protocol:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.Next to LPD, select the Enabled check box.
Note: Disabling LPD affects clients printing to the printer over TCP/IP using the LPR
printing port.
3.Click Apply.
CCoonnffiigguurriinngg LLPPDD
To configure the Line Printer Daemon protocol:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LPD.
2.Type a Port Number or use the default port number of 515.
3.To enable the TBCP Filter, select Enabled.
4.Enter the Connection Timeout.
5.Enter the Maximum Number of Sessions.
6.For Character Encoding, select According to Device Language Setting or UTF–8.
7.If necessary, for TCP-MSS Mode, select Enabled.
8.If TCP-MSS mode is enabled, for IPv4, type the IP addresses for Subnets 1, 2, and 3.
Note: TCP-MSS settings are common for LPD and Port 9100.
9.Click Apply.
36
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
Raw TCP/IP Printing
Raw TCP/IP is a printing method used to open a TCP socket-level connection over Port 9100, to
stream a print-ready file to the input buffer of the printer. Raw TCP/IP then closes the connection
after sensing an End-Of-Job character in the PDL or after expiration of a preset time-out value. Port
9100 does not require an LPR request from the computer or the use of an LPD running on the printer.
Port 9100 is selected in Windows as the Standard TCP/IP port.
EEnnaabblliinngg PPoorrtt 99110000
Note: Before you enable Port 9100, enable TCP/IP.
To enable port 9100:
1.In the Embedded Web Server, click Connectivity→Port Settings.
2.For Port 9100, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg PPoorrtt 99110000
To configure port 9100:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Port 9100.
2.If necessary, for TCP-MSS Mode, select Enabled.
Note: TCP-MSS settings are common for LPD and Port 9100.
3.If TCP-MSS mode is enabled, for IPv4, type the IP addresses for Subnets 1, 2, and 3.
4.Ensure that the TCP Port Number is set to 9100.
5.For End of Job Timeout, type a value between 2–65535 seconds. The default time is 300
seconds.
6.If necessary, for TBCP Filter, select Enabled.
7.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
37
Network Connectivity
SMTP
Simple Mail Transfer Protocol (SMTP) is used by the email feature on the printer to deliver scanned
images and Internet Fax jobs through email. After you enable SMTP, the email button is enabled on
the control panel.
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→SMTP
Server→Connection Test.
2.In the Connection Test Email area, type your email address.
3.Click Send Email.
The result is displayed in the Email Delivery Status area. Check your emails for the test email from
the printer.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
39
Network Connectivity
LDAP
Lightweight Directory Access Protocol (LDAP) is a protocol used to process queries and updates to an
information directory, also known as an LDAP directory, stored on an external server. LDAP directories
are heavily optimized for read performance. Use this page to define how the printer retrieves user
information from an LDAP directory.
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAP Server.
2.In the Server Information area, type the appropriately formatted main and backup LDAP server
addresses, host name, and port numbers. The default port number is 389.
3.For LDAP Server, select the type of LDAP server.
4.In the Optional Information area, specify settings if necessary:
a.For Search Directory Root, type the search directory root path using Base DN format.
b.For Login Credentials to Search Entries, select Remotely Authenticated User, or System.
c.If necessary, type the login name, then type and retype the password.
d.For Maximum Number of Search Results, type the maximum number of addresses that can
be returned matching the search criteria. Type a number between 5–100.
e.For Search Timeout, select Use LDAP Server Timeout or Wait. If you select Wait, type a
duration between 5–120 seconds.
f.If your primary LDAP server is connected to other LDAP servers, to include the servers in your
searches, for LDAP Referrals, select Enabled.
g.For LDAP Referral Hop Limit, type the maximum number of consecutive LDAP referrals.
Specify a limit between 1–5.
5.In the Perform Query on area, select an option if necessary:
•Mapped Name Field: Select this option to specify how the fields are mapped.
•Surname and Given Name Fields: Select this option to search for the last name and first
name of the user.
6.Click Apply.
40
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
DDeeffiinniinngg UUsseerr MMaappppiinnggss
LDAP servers provide different results to search queries depending on how user data is mapped.
Editing the mapping allows you to fine-tune server search results.
Note: If you are using Internet Fax, ensure that the Internet Fax field is not set to No attribute
type that can be used. This setting prevents the LDAP Address Book from displaying on the
Internet Fax screen on the control panel. Select mail as the Internet Fax setting.
Note: The fax feature is an option that is available only on the Xerox®PrimeLink®B9100
device.
To define LDAP user mappings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAP User
Mappings.
The information you entered on the LDAP Server tab is summarized in the Server Information
area.
2.To send a test query, type the name of the user you want to search for in the User Name field,
then click Search. If a match occurs, the information for the user is displayed.
3.Use the drop-down menus under Imported Heading to remap fields as needed.
Note: Headings are defined by your LDAP server schema.
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→Connection
Test.
2.Type a name for the test.
3.Click Search.
The Search Result area displays the test results.
42
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
POP3
Post Office Protocol, version 3 (POP3) allows email clients to retrieve email from remote servers over
TCP/IP on network port 110. To configure POP3:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→POP3 Setup.
2.Type the appropriately formatted IP address, host name, and port number. The default port
number is 110.
3.For POP Receive Password Encryption, select APOP Authentication, if required.
4.Type the Login Name assigned to the printer that is used to log in to the POP3 server.
5.Type a password. Retype the password to confirm.
6.To enable POP3 - SSL/TLS Communication, if needed, select Enabled.
7.Type a Polling Interval value between 1–120 minutes. The default value is 10 minutes.
8.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
43
Network Connectivity
HTTP
Hypertext Transfer Protocol (HTTP) is a request-response standard protocol between clients and
servers. Clients making HTTP requests are referred to as User Agents (UAs) while servers responding
to these requests for resources such as HTML pages, are referred to as origin servers. There can be any
number of intermediaries, such as tunnels, proxies, or gateways between UAs and origin servers.
EEnnaabblliinngg HHTTTTPP
HTTP is enabled by default. If you disable HTTP, you will need to enable it at the printer before you
can access the Embedded Web Server.
To enable HTTP:
1.At the control panel, press the Machine Status button, then touch the Tools tab.
