, SuppliesAssistant®, Scan to PC Desktop®, and Xerox Extensible Interface Platform®, are trademarks
of Xerox Corporation in the United States and/or other countries. Product status, build status, and/or specifications are
subject to change without notice.
Microsoft
®
, Windows®, Windows XP®, Windows Vista®, and Word are registered trademarks of Microsoft Corporation
in the United States and/or other countries.
®
Apple
, Macintosh®, and Mac OS®are trademarks or registered trademarks of Apple Computer, Inc., registered in the
U.S. and other countries. Elements of Apple's Technical User Documentation used by permission from Apple
Computer, Inc.
®
GBC
and AdvancedPunch™are trademarks or registered trademarks of General Binding Corporation.
HP, PCL and HP-UX are registered trademarks of Hewlett-Packard Corporation in the United States and/or other
countries.
®
Linux
is a registered trademark of Linus Torvalds.
ScanFlowStore
®
is a registered trademark of Nuance Communications, Inc.
TWAIN is a trademark of TWAIN Working Group.
Universal Serial Bus is a trademark of USB Implementors Forum, Inc. (USB-IF)
®
UNIX
is a registered trademark of the Open Group.
®
Oracle
Solaris is a registered trademark of Oracle and/or its affiliates in the United States and other countries.
Setting Up the Inserter Module..... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ... 236
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
11
Table of Contents
12
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
About this Guide
This guide is designed for a System Administrator with network administrator rights who has
knowledge of networking concepts as well as experience creating and managing network user
accounts.
This guide will help you install, configure, and manage the device on a network.
Note:
•Network features are not available if you are connected over USB.
•Embedded fax features are not available for all device models.
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
13
14
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
When you configure the device for the first time, it is recommended that you follow these steps in this
order:
Note: Most configuration settings are on the Properties tab in the Embedded Web Server. If
your device is locked, log in as a system administrator.
1.Connect an Ethernet cable from your device to the network.
2.Confirm that your device is recognized on your network. By default, the device is configured to
receive an IP address from a DHCP server over a TCP/IP network.
3.To provide basic information, such as your location, time zone, and date and time preferences,
complete the Installation Wizard.
4.Print a Configuration Report that lists the current configuration for the device. Review the report
and locate the IP address for the device.
5.To access the Embedded Web Server, open a Web browser. In the address field, type the IP
address of your device. The Embedded Web Server is administration and configuration software
installed on the device.
6.Configure the Authentication settings.
7.Configure the Security settings.
8.Enable services in the Embedded Web Server.
9.Configure Print, Scan, and Fax features.
10.Configure the Accounting features.
16
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Introduction
More Information
Refer to the following sources for more information about your device and its capabilities.
InformationSource
Installation GuidePackaged with the device.
Other documentation for your deviceGo to www.xerox.com/office/PLC9065_PLC9070support, then select
Technical support information for your
device, including online technical
support, Online Support Assistant, and
print driver downloads.
Third-party and open-source software
disclosure notices and terms and
conditions
Online Support Assistant
Device Management Tools
your specific device model.
Recommended Media List
Information about menus or error
messages
Information Pages
Order supplies for your deviceGo to www.xerox.com/office/PLC9065_PLC9070supplies, then
Local sales and Technical Customer
Support
Local sales and customer support
Device registrationwww.xerox.com/office/register
United States: www.xerox.com/rmlna
Europe: www.xerox.com/rlmeu
View the Status area of the control panel touch screen.
To print from the control panel, touch Device→Information Pages
or Device→Support→Support Pages.
To print from the Embedded Web Server, click Home→InformationPages.
select your specific device model.
www.xerox.com/office/worldcontacts
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
17
Introduction
18
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
1.Connect the power cord to the device, then plug the power cord into an electrical outlet.
2.Connect one end of a Category 5 or better Ethernet cable to the Ethernet port in the back of the
device. Connect the other end of the cable to a correctly configured network port.
3.If you purchased and installed the Fax Hardware Kit, connect the device to a correctly configured
telephone line.
4.Power on the device.
20
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Initial Setup
Initial Setup at the Control Panel
TThhee IInnssttaallllaattiioonn WWiizzaarrdd
The first time that you power on the device, the Installation Wizard starts. The wizard prompts you
with a series of questions to help you configure the following basic settings for your device:
•Current date and time
•Local time zone
•Certification, system access level, SMTP, and LDAP
CCoonnffiigguurraattiioonn RReeppoorrtt
After you complete the Installation Wizard, you can obtain a Configuration Report. The Configuration
Report lists the current settings for the device.
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Device Information tab. For details, refer to Administrator Access at the Control Panel.
2.Touch Print Reports.
3.Touch Printer Reports.
4.Touch Configuration Report, then press the Start button.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
21
Initial Setup
Administrator Access at the Control Panel
To configure the device from the control panel, press the Machine Status button, then touch the
Tools tab. If the device is locked, log in as Administrator.
To log in as Administrator:
1.At the device control panel, press the Log In/Out button.
2.Type admin, then touch Next.
3.Type the administrator password, then touch Enter.
Note: The original password is the device serial number. When the administrator password
is set to the device serial number, administrator functions are not accessible. If the
administrator password is set to the device serial number, at the next administrator login
attempt, you are prompted to change the administrator password. After you change the
administrator password, you have full access to administrator privileges.
To log out, touch Admin, then touch Logout. On the new screen, touch Logout.
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
3.To lock the device, touch On. To unlock the device, touch Off. If you touched On, touch Keyboard,
then type the System Administrator Login ID. Touch Save. Touch Keyboard, type the Login ID
again, then touch Save.
To confirm the change, touch Yes.
4.Touch Save.
22
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Initial Setup
Manually Setting the Ethernet Interface Speed
The device Ethernet interface detects the speed of your network automatically. If your network is
connected to another auto-sensing device, such as a hub, it is possible that the hub does not detect
the correct speed. To ensure that the device has detected the correct speed of your network, refer to
the Configuration Report. To view the Configuration Report, refer to Printing the Configuration Report.
To set the device Ethernet interface speed manually:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel
2.Touch System Settings→Connectivity & Network Setup→Protocol Settings.
3.Touch Ethernet Settings, then touch Change Settings.
4.Touch Ethernet - Rated Speed, then touch Change Settings.
5.To match the speed set on your hub or switch, select the speed.
6.Touch Save, then touch Close.
AAssssiiggnniinngg aa NNeettwwoorrkk AAddddrreessss
By default, the device acquires a network address from a DHCP server automatically. To assign a static
IP address, configure DNS server settings, or configure other TCP/IP settings, refer to TCP/IP.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
23
Initial Setup
Viewing Services and Options
To view the services and options that are enabled or installed:
1.At the device control panel, press the Machine Status button, then touch the DeviceInformation tab.
2.Touch Device Configuration.
The Device Configuration screen appears.
3.To close the Device Configuration screen, touch Close.
24
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Initial Setup
Embedded Web Server
The Embedded Web Server allows you to configure and administer the device from a Web browser on
any computer.
•Ensure that TCP/IP and HTTP are enabled. A TCP/IP or HTTP connection is required to access the
Embedded Web Server. For details, refer to Enabling TCP/IP.
•To determine the device IP address, do one of the following:
–Obtain a Configuration Report. For details, refer to Printing the Configuration Report.
–At the control panel, press the Machine Status button.
To access the Embedded Web Server:
1.At your computer, open a Web browser.
2.Type the device IP address in the address field. Press Enter. The Status page of the Embedded
Web Server appears.
•You can access the device using a combination of the host name and the domain name as
the Internet address. A DNS (Domain Name System) is required. The DNS server requires that
the device host name is registered.
•To specify a port number, for the IP address, type : and the port number.
3.Click the Properties tab.
4.If prompted, type the user name and password for the administrator account, then click Sign in.
Note: The default administrator user name is admin and the original password is the
device serial number. When the administrator password is set to the device serial number,
administrator functions are not accessible. If the administrator password is set to the
device serial number, at the next administrator login attempt, you are prompted to change
the administrator password. After you change the administrator password, you have full
access to administrator privileges.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
25
Initial Setup
Enabling Services and Options
Some services and options are disabled by default. To enable these special services and options, use
the device control panel or the Embedded Web Server.
To enable services and options at the device control panel:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch System Settings→Common Service Settings→Maintenance.
To enable services and options in the Embedded Web Server:
1.In the Embedded Web Server, click Properties→Security→Feature Enablement.
2.For Unique Function Code, type the required information.
3.Click Apply.
4.Click Reboot.
26
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Initial Setup
Changing the System Administrator Password
For security purposes, after you configure the device, it is recommended that you change the default
system administrator password. Store the password in a secure location.
To change the Administrator password:
1.In the Embedded Web Server, click Properties→Security→System Administrator Settings.
2.If required, change the login credentials for Administrator’s Login ID.
3.For Administrator's Passcode, type the new password.
4.Retype the password.
5.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
27
Initial Setup
Using the Configuration Overview Page
In the Embedded Web Server, the Configuration Overview page provides shortcuts to commonly
accessed pages on the Properties tab. To access the Configuration Overview page, click
Properties→Configuration Overview.
AAssssiiggnniinngg aa NNaammee aanndd LLooccaattiioonn ttoo tthhee DDeevviiccee
On the Description page, you can assign a name and location to the device for future reference.
To assign a device name and location:
1.In the Embedded Web Server, click Properties→Description.
2.For Device Name, type a name for the device.
3.For Location, type the location of the device.
4.In the fields provided, type the Administrator contact information and the device email address,
as needed.
5.Click Apply.
28
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Transmission Control Protocol (TCP) and Internet Protocol (IP) are two protocols within the Internet
Protocol Suite. IP manages the transmission of messages from computer to computer, while TCP
manages the actual end-to-end connections.
EEnnaabblliinngg TTCCPP//IIPP
Note: TCP/IP is enabled by default. If you disable TCP/IP, to access the Embedded Web Server,
at the device control panel, enable TCP/IP.
To enable TCP/IP:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch System Settings→Connectivity & Network Setup→Protocol Settings.
3.Touch TCP/IP - Common Settings, then touch Change Settings.
4.Select the item you want to change, then touch Change Settings.
5.Touch IPv4 Mode or IPv6 Mode. To enable both IPv4 and IPv6, touch Dual Stack.
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch System Settings→Connectivity & Network Setup→Protocol Settings.
3.Select TCP-IP - Network Settings, then touch Change Settings.
4.Select IPv4 - IP Address Resolution, then touch Change Settings.
5.Touch Static, then touch Save.
6.Touch IPv4 - IP Address, then touch Change Settings.
7.Using the touch-screen keypad, type the static IP address, then touch Save.
8.Touch IPv4 - Subnet Mask, then touch Change Settings.
9.Using the touch-screen keypad, type the subnet mask, then touch Save.
10.Touch IPv4 - Gateway Address, then touch Change Settings.
11.Using the touch-screen keypad, type the gateway address, then touch Save.
12.Touch Close.
30
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch System Settings→Connectivity & Network Setup→Protocol Settings.
3.Touch TCP/IP - Network Settings, then touch Change Settings.
4.Touch IPv4 - IP Address Resolution, then touch Change Settings.
5.Touch DHCP, BOOTP, DHCP/AutoIP, or STATIC, then touch Save.