2.Touch System Settings→Connectivity & Network Setup→Port Settings.
3.Touch Internet Services (HTTP), then touch Change Settings.
4.Touch Port Status, then touch Change Settings.
5.On the Internet Services - Port Status screen, touch Enabled, then touch Save.
6.Touch Close.
CCoonnffiigguurriinngg HHTTTTPP SSeettttiinnggss
To configure HTTP settings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→HTTP.
2.Change the maximum number of sessions, if necessary. The default is 5.
3.To use cross-site request forgery protection, for CSRF Protection, select Enabled.
4.Type the Port Number, if necessary. The default is 80.
5.To encrypt HTTP communication between the printer and client computers using the Embedded
Web Server, for Secure HTTP (SSL), select Enabled. The encryption is used for data sent using
IPsec, SNMP, and Audit Log. A digital certificate installed on the printer is required.
6.Type the Secure HTTP Port Number, if necessary. When SSL is enabled, HTTP traffic is routed to
this port. The default is 443.
7.Enter the amount of time for the Connection Timeout, if necessary.
8.Click Apply.
44
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
Proxy Server
A proxy server acts as a go-between for clients that seek services and the servers that provide them.
The proxy server filters client requests. If the requests conform to the filtering rules, the proxy server
grants the request and allows the connection.
A proxy server has two main purposes:
•A proxy server keeps any devices behind the server anonymous for security purposes.
•A proxy server decreases the amount of time required to access information by caching content,
such as webpages from a Web server.
Note: Proxy server settings are used for Xerox®Remote Print Services, formerly called SMart
eSolutions.
To configure proxy server settings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Proxy Server.
2.In the General area, for Use Proxy Server, select Enabled.
3.For Proxy Server Setup, select an option:
•Same Proxy for All Protocols: Select this option to use the same proxy settings for HTTP and
HTTPS.
•Different Proxy for Each Protocol: Select this option to use different proxy settings for HTTP
and HTTPS.
•Use Automatic Proxy Configuration Script: Select this option to use an automatic proxy
configuration script.
•Automatically Detect Settings: Select this option to detect proxy settings automatically.
4.For Addresses to Bypass Proxy Server, type any Web addresses or domains that you want to
bypass the proxy server. For example, type the address of your company intranet site.
5.In the HTTP Server area, type the Server Name and Port Number. The factory default port
number is 8080.
Note: Ensure that the port number that you set for the device matches the port number
that the server is configured to use for this proxy.
6.If your proxy server is configured to require authentication, for Authentication, select Enabled.
Type your credentials in the Login Name and Password fields. Retype the password to confirm.
7.To use a different proxy server for HTTPS, type the server information in the HTTPS Server area.
The default port number is 8080.
8.To use an automatic proxy configuration script, type the URL for the script in the Use Automatic
Proxy Configuration Script area.
9.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
45
Network Connectivity
Microsoft Networking
CCoonnffiigguurriinngg WWIINNSS
When running WINS, the printer registers its IP address and NetBIOS host name with a WINS server.
WINS allows users to communicate with the printer using the host name only.
To configure primary and secondary WINS servers:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Microsoft
Networking. The SMB client page opens.
2.To allow your DHCP server to provide your WINS server address to the printer, select DHCP next
to Obtain WINS Server Address Automatically.
3.If you want to provide the WINS server address manually, type it in the Primary Server IP
Address field.
4.If desired, type the secondary WINS server address in the Secondary Server IP Address field.
5.Click Apply.
46
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
IPP
Internet Printing Protocol (IPP) is used for remote printing and managing print jobs.
EEnnaabblliinngg IIPPPP
To enable IPP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For IPP, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg IIPPPP
To configure IPP printing:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→IPP.
2.For Add Port Number (IPP), type the port number that you want the printer to use.
3.For Add Port Number (IPPS), type the port number that you want the printer to use for secure
IPP.
4.To enable the TBCP Filter, select Enabled.
5.To allow only one specific user to control or delete any print job, for Administrator Mode, select
Enabled.
6.For Connection Timeout, type the timeout period. The default is 60 seconds.
7.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
47
Network Connectivity
Universal Plug and Play Discovery
The Universal Plug and Play Protocol (UPnP) network protocols are used by devices in a TCP/IP
network to discover each other. The devices can establish connections for data sharing and
communications. You can configure the printer to use the Simple Service Discovery Protocol in the
UPnP network. For more information, refer to SSDP.
EEnnaabblliinngg UUPPnnPP
To enable UPnP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For UDP, UPnP Discovery, and SOAP, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg UUPPnnPP
To configure UPnP:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→UPnP Discovery.
2.Type a port number. Port 1900 is the standard port for UPnP.
3.Click Apply.
48
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
SSDP
The Simple Service Discovery Protocol (SSDP) can be used in Universal Plug and Play networks. When
SSDP is enabled on the printer, the printer advertises itself to other Universal Plug and Play (UPnP)
clients in the network. For example, the printer advertises itself to personal computers.
To configure SSDP:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→SSDP.
2.For SSDP Port Status, select Enabled.
3.Set the valid advertising period.
Note: The printer advertises itself to other devices in the network using the advertising
period. The default is every 180 minutes. You can specify an interval between 60–4320
minutes.
4.Type a Maximum TTL value.
Note: To allow the printer to reach UPnP (Universal Plug and Play) devices in other
subnetworks, type a time-to-live (TTL) value between 1–10. The TTL value specifies the
number of routers that an SSDP message can pass through.
5.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
49
Network Connectivity
WebDAV
Web-based Distributed Authoring and Versioning (WebDAV) is a set of extensions to HTTP that allow
users to edit and manage files collaboratively on remote Web servers. WebDAV must be enabled to
use Network Scan Utility 3.
EEnnaabblliinngg WWeebbDDAAVV
To enable WebDAV:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For WebDAV, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg WWeebbDDAAVV
To configure WebDAV settings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→WebDAV.
2.Type the Port Number.
3.Type the Connection Timeout period. The default is 30 seconds.
4.Click Apply.
50
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
WSD
Web Services for Devices (WSD) is technology from Microsoft that provides a standard method for
discovering and using network connected devices. It is supported in all of the current Windows and
Windows Server operating systems. WSD is one of several supported communication protocols.