To configure IPv6 dynamic address settings at the control panel:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch System Settings→Connectivity & Network Setup→Protocol Settings.
3.Touch TCP/IP-Network Settings, then touch Change Settings.
4.Touch IPv6 Address Manual Configuration, then touch Change Settings.
5.Touch Disabled, then touch Save.
6.To view the acquired IPv6 address information, touch Automatically Configured IPv6 Address,
then touch Change Settings.
Domain Name System (DNS) and Dynamic Domain Name System (DDNS) are systems that map host
names to IP addresses.
To configure DNS settings at the control panel:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch System Settings→Connectivity & Network Setup→Protocol Settings.
3.Touch TCP/IP - Network Settings, then touch Change Settings.
4.Touch IPv4 DNS Server Setup, or IPv6 DNS Server Setup, then touch Change Settings.
5.Do one of the following:
•To allow your DHCP server to provide the DNS server address, touch Get IP Address from
DHCP, then touch Change Settings. Touch Enabled, then touch Save.
•To provide the DNS server address manually, touch Preferred DNS Server IP Address, then
touch Change Settings. Type the DNS server address, then touch Save.
You can use IPv4 in addition to, or in place of, IPv6.
Note: If both IPv4 and IPv6 are disabled, you cannot access the Embedded Web Server. Before
you can access the Embedded Web Server, at the device control panel, re-enable TCP/IP.
Disabling TCP/IP or changing the IP address disables any dependent protocols.
To configure settings for IPv4:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→TCP/IP.
Note: IPv4 is enabled by default.
2.Type a unique host name for your device.
3.From the IP Address Resolution menu, select the method for obtaining a dynamic IP address, or
to define a static IP address, select Static.
4.If you selected Static, type the appropriate information in the following fields: IP Address, Subnet
Mask, and Gateway Address.
Note: If you select BOOTP or DHCP, you cannot change the IP Address, Subnet Mask, or
Gateway Address.
5.In the Domain Name field, type a valid domain name.
6.Click Apply.
32
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
DDNNSS CCoonnffiigguurraattiioonn ffoorr IIPPvv44
To configure settings for IPv4:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→TCP/IP.
2.To allow your DHCP server to provide the DNS server address, in the DNS Configuration area, for
Obtain DNS Server Address Automatically, select Enabled. To provide the DNS server address
manually, clear the check box. For Preferred DNS Server, Alternate DNS Server 1, and Alternate
DNS Server 2, type the appropriate IP addresses.
Note: If DHCP or BOOTP is the IP Address Resolution setting, you cannot change the
Domain Name, Primary DNS Server, Alternate DNS Server 1, and Alternate DNS Server 2
settings.
3.To register the device host name in the DNS server, for Dynamic DNS Registration (DDNS), select
Enabled. To replace existing entries in the DNS server, select Overwrite.
Note: If your DNS Server does not support dynamic updates, you do not need to enable
DDNS.
4.To instruct the device to generate a list of search domains, for Generate Domain Search List
Automatically, select Enabled. If this option is disabled, type the domain names.
5.For Connection Timeout, type the number of seconds allowed until the device stops attempting
to connect to the server.
6.To instruct the device to release its IP address when the device restarts, for Release Current IP
Address When the Host is Powered Off, select Enabled.
IPv6 hosts can configure themselves automatically when connected to a routed IPv6 network using
the Internet Control Message Protocol Version 6 (ICMPv6). ICMPv6 performs error reporting for IP,
along with other diagnostic functions. When first connected to a network, a host sends a link-local
multicast router solicitation request for configuration parameters. If suitably configured, routers
respond to the request with a router advertisement packet containing network-layer configuration
parameters.
Note:
•IPv6 is optional. You can use IPv6 in addition to, or in place of, IPv4. If both protocols are
disabled, you cannot access the Embedded Web Server. The host name is the same for IPv4
and IPv6. If you change the host name for IPv6, the host name also changes for IPv4.
•If both IPv4 and IPv6 are disabled, you cannot access the Embedded Web Server. Before
you can access the Embedded Web Server, at the device control panel, re-enable TCP/IP. If
you disable TCP/IP or change the IP address, any dependent protocols are disabled.
To configure settings for IPv6:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→TCP/IP.
2.For IP Mode, select IPv6, or to use both IPv4 and IPv6, select Dual Stack. By default, IPv6 is
disabled.
3.Type a unique Host Name for the device.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
33
Network Connectivity
4.To assign an address manually, for Enable Manual Address, select Enabled. Type the IP Address
and Gateway Address.
5.To allow your DHCP server to assign an IP address to the device, for Get IP Address from DHCP,
select Enabled.
6.Type the required Domain Name.
7.Click Apply.
Note: If you enable or disable IPv6, when you click Apply, the device restarts.
DDNNSS CCoonnffiigguurraattiioonn ffoorr IIPPvv66
To configure settings for IPv6:
1.In the Embedded WebServer, click Properties→Connectivity→Protocols→TCP/IP.
2.Select a method for obtaining the DNS server address:
•To allow the DHCP server to provide the DNS server address automatically, for DHCPv6–Lite,
select Enabled.
•To specify the DNS server addresses manually, for DHCPv6–Lite, clear the check box for
Enabled. Type the IP addresses of the Preferred DNS Server, the Alternate DNS Server 1, and
the Alternate DNS Server 2.
3.To register the device host name in the DNS server, for Dynamic DNS Registration, select
Enabled. To replace the existing DNS entry, for Dynamic DNS Registration, select Overwrite.
4.To generate the domain search list automatically, for Generate Domain Search List
Automatically, select Enabled.
5.For Domain Name 1, Domain Name 2, and Domain Name 3, type the domain names.
6.For Connection Timeout, type the number of seconds allowed until the device stops attempting
to connect to the server.
7.To use IPv6 before using IPv4 to resolve DNS, for DNS Resolution via IPv6 First, select Enabled.
8.To instruct the device to release the IP address when the device restarts, for Release Current IP
Address When the Host is Powered Off, select Enabled.
To support zero-configuration networking, the printer assigns a self-signed address automatically. The
self-signed address is for IPv4, IPv6, or both, for a dual-stack configuration. If the printer cannot
connect to a DHCP server to obtain an IP address, the printer assigns itself a Link-Local address.
34
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
SNMP
Simple Network Management Protocol (SNMP) is used in network management systems to monitor
network-attached devices for conditions that require administrative attention. SNMP consists of a set
of standards for network management, including an application layer, a database schema, and a set
of data objects. Agents, or software modules, reside in the SNMPv3 engine of the device. A manager
is an SNMPv3 management application such as OpenView, that is used to monitor and configure
devices on the network. The agent responds to read (GET) requests and write (SET) requests from the
manager. The agent can generate alert messages, or traps, based on certain events.
You can configure SNMP settings in the Embedded Web Server. You can enable or disable
Authentication Failure Generic Traps on the device. To create an encrypted channel for secure device
management, you can enable SNMPv3.
EEnnaabblliinngg SSNNMMPP
To enable SNMP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For SNMP, select Enabled.
3.To enable the UDP transport protocol if necessary, for UDP, select Enabled.
4.Click Apply.
CCoonnffiigguurriinngg SSNNMMPP
To configure SNMP settings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→SNMP Configuration.
2.For SNMP Properties, select Enable SNMP v1/v2c Protocols, or Enable SNMP v3 Protocol.
To use SNMPv3, enable and configure HTTPS.
3.To allow remote management servers to change SNMP settings on the device, select Allow Write.
4.To instruct the device to generate a trap for every SNMP request received by the device that
contains an invalid community name, for Authentication Failure Generic Traps, select Enabled.
5.Click Apply.
Note: If you do not click Apply, the protocol remains disabled.
•For security purposes, Xerox recommends that you change the SNMP v1/v2c public and
private community names from the default values.
•Ensure that the GET or SET community names in each application that uses SNMP to
communicate with this device match the corresponding names on the device.
To edit SNMP v1/v2c properties:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→SNMP Configuration.
3.For Community Name (Read Only), type a name up to 256 characters, or use the default value of
public.
GET returns the password for the SNMP GET requests to the device. Applications that use SNMP
to obtain information from the device, such as the Embedded Web Server, use this password.
4.For Community Name (Read / Write), type a name up to 256 characters, or use the default value
of private.
SET returns the password for the SNMP SET requests to the device. Applications that use SNMP
to set information on the device use this password.
5.For Trap Community Name, type a name up to 256 characters for the default, or use the default
value of SNMP_TRAP.
Note: The Default Trap Community Name is used to specify the default community name
for all traps generated by this device. The Trap Community Name specified for each
individual trap destination address can override the Default Trap Community Name. The
Trap Community Name for one address can differ from the Trap Community Name
specified for another address.
6.For the System Administrator's Login ID field, type the administrator login credentials.
7.Click Apply.
EEddiittiinngg SSNNMMPP vv33 SSeettttiinnggss
Note: Before you can enable SNMPv3, ensure that a digital certificate is installed on the device
and that HTTPS is enabled. For details, refer to Installing a Digital Certificate and Enabling
HTTP.
To edit SNMP v3 properties:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→SNMP Configuration.
3.To create the administrator account, for Administrator Account, click Account Enabled.
4.Type an Authentication Password, then confirm it. The Authentication Password must be at least
eight characters in length and can include any characters, except control characters. The
Authentication Password is used to generate a key for authentication.
36
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
5.Type a Privacy Password, then to confirm, type the Privacy Password again. The Privacy Password
is used for encryption of SNMPv3 data. The password used for data encryption must match the
password for the server.
4.Type the IP address of the host running the SNMP manager application that is to receive traps.
Note: Port 162 is the port for UDP and is the default port for traps. Select v1 or v2c based
on which protocol the trap-receiving system supports.
5.For Traps, select the type of traps that the SNMP manager receives.
6.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
37
Network Connectivity
LPD
The Line Printer Daemon (LPD) protocol is used to provide print spooling and network print-server
functionality for operating systems such as HP-UX, Linux
Note: For information on setting up print queues on your client system, refer to the
documentation for your client system.
®
, and MAC OS X.
EEnnaabblliinngg LLPPDD
To enable the LPD protocol:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For LPD, select Enabled.
Note: Disabling LPD affects clients printing to the device over TCP/IP using the LPR
printing port.
3.Click Apply.
CCoonnffiigguurriinngg LLPPDD
To configure the Line Printer Daemon protocol:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LPD.
2.Type an LPD port number or use the default port number, 515.
3.For Connection Timeout, type the timeout information.
4.For Maximum Number of Sessions, type a number.
5.If required, for TCP-MSS Mode, select Enabled.
6.If TCP-MSS mode is enabled, for IPv4, type the IP addresses for Subnet 1, Subnet 2, and Subnet 3.
Note: TCP-MSS settings are common for LPD and Port 9100.
7.Click Apply.
38
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
Raw TCP/IP Printing
Raw TCP/IP is a printing method used to open a TCP socket-level connection over Port 9100. This
connection is used to stream a print-ready file to the device input buffer. The connection closes after
sensing an End-Of-Job character in the PDL or after the expiration of a preset timeout value. Port
9100 does not require an LPR request from the computer or the use of an LPD running on the device.
In Windows, the Standard TCP/IP port is port 9100.