EEnnaabblliinngg WWSSDD
To enable the WSD protocol:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.To enable the WSD print service, for WSD Print, select Enabled.
3.To enable the WSD scan service, for WSD Scan, select Enabled.
4.Click Apply.
CCoonnffiigguurriinngg WWSSDD
To configure the WSD protocol:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→WSD.
2.Edit the following settings if necessary:
•Port Number. The default is 80.
•TBCP Filter. To use the filter, select Enabled.
•Data Receive Timeout in seconds. The default is 30.
•Notification Delivery Timeout in seconds. The default is 8.
•Maximum TTL. The default maximum time to live is 1.
•Maximum Number of Subscribers. The default is 50.
3.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
51
Network Connectivity
FTP
File Transport Protocol (FTP) is a standard network protocol used to pass and manipulate files over a
TCP/IP network. Several services running on your printer, including Network Scanning and Fax, can
use FTP as a filing service.
EEnnaabblliinngg FFTTPP
To enable FTP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→FTP.
2.For Transfer Mode, select Passive Mode, or Active Mode.
3.Click Apply.
52
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
Google Cloud Print
Google Cloud Printing allows users to access the cloud print queue from any Internet-connected
device in any geographic location. To allow access to the service, provide users with registration
details. Users register for the service with the information that you provide.
To allow users to use Google Cloud Print, supply users with the registration details. To print the
registration details:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Google Cloud Print.
2.Click Register this Device to Google Cloud Print. The printer prints the registration details and
instructions.
3.Tell users to complete the registration using the printed information.
The user follows the printed instructions to register the printer to their Google Cloud Print Service. The
Status area in the Google Cloud Print page provides information about the registration.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
53
Network Connectivity
Bonjour Multicast DNS
Bonjour is a zero-configuration networking protocol developed by Apple to allow devices on a LAN to
locate each other. When you enable Multicast DNS (Bonjour) on the printer, the printer responds to
mDNS calls. Any computer that runs the Apple Macintosh operating system Bonjour technology can
discover the printer on a network. Bonjour and IPP are required for Mopria
and the Mac OS Print Center and Print Setup Utility. To use Bonjour, enable LPD and Raw TCP/IP
printing on port 9100. For more information, refer to IPP, LPD, and Raw TCP/IP Printing.
EEnnaabblliinngg BBoonnjjoouurr
To enable Bonjour:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For Bonjour, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg BBoonnjjoouurr
™
Mobile Printing, AirPrint®,
To configure Bonjour:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Bonjour.
2.Type the host name and printer name.
3.To use wide-area Bonjour, for Wide-Area Bonjour, select Enabled. Wide-area Bonjour allows
devices to discover each other even if they are in different subnets in the network.
4.Click Apply.
54
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
AirPrint
AirPrint is a software feature that allows you to print from wired or wireless Apple iOS-based mobile
devices and Mac OS-based devices without the need to install a print driver. AirPrint-enabled printers
allow you to print or fax directly from a Mac, an iPhone, iPad, or iPod touch. To use AirPrint, enable
and configure IPP and Bonjour.
Note:
•Not all iOS applications support printing using AirPrint.
•Wireless devices must join the same wireless network as the printer. You can connect the
printer by its wired network interface.
•To allow devices to print from different subnets, configure your network to pass multicast
DNS traffic.
•AirPrint-enabled printers work with all models of iPad, iPhone 3GS or later, and iPod touch
third generation or later, running the latest version of iOS.
•The Mac OS device requires Mac OS 10.7 or later.
CCoonnffiigguurriinngg AAiirrPPrriinntt
To configure AirPrint:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→AirPrint.
2.In the General area, for AirPrint, select Enabled.
3.To use AirPrint on a USB connection, for USB Connection, select Enabled.
4.To specify printer information, in the Bonjour area, type the printer name and location.
Optionally, type the geographical coordinates.
5.To use IPP authentication:
a.In the IPP Authentication area, for Basic Authentication, select Enabled.
b.Type a user name, then type and retype a password.
6.To use a digital certificate:
a.In the Device Digital Certificate area, for Device Digital Certificate Management, click
Settings.
b.Create a certificate, or upload a signed certificate. For more information, refer to Digital
Certificates.
7.To configure AirPrint, for software updates:
a.In the Device Software area, click Update.
b.To check for software updates, in the Software Update area, click Check Now.
c.To specify when the printer checks for updates, in the Check for Update area, select Never,
Daily, Weekly, or Monthly.
d.To receive email notifications for the software upgrades, in the Email Notifications area, click
Setup. In the Software Update page, type up to three email addresses, then click Apply.
8.To check consumables, in the Consumables area, click Check Status. To return to the AirPrint
page, click Back.
®
Xerox
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
55
Network Connectivity
9.To specify what happens when a data error occurs, for Print Job Handling when Data ErrorOccurs, select Cancel Print Job or Force Print Job.
10.Click Apply.
56
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Network Connectivity
Mopria
Mopria™is a software feature that enables users to print from mobile devices without requiring a print
driver. To enable printing, users install the Mopria app or plug-in available from the appropriate app
store. When you enable and configure Mopria on the printer, the required protocols IPP and Bonjour
are enabled.
CCoonnffiigguurriinngg MMoopprriiaa
To configure Mopria:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Mopria.
2.Select Enabled.
3.Click Apply.
Note: Before you disable Mopria, disable IPP and Bonjour. If AirPrint is configured on the
printer, disabling IPP and Bonjour disables AirPrint. To continue to use AirPrint, re-enable it.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
57
Network Connectivity
SOAP
SOAP is an open-standard, platform-independent, XML-based messaging protocol that allows
computers and networks using different operating systems to exchange information. SOAP is used by
other network protocols, including Universal Plug and Play Discovery.
To enable SOAP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For SOAP, select Enabled.
3.Click Apply.
58
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
4
Security
This chapter contains:
•Setting Up Access Rights ........... ...... ..... ...... ..... ...... ........... ........... ........... ........... ...... ..... ...... ..... ... 60
You can control access to the printer's services and features by setting up authentication,
authorization, and personalization.