EEnnaabblliinngg PPoorrtt 99110000
Note: Before you enable Port 9100, enable TCP/IP.
To enable port 9100:
1.In the Embedded Web Server, click Connectivity→Port Settings.
2.For Port 9100, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg PPoorrtt 99110000
To configure port 9100:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Port 9100.
2.If necessary, for TCP-MSS Mode, select Enabled.
Note: TCP-MSS settings are common for LPD and Port 9100.
3.If TCP-MSS mode is enabled, for IPv4, type the IP addresses for Subnet 1, Subnet 2, and Subnet 3.
4.Ensure that the TCP Port Number is set to 9100.
5.To set the number of seconds before the device processes a job with an End-of-Job character, set
the End of Job Timeout to the needed number of seconds between 0–65535. The default time is
300 seconds.
6.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
39
Network Connectivity
SMTP
The device email feature uses Simple Mail Transfer Protocol (SMTP) to deliver scanned images and
Internet Fax jobs through email. After you enable SMTP, the email button is enabled on the device
control panel.
•To improve transmission speed, you can set messages for fragmentation 2–500 times. To enable
message fragmentation, for Split Send, select Enabled.
•To set the number of fragments per message, for Maximum Split Count, type a value 2–500.
•To select how the email jobs are split, for Split Send Method, select one of the following:
–Split into Pages: If you select this option, the mail client does not reassemble the job on
receipt.
–Split by Data Size: If you select this option, the mail client is required to reassemble the job
on receipt.
•To define a maximum message size for messages with attachments, for Maximum Data Size per
Email type a value 512–20480 Kbytes. The default size is 10240 Kbytes.
•To set a maximum job size, for Maximum Total Data Size, type a value 512–2000000 Kbytes.
•To have the device authenticate itself using the Login Name and Password set up on this page, for
Login Credentials for the Device to access the SMTP Server to send automated Emails, select an
option:
40
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
–None: If you select this option, the device does not provide authentication credentials to the
SMTP server.
–SMTP AUTH: If you select this option, type the Login Name and Password, then retype the
password.
•If authentication is enabled and the device is configured to require users to log in before they can
access email, to use the credentials of the user to access the SMTP server, for Login Credentials for
Email Send, select Remotely Authenticated User. To allow the field to default to the same setting
that you selected for sending automated email messages, select System.
•For When Remotely Authenticated User Fails to Log In, select an option:
–Cancel Email Send: This option cancels the email transfer.
–Relogin using System Data: This option allows the device to log in the user using stored
credentials. If login is successful, the device sends the email.
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→SMTPServer→Connection Test.
2.In the Connection Test Email area, type your email address.
3.Click Send Email.
You can view the test result in the Email Delivery Status area. You can find the email that was sent
from the device in the email for the Connection Test Email address that you provided.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
41
Network Connectivity
LDAP
Lightweight Directory Access Protocol (LDAP) is a protocol used to process queries and updates to an
information directory, also known as an LDAP directory, stored on an external server. LDAP directories
are optimized heavily for read performance. Use this page to define how the device retrieves user
information from an LDAP directory.
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAP Server.
2.For Server Information, type the appropriately formatted main and backup LDAP server
addresses, host names, and port numbers. The default port number is 389.
3.For LDAP Server, select the type of LDAP server.
4.In the Optional Information area, specify settings, as needed:
a.For Search Directory Root, type the search directory root path using Base DN format.
b.For Login Credentials to Search Entries, select Remotely Authenticated User, or System.
c.If necessary, type the login name, then type and retype the password.
d.For Maximum Number of Search Results, type the maximum number of addresses that can
be returned matching the search criteria. Type a number between 5-100.
e.For Search Timeout, select Use LDAP Server Timeout or Wait. If you select Wait, type a
duration between 5-120 seconds.
f.If your primary LDAP server is connected to other LDAP servers, to include the servers in your
searches, for LDAP Referrals, select Enabled.
g.For LDAP Referral Hop Limit, type the maximum number of consecutive LDAP referrals.
Specify a limit between 1-5.
5.In the Perform Query on area, select an option if necessary:
•Mapped Name Field: This option specifies how the fields are mapped.
•Surname and Given Name Fields: This option searches for the last name and first name of
the user.
6.Click Apply.
42
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
DDeeffiinniinngg UUsseerr MMaappppiinnggss
LDAP servers provide different results to search queries depending on how user data is mapped.
Editing the mapping allows you to fine-tune server search results.
Note: If you are using Internet Fax, ensure that the Internet Fax field is not set to No attribute
type that can be used. This setting prevents the LDAP Address Book from appearing on the
Internet Fax screen on the device control panel. For the Internet Fax setting, select Mail.
To define LDAP user mappings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAP UserMappings.
The information that you entered on the LDAP Server tab is summarized in the Server
Information area.
2.To send a test query, in the User Name field, type the name of the user for whom you want to
search, then click Search. Any matching user information appears.
3.If necessary, to remap fields, for Imported Heading, use the menus.
Note: Headings are defined by your LDAP server schema.
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→CustomFilters.
2.In the User ID Query Filter field, type the LDAP search string or filter that you want to apply.
Note:
•The filter defines a series of conditions that the LDAP search must fulfill to return the
information you want.
•The search string should be formatted as LDAP objects inside of parentheses. For
example, to find the user with a sAMAccountName of Bob, type (objectClass=user) (sAMAccountName=Bob).
3.For Email Address Book Filter, select Enable Filter.
4.In the Email Address Book Filter field, type the LDAP search string or filter that you want to apply.
Note: Format the search string as LDAP objects placed inside parentheses. For example, to
find all users that have an email attribute (mail enabled), type (objectClass=
user) (mail=*).
5.For Fax Address Book Filter, select Enable Filter. Then type the LDAP search string or filter that
you want to apply.
6.For Internet Fax Address Book Filter, select Enable Filter. Then type the LDAP search string or
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→ConnectionTest.
2.Type a name for the test.
3.Click Search.
The test results appear in Search Result area.
44
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
POP3
Post Office Protocol, version 3 (POP3) allows email clients to retrieve email from remote servers over
TCP/IP on network port 110. This device uses POP3 for the Internet Fax service.
To configure POP3:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→POP3 Setup.
2.Type the appropriately formatted IP address, host name, and port number. The default port
number is 110.
3.If required, for POP Receive Password Encryption, select APOP Authentication.
4.For Login Name, type the name assigned to the device for logging in to the POP3 server.
7.For Polling Interval, type a value from 1–120 minutes. The default value is 10 minutes.
8.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
45
Network Connectivity
HTTP
Hypertext Transfer Protocol (HTTP) is a request-response standard protocol between clients and
servers. Clients making HTTP requests are referred to as User Agents (UAs). Servers responding to the
HTTP requests for resources, such as HTML pages, are referred to as origin servers. There can be any
number of intermediaries, such as tunnels, proxies, or gateways between UAs and origin servers.
EEnnaabblliinngg HHTTTTPP
HTTP is enabled by default. If you disable HTTP, before you can access the Embedded Web Server, reenable HTTP at the device.
To enable HTTP:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch System Settings→Connectivity & Network Setup→Port Settings.
3.Touch Internet Services (HTTP), then touch Change Settings.
4.Touch Port Status, then touch Change Settings.
5.Touch Enabled, then touch Save.
6.Touch Close.
CCoonnffiigguurriinngg HHTTTTPP SSeettttiinnggss
To configure HTTP settings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→HTTP.
2.For Maximum Number of Sessions, change the number as needed. The default is 5.
3.To use cross-site request forgery protection, for CSRF Protection, select Enabled.
4.Type the port number. The default is 80.
5.You can encrypt HTTP communication between the device and client computers using the
Embedded Web Server, including data sent using IPSec, SNMP, and Audit Log. To encrypt HTTP
communication, for Secure HTTP (SSL), select Enabled. Ensure that a digital certificate is installed
on the device.
6.For Secure HTTP Port Number, type the port number. When Secure HTTP is enabled, HTTP traffic
is routed to this port. The default is 443.
7.For Connection Timeout, type the number of seconds until the connection times out.
8.Click Apply.
46
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
Proxy Server
A proxy server acts as a go-between for clients seeking services and servers that provide the services.
The proxy server filters client requests. If the client requests conform to the filtering rules, the proxy
server grants the request and allows the connection.
A proxy server has two main purposes:
•The proxy server keeps any devices behind it anonymous for security purposes.
•The proxy server decreases the amount of time needed to access a resource by caching content,
such as web pages from a web server.
Note: Proxy server settings are used for Xerox®Remote Print Services, formerly called SMart
eSolutions.
To configure proxy server settings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Proxy Server.
2.In the General area, for Use Proxy Server, select Enabled.
3.For Proxy Server Setup, select an option:
•Same Proxy for All Protocols: Select this option to apply the same proxy settings for HTTP
and HTTPS.
•Different Proxy for Each Protocol: Select this option to apply one proxy setting for HTTP and
a different proxy setting for HTTPS.
•Use Automatic Proxy Configuration Script: Select this option to use a specific script that you
define.
•Automatically Detect Settings: Select this option to detect proxy settings automatically.
4.For Addresses to Bypass Proxy Server, type any Web addresses or domains that you want to
bypass the proxy server. For example, type the address of your company intranet site.
5.In the HTTP Server area, type the Server Name and Port Number. The factory default port
number is 8080.
Note: Ensure that the port number that you set for the device matches the port number
that the server is configured to use for this proxy.
6.If your proxy server is configured to require authentication, for Authentication, select Enabled,
then type a Login Name and Password. Retype the password.
7.To use a different proxy server for HTTPS, type the server information in the HTTPS Server area.
The default port number is 8080.
8.To use an automatic proxy configuration script, type the URL for the script in the Use Automatic
Proxy Configuration Script area.
9.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
47
Network Connectivity
Microsoft Networking
CCoonnffiigguurriinngg WWIINNSS
When running Windows Internet Naming Service (WINS), the device registers the IP address and
NetBIOS host name with a WINS server. WINS allows users to communicate with the device using the
host name only.
To configure primary and secondary WINS servers:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→MicrosoftNetworking. The SMB client page opens.
2.To allow your DHCP server to provide your WINS server address to the device, for Obtain WINS
Server Address Automatically, select DHCP.
3.If you want to provide the WINS server address manually, for the Primary Server IP Address field,
type the address.
4.If needed, for the Secondary Server IP Address field, type the secondary WINS server address.
5.Click Apply.
48
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
IPP
Internet Printing Protocol (IPP) is used for remote printing and managing print jobs.
EEnnaabblliinngg IIPPPP
To enable IPP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For IPP, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg IIPPPP
To configure IPP printing:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→IPP.
2.For Add Port Number (IPP), type the port number for IPP.
3.For Add Port Number (IPPS), type the port number for Secure IPP.
4.To enable the TBCP Filter, select Enabled.
5.To allow only one specific user to control or delete any print job, for Administrator Mode, select
Enabled.
6.Type the Connection Timeout period. The default is 60 seconds.
7.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
49
Network Connectivity
Universal Plug and Play Discovery
The Universal Plug and Play Protocol (UPnP) network protocol allows devices in a TCP/IP network to
discover each other. Devices can establish connections for data sharing and communications. You can
configure the device to use the Simple Service Discovery Protocol in the UPnP network. For details,
refer to SSDP.