AAuutthheennttiiccaattiioonn
Authentication is the process of confirming the identity of a user by comparing information provided
by the user, such as their user name and password, against another source of user information such
as a Lightweight Directory Access Protocol (LDAP) network directory. Users can be authenticated
when accessing the control panel or when accessing the Embedded Web Server.
There are several ways to authenticate a user:
•Local: If you have a limited number of users, or do not have access to a Lightweight Directory
Access Protocol (LDAP) network directory, you can add user information, such as user names and
passwords, to the internal database of the printer. You can then specify tools and feature access
for all users. Users are authenticated and authorized when they log in at the control panel.
•Network: The printer retrieves user information from an LDAP network directory to authenticate
and authorize users when they log in at the control panel. Configure LDAP server settings before
configuring authentication settings. The printer can use any of the following protocols to
communicate with your authentication server:
–Kerberos (Solaris, or Windows 2000/2003)
–SMB (Windows 2000/2003)
–LDAP
•Card Reader: To use this feature, purchase and install a magnetic or proximity card reading
system, such as Xerox
identification card.
®
Secure Access. To access the printer, users swipe a pre-programmed
AAuutthhoorriizzaattiioonn
Authorization is the process of defining the services and features that users are allowed to access. For
example, you can configure the printer to allow a user to copy, scan, and fax, but not email. There are
two types of authorization:
•Locally on the Device (Internal Database): User login information is stored locally in the printer's
internal User Information Database.
•Remotely on the Network: User login information is stored externally in a network database such
as an LDAP directory.
60
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Security
PPeerrssoonnaalliizzaattiioonn
Personalization is the process of customizing services for a specific user. If your network is connected
to an LDAP server, the printer can look up the home directory and email address of a user for the Scan
to Home, or email scanning features.
Note: Personalization is only available when the printer is configured to use network
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.On the Authentication Configuration page, for Login Type, select Login to Local Accounts.
3.To enable Print Stored File from Folder or Folder to PC/Server, select Enabled.
4.To allow users without accounts to access the printer, for Non-account Print, select Enabled.
5.To use the domain name for print client authentication, select Enabled.
6.Click Apply, then click Reboot Device.
DDeeffiinniinngg UUsseerr IInnffoorrmmaattiioonn
User information is required before you can define access rights for users. You can add user
information to the User Information Database on the printer, or edit user information in the
database. You can specify a network database or LDAP server that contains user information. For
information on network authentication and LDAP user information, refer to Network Authentication
and LDAP.
You can add users to the User Information Database on the printer, or edit existing user information.
The database can contain a maximum of 1000 users. To edit the User Information Database:
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.Click Next.
3.For Account Number, type a number, then click Edit. Each user in the database has a unique
number.
4.In the User Identification area, type the user information. Type the user name and user
identification. Type, then retype a password if needed. Type an email address.
5.In the Feature Access area, specify the copy, scan, print, and device access for the user.
6.In the Impression / Limits area, specify the usage limits for the user.
7.For User Role, select System Administrator, Account Administrator, or User.
8.If needed, add the user to an authorization group.
9.Click Apply.
The user is added to the User Information Database. When you add other users, ensure that you type
a unique Account Number for each user.
62
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
1.In the Embedded Web Server, click Properties→Security→User Details Setup.
2.If you want the control panel to display text other than the User ID, for Alternative Name forUser ID, type the required text.
3.To display text as asterisks on the control panel, for Mask User ID, select Hide. To display text on
the control panel, select Show.
4.For Failed Access Log, type the number of allowed login attempts from 1–600 attempts. To
allow an unlimited number of login attempts, type 0. If the maximum number of allowed
attempts is exceeded, the printer is locked, and requires a restart.
5.To allow users to log in without case sensitivity, for User ID for Login, select Non-Case Sensitive.
6.Type the minimum, and maximum password length. You can specify a password length from 1–
63 characters. If you do not want to specify a minimum limit, for Minimum Passcode Length,
type 0.
7.Specify the number of login attempts for the system administrator, and local user, from 1–10
attempts. To allow an unlimited number of login attempts, type 0.
8.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
63
Security
Network Authentication
If you have an LDAP server connected to your network, you can configure the printer to retrieve user
information from the LDAP directory when authenticating a user at the control panel.
To configure authentication settings for the Lightweight Directory Access Protocol (LDAP):
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAPAuthentication.
2.For Authentication Method, select Direct Authentication or Authentication of User Attributes.
Direct Authentication uses the user name and password entered by the user for authentication
with the LDAP server.
Authentication of User Attributes allows you to specify what information the user enters, and
what the printer uses to authenticate the user.
3.If you selected Authentication of User Attributes:
a.Type the Attribute of Typed User Name. Enter the LDAP attribute that corresponds to the
information you want the user to enter at the control panel. For example, if you want the
user to enter the mail address, type mail. The maximum length for the attribute is 32
characters.
b.Type the Attribute of Login User Name. Enter login information registered on the LDAP
server. The maximum length for the attribute is 32 characters.
4.To add text to the user input before authentication, for Use Added Text String, select Enabled.
Type the Text String Added to User Name. For example, you can add your network domain
name to the user name, and use this combined string for authentication.
10.For the Server Response Timeout, type the number in seconds that the device waits for a
response from the server. For the Search Timeout, type the number in seconds that the device
waits for a response to the search request.
11.To assign the UPN if needed, for Assign UPN (User Principal Name), select Enabled.
12.Click Apply.
13.Click Reboot Device. Follow the instructions to restart the printer.
1.In the Embedded Web Server, click Properties→Security→Remote AuthenticationServers→Xerox Secure Access Settings.
2.Type the Default Prompt text and Default Title text.
3.To allow users to type their credentials at the control panel, for Local Login, select Enabled.
66
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Security
4.To allow the printer to obtain the accounting code automatically for the user from a network
accounting server when the user logs in at the control panel, for Get Accounting Code, select
Enabled.
Ensure that network authentication and network accounting are configured. If Get AccountingCode is not enabled, the user has to enter an accounting code when they log in at the control
panel.
5.For Connection Timeout, type a connection timeout between 1–300 seconds.
6.Click Apply.