EEnnaabblliinngg UUPPnnPP
To enable UPnP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For UDP, UPnP Discovery, and SOAP, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg UUPPnnPP
To configure UPnP:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→UPnP Discovery.
2.Type a port number. Port 1900 is the standard port for UPnP.
3.Click Apply.
50
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
SSDP
The Simple Service Discovery Protocol (SSDP) can be used in Universal Plug and Play networks. When
SSDP is enabled on the printer, the printer advertises itself to other Universal Plug and Play (UPnP)
clients in the network. For example, the printer advertises itself to personal computers.
To configure SSDP:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→SSDP.
2.For SSDP Port Status, click Enabled.
3.For Valid Advertising Period, type an interval value from 60–4320 minutes.
Note: The device advertises itself to other devices in the network using the advertising
period. The default is every 180 minutes.
4.For Maximum TTL, type a value from 1–10.
Note: Maximum TTL allows the device to reach Universal Plug and Play (UPnP) devices in
other subnetworks. The time-to-live (TTL) value specifies the number of routers through
which an SSDP message can pass.
5.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
51
Network Connectivity
WebDAV
Web-based Distributed Authoring and Versioning (WebDAV) is a set of extensions to HTTP that allow
users to edit and manage files collaboratively on remote Web servers. WebDAV enablement is
required to use Network Scan Utility 3.
EEnnaabblliinngg WWeebbDDAAVV
To enable WebDAV:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For WebDAV, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg WWeebbDDAAVV
To configure WebDAV settings:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→WebDAV.
2.Type the Port Number.
3.Type the Connection Timeout period. The default is 30 seconds.
4.Click Apply.
52
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
WSD
Web Services for Devices (WSD) is technology from Microsoft that provides a standard method for
discovering and using network-connected devices. WSD is supported in all of the current Windows
and Windows Server operating systems. WSD is one of several supported communication protocols.
EEnnaabblliinngg WWSSDD
To enable the WSD protocol:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.To enable the WSD print service, for WSD Print, select Enabled.
3.To enable the WSD scan service, for WSD Scan, select Enabled.
4.Click Apply.
CCoonnffiigguurriinngg WWSSDD
To configure the WSD protocol:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→WSD.
2.Edit the following settings as needed:
•Port Number. The default is 80.
•TBCP Filter. To use the filter, select Enabled.
•Data Receive Timeout in seconds. The default is 30.
•Notification Delivery Timeout in seconds. The default is 8.
•Maximum TTL. The default maximum time to live is 1.
•Maximum Number of Subscribers. The default is 50.
3.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
53
Network Connectivity
FTP
File Transport Protocol (FTP) is a standard network protocol that allows you to pass and manipulate
files over a TCP/IP network. Several services running on your device, including Network Scanning and
Fax, can use FTP as a filing service.
EEnnaabblliinngg FFTTPP
To enable FTP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→FTP.
2.For Transfer Mode, select Passive Mode, or Active Mode.
3.Click Apply.
54
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
Google Cloud Print
The Google Cloud Print service allows users to access the cloud print queue from any Internetconnected device in any geographic location. To allow access to the service, provide users with
registration details. Users register for the service with the information that you provide.
To allow users to use Google Cloud Print, supply users with the registration details. To print the
registration details:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Google Cloud Print.
2.Click Register This Device to Google Cloud Print. The device prints the registration details and
instructions.
3.Tell users to complete the registration using the printed information.
The user follows the printed instructions, which registers the device to the Google Cloud Print Service.
Information about the registration appears in the Status area of the Google Cloud Print page.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
55
Network Connectivity
Bonjour Multicast DNS
Bonjour is a zero-configuration networking protocol developed by Apple to allow devices on a LAN to
locate each other. When you enable Multicast DNS (Bonjour) on the printer, the device responds to
mDNS calls. Any computer that runs the Apple Macintosh operating system Bonjour technology can
discover the device on a network. Bonjour and IPP are required for Mopria
and the Mac OS Print Center and Print Setup Utility. To use Bonjour, enable LPD and Raw TCP/IP
printing on port 9100. For details, refer to IPP and Raw TCP/IP Printing.
EEnnaabblliinngg BBoonnjjoouurr
To enable Bonjour:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For Bonjour, select Enabled.
3.Click Apply.
CCoonnffiigguurriinngg BBoonnjjoouurr
™
Mobile Printing, AirPrint®,
To configure Bonjour:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Bonjour.
2.For Host Name and Printer Name, type the appropriate names.
3.To use wide-area Bonjour, for Wide-Area Bonjour, select Enabled. Wide-area Bonjour allows
devices to discover each other even if they are in different subnets on the network.
4.Click Apply.
56
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
AirPrint
AirPrint is a software feature that allows you to print from wired or wireless Apple iOS-based mobile
devices and Mac OS-based devices without the need to install a print driver. AirPrint-enabled printers
allow you to print or fax directly from a Mac, an iPhone, iPad, or iPod touch.
To use AirPrint, enable and configure IPP and Bonjour Multicast DNS.
Note:
•Not all iOS applications support printing using AirPrint.
•Wireless devices must join the same wireless network as the printer. You can connect the
printer by its wired network interface.
•To allow devices to print from different subnets, configure your network to pass multicast
DNS traffic.
•AirPrint-enabled printers work with all models of iPad, iPhone 3GS or later, and iPod touch
third generation or later, running the latest version of iOS.
•The Mac OS device requires Mac OS 10.7 or later.
CCoonnffiigguurriinngg AAiirrPPrriinntt
To configure AirPrint:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→AirPrint.
2.In the General area, for AirPrint, select Enabled.
3.To use AirPrint on a USB connection, for USB Connection, select Enabled.
4.To specify device information, in the Bonjour area, type the device name and location. Optionally,
type the geographical coordinates.