SSeettttiinngg UUpp AAuutthheennttiiccaattiioonn ffoorr aa UUSSBB SSmmaarrtt CCaarrdd
RReeaaddeerr SSyysstteemm
To use the printer with a card reader system other than Xerox®Secure Access, you must order and
install a card reader kit. The kit includes hardware, software, and instructions for connecting and
configuring your card reader system.
Before you begin:
•Install a Kerberos authentication server and configure with user accounts.
To enable the USB interface for a smart card reader:
1.In the Embedded Web Server, click Properties→Services→USB→General.
2.To enable USB for smart cards, for Smart Card, select Enabled. To use the public key
infrastructure for Smart Card certificates, select Enabled (PKI Only).
3.Click Apply.
Enabling Smart Cards
To enable smart cards:
1.In the Embedded Web Server, click Properties→Security→Smart Card Settings→General.
2.For Smart Card, click Enabled.
3.To enable login and logout tones for a non-contact card reader, for, Smart Card Log In / OutTone, select Enabled.
4.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
67
Security
Setting Smart Card Certificate Information
To set certificate information for smart cards:
1.In the Embedded Web Server, click Properties→Security→Smart Card Settings→CertificateSettings.
2.To verify certificates, for Certificate Verification, select Enabled.
3.Type the hexadecimal values for the object identifiers for the authentication, signing, and
encryption certificates.
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Security
Note: Configure certificate revocation retrieval settings as necessary.
•Ensure that the root CA and intermediate CA of the Smart Card certificate are stored on the
printer.
•Ensure that the date and time settings on the printer are correct to validate the certificate.
Setting the Smart Card Logout Timing
Use this feature to set whether the Smart Card needs to remain in the card reader while using the
printer or the user can tap the card on the reader to gain access to the system. If the card does not
remain in the card reader, the user has to log out at the control panel.
To set the Smart Card Logout Timing:
1.At the control panel, press the Machine Status button and touch the Tools tab.
The Common Access Card (CAC) system is part of a Department of Defense initiative to increase the
security of its facilities and critical information through the use of smart identification cards.
Eventually all department employees will use CAC cards to gain access to computers, networks, and
buildings. In many cases the department is requesting that same level of authentication at the
printer level, as well. When enabled on this printer, Department of Defense employees will need to use
their CAC card to access the machine to scan, fax, or copy documents, providing greater security and
management of the machines.
Xerox®CAC Enablement software supports a number of card readers and allows users to authenticate
at the machine. The card reader is connected to a USB port on the printer.
SSuuppppoorrtteedd CCaarrdd TTyyppeess
The CAC solution is compatible with most common CAC card types listed below.
•Axalto Pegasus 64K / V2
•Axalto Cyberflex 32K / V1
•Axalto Cyberflex 64K / V2
•Gemplus GemXpresso 64K / V2
•Oberthur 72K / V2
•Oberthur CosmopoIIC 32K / V1
•Oberthur D1 72K / V2 (contact-less and PIV)
•Gemalto GCX4 72K DI
•Oberthur ID One 128 v5.5 Dual
•Gemalto TOPDLGX4 144K
Note: Other card types may function with the Common Access Card (CAC)/Personal Identity
Verification (PIV) ID system but they have not been validated.
70
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
SSuuppppoorrtteedd CCaarrdd RReeaaddeerrss
The following card readers are compatible with the CAC ID system:
•Gemplus GemPC USB SL
•Gemplus GemPC Twin
•SCM Micro SCR3310
•Panasonic ZU 9PS
Other USB CCID-compliant readers may function with the CAC ID system but have not been
validated.
You can configure the printer to require users to authenticate themselves to access tools and features
at the control panel and in the Embedded Web Server. To lock or unlock tools and features:
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.Click Next.
3.In the Access Control area, for Device Access, click Configure.
4.For Services Pathway, to require authentication for all services at the control panel, select
Locked. To allow unauthenticated access, select Unlocked.
5.For Job Status Pathway, to require authentication for all services accessed from the Job Status
button, select Locked. To allow unauthenticated access, select Unlocked.
6.For Machine Status Pathway, to require authentication for all services accessed from the
Machine Status button, select Locked. To allow unauthenticated access, select Unlocked.
7.For Local UI Tools & CWIS Properties Tab, to require authentication for all services in the Tools
tab at the control panel, and for the Properties tab in the Embedded Web Server, select Locked.
To allow unauthenticated access, select Unlocked.
You can configure the printer to require users to authenticate themselves to access services at the
control panel. To lock, unlock, or hide services:
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.Click Next.
3.In the Access Control area, for Service Access, click Configure.
4.To require authentication for all services, click Lock All. To allow unauthenticated access to all
services, click Unlock All.
5.To set the access for each individual service, select the required access:
•Locked (Show Icon): Use this setting to require authentication for the service at the control
panel. The service icon is visible to all users.
•Locked (Hide Icon): Use this setting to require authentication for the service at the control
panel. The service icon is hidden until an authorized user logs in.
•Locked: Use this option to hide the service so that it is not available at the control panel.
•Unlocked: Use this option to allow access to the service without authentication.
6.Click Apply.
72
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Security
CCoonnttrroolllliinngg AAcccceessss ffoorr aa GGrroouupp ooff UUsseerrss
If your network is connected to an LDAP server, you can configure network authentication and control
individual user or group access to services and features.
LDAP server user groups can be used to control access to services and features of the printer. For
example, the LDAP server may contain a group of users called Admin. You can configure the Admin
group on the printer so that only members of this group have Administrator access to the printer.
When a user belonging to the group Admin logs onto the printer, the printer performs an LDAP
directory lookup to verify the user. Once authenticated, the user is allowed administrative rights to
the printer.
You can set up and control access to your printer:
•User Roles Access Setup
•Device Access Setup
•Service Access Setup
Before you begin:
•Configure Network Authentication.
•Configure LDAP server settings.
UUsseerr RRoolleess AAcccceessss SSeettuupp
To assign users to specific role/access groups:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAPAuthorization Access.
2.In the User Roles area, for System Administrator Access, click Edit. Type the name of the
group, defined in the LDAP server database, that you want to use to grant System Administrator
access to the printer. Click Apply.
3.For Accounting Administrator Access, click Edit. Type the name of the group, defined in the
LDAP server database, that you want to use to grant Accounting Administrator access to the
printer. Click Apply.
4.If needed, continue with other access settings:
•Device Access Setup
•Service Access Setup
5.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
73
Security
DDeevviiccee AAcccceessss SSeettuupp
Note: Device Access setup requires that Authentication is enabled and that access is
configured to require users to log in before they can access pathways.
To set up device access:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAPAuthorization Access.
2.In the Device Access area, for Services Pathway, click Edit. Type the name of a group, defined
at the LDAP server, that you want to use to provide access to the Services features on the printer.
Click Apply.
3.Repeat the same process for the Job Status Pathway and the Machine Status Pathway.
4.If needed, continue with other access settings:
•User Roles Access Setup
•Service Access Setup
5.Click Apply.
SSeerrvviiccee AAcccceessss SSeettuupp
Note: Service Access Setup requires that Authentication is enabled and that access is
configured to require users to log in before they can access services.
You can specify access to the services of the printer under Service Access. Type the names of the LDAP
groups for any of the services listed.
To set up service access:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAPAuthorization Access.
2.In the Service Access area, for a service, click Edit, Type the name of the LDAP group allowed to
access the service. Click Apply.
3.Repeat the process for each of the individual services in the Service Access area.
Before you begin, configure the printer for local authentication. Add user information, and feature
access information, to the User Information Database. For information, refer to Local Authentication.
To reset feature access for all local users:
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.Click Next.
3.In the Authentication Configuration area, for All User Accounts, click Edit.
4.For Reset All Feature Access, select Reset.
5.Click Apply.
74
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Security
Digital Certificates
A digital certificate must be installed on the printer before you can enable secure HTTP (SSL). A
digital certificate is a set of data used to verify the identity of the holder or sender of the certificate.
A certificate includes the following data:
•Information about the person, organization, or computer that the certificate is issued to, including
the name, location, email address, and other contact information.
•Serial number of the certificate
•Expiration date of the certificate
•Name of the certificate authority (CA) that issued the certificate
•A public key
•A certificate authority’s digital signature
IInnssttaalllliinngg aa DDiiggiittaall CCeerrttiiffiiccaattee
There are three ways to install a certificate on the printer:
•Create a Self-Signed Certificate. A Self-Signed Certificate is the result when the printer creates its
own certificate, signs it, and creates a public key for the certificate to be used in SSL encryption.
•Create a request to have a certificate authority (CA), or a server functioning as a certificate
authority sign a certificate and then upload the certificate to the printer. An example of a server
functioning as a CA is Windows Server running Certificate Services.
•Install a trusted root certificate created by a CA.
Note: Installing a self-signed certificate is less secure than installing a certificate signed by a
trusted CA. However, if you do not have a server functioning as a certificate authority this is
your only option.
CCrreeaattiinngg aa SSeellff--SSiiggnneedd CCeerrttiiffiiccaattee
1.Enable S/MIME capability for the self-signed certificate if necessary. For details, see Assigning a
Name and Location to the Printer.
2.In the Embedded Web Server, click Properties→Security→Device Digital CertificateManagement.
3.Click Create New Certificate.
4.Select Self Signed Certificate.
5.Click Continue.
6.Click a digital signature encryption algorithm.
7.Select the Public Key Size and type the name of the Issuer.
8.For Days of Validity, type the number of days (1-9999) until the certificate expires.
9.Click Apply.
®
Xerox
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
75
Security
CCrreeaattiinngg aa RReeqquueesstt
To create a request:
1.In the Embedded Web Server, click Properties→Security→Device Digital CertificateManagement.
2.Click Create New Certificate.
3.Select Certificate Signing Request (CSR).
4.Fill out the form with the Digital Signature Algorithm, Public Key Size or Elliptic Curve, 2-Letter
Country Code, State/Province Name, Locality Name, Organization Name, and Organization
Unit.
5.Click Apply.
Values from the form are used to generate a Certificate Signing Request.
6.When the process is complete, you are prompted to save the Certificate Signing Request. Rightclick the link, then save the csr.pem file to your computer.
7.Email the file to a trusted certificate authority for signing.
Note: If you want to use SSL/TLS for SMTP communication, for SMTP - SSL/TLS
Communication, select a method that your server supports.
UUppllooaaddiinngg aa CCeerrttiiffiiccaattee
When a signed certificate is received back from a trusted certificate authority (CA), you can upload
the certificate to the printer. You can also upload certificates, root certificates, and intermediate CA
certificates to establish a complete chain of trust.
To upload a certificate:
1.In the Embedded Web Server, click Properties→Security→Device Digital CertificateManagement.
2.Click Upload Signed Certificate.
3.If the certificate is password protected, type the password and retype it to verify.
4.Click Browse or Choose File, navigate to the signed certificate in .crt format, and click Open or
Choose.
5.Click Import.
Note: The signed certificate must match the CSR created by the printer.
MMaannaaggiinngg CCeerrttiiffiiccaatteess
To see information about the certificates installed on the printer, or specify the certificate to use for
S/MIME, SSL, and IPSEC:
1.In the Embedded Web Server, click Properties→Security→Certificate Management.
2.Select a Category, Certificate Purpose, and Certificate Order to filter the display.
3.Click Display the list.
4.Select a certificate from the list and click Certificate Details.
76
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Security
5.To set the certificate as the primary certificate, click Use this certificate. If Use this certificate is
not available, then the selected certificate has expired or is not valid. All certificates in the
certification path (chain of trust) must be installed on the printer and be valid.
6.Click Delete to remove the certificate or Export to save the certificate to your computer.
3.Type the port number that you want to use for HTTP SSL/TLS.
4.To use secure LDAP, for LDAP - SSL/TLS Communication, select Enabled.
5.To use secure email, for SMTP - SSL/TLS Communication, select STARTTLS (if available),
STARTTLS, or SSL/TLS.
6.To use secure POP3, for POP3 - SSL / TLS Communication, select Enabled.
7.To use S/MIME, for S/MIME Communication, select Enabled.
8.To verify a remote server certificate, for Verify Remote Server Certificate, select Enabled.
9.For Protocol Version, select the version of TLS that you want to use.
10.Click Apply.
Note: If you are unsure what method your server supports, select STARTTLS (if available). If
you select STARTTLS, the printer attempts to use STARTTLS. If your server does not support
STARTTLS, SMTP communication is not encrypted.
78
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Security
S/MIME
Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and
signing of email encapsulated in MIME.
Before you begin:
•Enable SSL/TLS.
•Install an S/MIME certificate and all certificates in the certification path (chain of trust) for the S/
MIME certificate. The S/MIME certificate must be in PKCS #12 format, and the email address in
the certificate must be the same as the printer's email address.
•Enable S/MIME Communication on the SSL/TLS Settings page.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
79
Security
IPsec
Internet Protocol Security (IPsec) is a group of protocols used to secure Internet Protocol (IP)
communications by authenticating and encrypting each IP data packet. It allows you to control IP
communication by creating protocol groups, policies, and actions for the following:
•DHCP v4/v6 (TCP and UDP)
•DNS (TCP and UDP)
•FTP (TCP)
•HTTP (Scan Out, TCP port 80)
•HTTPS (Scan Out, TCP port 443)
•HTTPS (Web Server, TCP port 443)
•ICMP v4/v6
•IPP (TCP port 631)
•LPR Print (TCP port 515)
•Port 9100 Print (TCP port 9100)
•SMTP (TCP/UDP port 25)
•SNMP (TCP/UDP port 161)
•SNMP Traps (TCP/UDP port 162)
•WS-Discovery (UDP port 3702)
•Up to 10 additional services
CCoonnffiigguurriinngg IIPPsseecc
Note: Secure HTTP (SSL) must be enabled with an installed digital certificate before you can
enable IPsec.
To configure Internet Protocol (IP) security communications:
1.In the Embedded Web Server, click Properties→Security→IPsec.
2.For Protocol, select Enabled.
3.For IKE Authentication Method, select Preshared Key, or Digital Signature.
4.If you select Preshared Key, type the Preshared Key and retype the key to verify.
5.Type the IKE SA Lifetime (5-28800 minutes).
6.Type the IPsec SA Life Time (300-172800 minutes).
7.Select the DH Group type.
8.Enable PFS if necessary.
9.Type the Specific Destination IPv4 Address.
10.Type the Specific Destination IPv6 Address.
80
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
11.To restrict the printer from communicating with devices that are not using IPsec, for
Communicate with Non-IPsec Device, select Disabled.
12.Click Apply.
Security
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
81
Security
802.1X
802.1X is an Institute for Electrical and Electronics Engineers (IEEE) standard that defines a method
for port-based network access control or authentication. In an 802.1X-secured network, the printer
must be authenticated by a central authority, typically a RADIUS server, before it can access the
physical network. You can enable and configure the printer to be used in an 802.1X-secured network.
Before you begin:
•Ensure your 802.1X authentication server and authentication switch are available on the network.
•Determine the authentication method supported by the server.
•Create a user name and password on your authentication server.
•Ensure that the printer can be offline for several minutes. Changing and applying 802.1X settings
causes the printer to restart.
CCoonnffiigguurriinngg 880022..11XX
To configure 802.1x network settings:
1.In the Embedded Web Server, click Properties→Security→IEEE 802.1X.
2.For Enable IEEE 802.1X, select Enabled.
3.For Authentication Method, select the method used on your network. You can select EAP-TTLS /
Note: EAP-TLS: This method is available if the printer is configured to use EAP-TLS.
4.Type the Login Name (Device Name) required by your authentication switch and server.
5.Type the Password, then retype to verify.
6.For Certificate Verification, select Enabled if desired.
7.Click Apply.
82
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Security
FIPS140-2 Data Encryption
All data stored on and transmitted by the printer is encrypted. Some services and protocols, such as
SMB, and the PDF Direct Print service do not use an encryption method that complies with
government standard FIPS140-2. You can warn users with a control panel message when data is
about to be transmitted that is not encrypted to FIPS140-2 standard. For more information, see the
printer's Security White Paper on the Xerox website.
To enable the data encryption warning message:
1.In the Embedded Web Server, click Properties→Security→FIPS140 Validation Mode.
2.For FIPS140 Validation Mode, select Enabled.
3.Click Apply.
Note:
FIPS 140-2 encryption does not apply to the following services and protocols: SMB, or the PDF
Direct Print Service.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
83
Security
Overwriting Image Data
To ensure that image data on the printer's hard drive cannot be accessed, you can delete and
overwrite image data. Image data is any and all in-process or temporary user data on the hard drive,
such as current jobs, queued jobs, and temporary scan files, but not saved jobs or folders. To use this
feature, you must purchase and install the Data Security Kit.
To schedule a regular time to delete image data from the hard drive on the printer:
1.At the control panel, press the Machine Status button, then touch the Tools tab.
2.Touch Authentication/Security Settings→Overwrite Hard Disk→Number of Overwrites.
3.Touch 1 Overwrite, or 3 Overwrites.
4.Touch Save.
5.Touch Scheduled Image Overwrite.
6.Touch Daily, Weekly, or Monthly and touch the arrow icons to specify when you want image
data to be deleted.
7.Touch Save.
Note: All image data will be deleted.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
85
Security
IP Filtering
You can prevent unauthorized network access by only allowing data to be transmitted to and from
specific IP addresses and ports.
CCrreeaattiinngg aann IIPP FFiilltteerr RRuullee
To create an IP filter rule:
1.In the Embedded Web Server, click Properties→Security→IP Filtering.
2.For IPv4 Filtering or IPv6 Filtering, select Enabled.
3.For the option that you enabled, click Add.
4.In the Define IP Filter Rule area, type the Source IP Address. The address is the IP address of
the computer or device that you want to allow access to the printer.
5.Type a number for the Source IP Mask for the filter rule.
For IPv4, the range of 0–32 corresponds to the 32-bit binary number that comprises IP addresses.
The number 8 represents a Class A address with a mask of 255.0.0.0. The number 16 represents a
Class B address with a mask of 255.255.0.0. The number 24 represents a Class C address with a
mask of 255.255.255.0.
For IPv6, the range of 0–128 corresponds to the 128-bit binary number that comprises IP
addresses. For example, a mask of /64 represents a 64-bit mask, which defines a single IPv6
subnet.
6.Click Apply, then follow the prompts to restart the printer.
7.Refresh your browser, then navigate back to the IP Filtering page. For the IP Filter Rule List,
select the rule that you created in the first part of the process.
8.Select your rule in the list, then click Apply.
9.To edit or delete an existing rule, click Edit or Delete.
86
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Security
Unbounded Ports
The unbounded port feature provides printer security, by allowing you to register the ports that are
permitted to communicate with the printer.
AAddddiinngg aann UUnnbboouunnddeedd PPoorrtt
To add a port that is allowed to communicate with the printer:
1.In the Embedded Web Server, click Properties→Security→Unbounded Port.
2.Click Add.
3.Type the port number.
4.For Port Destination, select Source or Destination.
5.For Protocol, select TCP or UDP.
6.Click Apply.
EEddiittiinngg aann UUnnbboouunnddeedd PPoorrtt
To edit an unbounded port:
1.In the Embedded Web Server, click Properties→Security→Unbounded Port.
2.Select an item in the Unbounded Port List, then click Edit.
3.Edit the port number, destination, and protocol, as needed.
4.Click Apply.
DDeelleettiinngg aann UUnnbboouunnddeedd PPoorrtt
To delete an unbounded port:
1.In the Embedded Web Server, click Properties→Security→Unbounded Port.
2.Select an item in the Unbounded Port List, then click Delete.
3.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
87
Security
Audit Log
When the Audit Log feature is enabled, the printer begins recording events that happen on the
printer. You can download the Audit Log as a tab-delimited text file and review it to find security
breaches and assess the printer's security.
EEnnaabblliinngg AAuuddiitt LLoogg
Note: Secure HTTP (SSL) must be enabled before you can enable the Audit Log. For details, see
Secure HTTP (SSL).
To enable the Audit Log:
1.In the Embedded Web Server, click Properties→Security→Audit Log.
2.For Audit Log, select Enabled.
3.Click Apply.
SSaavviinngg aann AAuuddiitt LLoogg
1.In the Embedded Web Server, click Properties→Security→Audit Log.
2.Under Export Audit Log, right-click the Export as text file link and save the compressed
auditfile.txt file to your computer.
3.Open the file in an application that can read a tab-delimited text file.
IInntteerrpprreettiinngg tthhee AAuuddiitt LLoogg
The Audit Log is formatted into columns:
•Log ID: A unique value that identifies the event.
•Date: The date that the event happened in mm/dd/yy format.
•Time: The time that the event happened in hh:mm:ss format.
•Audit Event ID: The type of event. The number corresponds to a unique description.
•Logged Events: An abbreviated description of the type of event.
•User Name: User Name, Job Name, Computer Name, Printer Name, Folder Name, or Accounting
Account ID (when Network Accounting is enabled).
•Description: More information about the Logged Event. When the Logged Event is System Status
for example, the information can include: Started normally (cold boot), Started normally (warm
boot), Shutdown requested, Image Overwriting started.
•Optionally Logged Items: Other information recorded when the event occurs, such as login and
authentication access method.
Note:
•For a Network Scanning scan job, an audit log entry is recorded for each network
destination within the job.
•For Email jobs, an audit log entry is recorded for each SMTP recipient within the job.
88
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
•To record user names in the Audit Log, configure network authentication.
Security
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
89
Security
PDF and XPS Signatures
You can add a digital signature to PDF or XPS documents that are created by the printer scan feature.
The signature uses the information in an S/MIME digital certificate.
Before you begin:
•Install an S/MIME digital certificate.
•Enable secure HTTP (SSL) and S/MIME communication.
To set digital signatures:
1.In the Embedded Web Server, click Properties→Security→PDF / XPS Signature Settings.
2.For PDF Signature, select when you want the signature added.
3.Select the required PDF Signature Hash Algorithm.
4.For XPS Signature, select when you want the signature added.
5.Select the type of signing certificate to which these changes apply.
6.Click Apply.
90
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Before you begin, configure Local Authentication. You can create an Authorization Group to restrict
users from using or editing the address book at the control panel.
To restrict access to the address book at the control panel:
1.In the Embedded Web Server, click Properties→Security→Create Authorization Groups.
2.Click Edit for one of the group numbers.
3.Type the Group Name.
4.For Restrict Recipient Selection Method, to allow access for the group, select No Restriction. To
require authentication for the group, select Always Apply Restriction.
5.For Restrict User to Edit Address Book, select No Restriction, or Always Apply Restriction.
6.For Allow User to Disable Active Settings, select Allow or Do Not Allow.
7.Click Apply.
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
91
Security
Restricting Access to Job Information
You can control how job information is displayed at the control panel when users press the Job
Status button.
To restrict the access of a service representative:
1.In the Embedded Web Server, click Properties→Security→Service Representative RestrictedOperation.
2.For Restricted Operation, select Enabled.
3.To set a password, type and retype the password.
4.Click Apply.
94
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Limiting Access to Folder Operations
You can limit access to folder operations on the printer. Limiting access forces users to enter a
password to perform a folder operation. The restriction does not apply to any folders already
registered.
1.In the Embedded Web Server, click Properties→Security→Limit Access to Folder.
2.For Limit Access, select Enabled.
3.Click Apply.
Security
Xerox
®
PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
95
Security
96
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
To specify the print mode that you want the printer to use for individual protocol types:
1.In the Embedded Web Server, click Properties→Services→Printing→Print Mode.
2.For each print mode listed, select Auto, PostScript 3, HP-GL/2, PCL 6/5e, or TIFF/JPEG from the
menu.
3.For each print mode, select PJL if necessary.
98
Xerox®PrimeLink®B9100/B9110/B9125/B9136 Copier/Printer
System Administrator Guide
Printing
Language Emulation Settings
The printer can be used with SAP®Enterprise Resource Planning (ERP) software applications. In the
®
SAP
environment, users and automated processes create documents to support business functions.
For example, to dispatch goods from a warehouse requires packing lists and goods labels. To support
users and processes, you can create up to 20 logical printers. Each logical printer has print settings for
the different documents produced.