5.To use IPP authentication:
a.In the IPP Authentication area, for Basic Authentication, select Enabled.
b.Type a user name.
c.In the Password and Retype Password fields, type a password, then retype the password.
6.To use a digital certificate:
a.In the Device Digital Certificate area, for Device Digital Certificate Management, click
Settings.
b.Create a certificate or upload a signed certificate. For details, refer to Digital Certificates.
7.To configure AirPrint, for software updates:
a.In the Device Software area, for Manual Upgrade, click Update.
b.To check for software updates, in the Software Update area, click Check Now.
c.To specify when the printer checks for updates, in the Check for Update area, select Never,
Daily, Weekly, or Monthly.
d.To receive email notifications for the software upgrades, in the Email Notifications area, click
Setup. In the Software Update page, type up to three email addresses, then click Apply.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
57
Network Connectivity
8.To check life and status for toner, waste, and drum cartridges, in the Consumables area, click
Check Status. To return to the AirPrint page, click Back.
9.To specify what happens when a data error occurs, for Print Job Handling when Data Error Occurs,
select Cancel Print Job or Force Print Job.
10.Click Apply.
58
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Network Connectivity
Mopria
Mopria™is a software feature that enables users to print from mobile devices without requiring a print
driver. To enable printing, users install the Mopria app or plug-in available from the appropriate app
store. When you enable and configure Mopria on the printer, the required protocols IPP and Bonjour
are enabled.
CCoonnffiigguurriinngg MMoopprriiaa
To configure Mopria:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→Mopria.
2.Select Enabled.
3.Click Apply.
Note: Before you disable Mopria, disable IPP and Bonjour. If AirPrint is configured on the
printer, disabling IPP and Bonjour also disables AirPrint. To continue to use AirPrint, enable
AirPrint again. For details, refer to Configuring AirPrint.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
59
Network Connectivity
SOAP
Simple Object Access Protocol (SOAP) is an open-standard, platform-independent, XML-based
messaging protocol that allows computers and networks that use different operating systems to
exchange information. SOAP is used by other network protocols, including Universal Plug and Play
Discovery.
To enable SOAP:
1.In the Embedded Web Server, click Properties→Connectivity→Port Settings.
2.For SOAP, select Enabled.
3.Click Apply.
60
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
You can control access to the device services and features by setting up authentication, authorization,
and personalization.
AAuutthheennttiiccaattiioonn
Authentication is the process of confirming the identity of a user by comparing information provided
by the user, such as user name and password, against another source of user information, such as a
Lightweight Directory Access Protocol (LDAP) network directory. Users can be authenticated when
accessing the control panel or when accessing the Embedded Web Server.
There are several ways to authenticate a user:
•Local: If you have a limited number of users, or do not have access to a Lightweight Directory
Access Protocol (LDAP) network directory, you can add user information, such as user names and
passwords, to the device internal database. You can then specify tools and feature access for all
users. Users are authenticated and authorized when they log in at the control panel.
•Network: The device retrieves user information from an LDAP network directory to authenticate
and authorize users when they log in at the control panel. Configure LDAP server settings before
you configure authentication settings. The device can use any of the following protocols to
communicate with your authentication server:
- Kerberos (Solaris, or Windows 2000/2003)
- SMB (Windows 2000/2003)
- LDAP
•Card Reader: To use this feature, purchase and install a magnetic or proximity card reading
system, such as Xerox
identification card.
®
Secure Access. To access the device, users swipe a pre-programmed
AAuutthhoorriizzaattiioonn
Authorization is the process of defining the services and features that users are allowed to access. For
example, you can configure the device to allow a user to copy, scan, and fax, but not email. There are
two types of authorization:
•Locally on the Device (Internal Database): User login information is stored locally in the device
internal User Information Database.
•Remotely on the Network: User login information is stored externally in a network database such
as an LDAP directory.
PPeerrssoonnaalliizzaattiioonn
Personalization is the process of customizing services for a specific user. If your network is connected
to an LDAP server, the device can look up the home directory and email address for a user when using
the Scan to Home or Email scanning features.
62
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Note: Personalization is only available when the device is configured to use network
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.On the Authentication Configuration page, for Login Type, select Log In to Local Accounts.
3.To enable these services, for Print Stored File from Folder or for Folder to PC/Server, select
Enabled.
4.To allow users without accounts to access the device, for Non-account Print, select Enabled.
5.To use the domain name for print client authentication, select Enabled.
6.Click Apply, then click Reboot Device.
DDeeffiinniinngg UUsseerr IInnffoorrmmaattiioonn
Before you can define access rights for users, you must define user information. You can add
information to, or edit, the device internal User Information Database, or you can specify a network
database or LDAP server that contains user information. For details on network authentication and
LDAP user information, refer to Network Authentication and LDAP.
You can add users to the User Information Database on the device or you can edit existing user
information. The database can contain a maximum of 1000 users.
To edit the User Information Database:
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.Click Next.
3.In the Authentication Configuration area, for Account Number, type a number from 1–1000, then
click Edit. Each user in the database has a unique number.
4.In the User Identification area, type the user information:
a.For the User Name and UserID fields, type the required information.
b.If necessary, type a password, then retype the password.
c.Type an email address.
5.In the Feature Access area, specify feature access to the following services for the user:
•Copy Service
•Fax Service
•Scan Service
•Print Service
•Device Access
6.In the Impression / Limits area, specify the copy and scan usage limits for the user.
7.In the User Role area, for User Role, select System Administrator, Account Administrator, or
User.
64
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Security
8.If needed, add the user to an authorization group.
9.Click Apply.
The user is added to the User Information Database. When you add other users, for Account Number,
ensure that you type a unique account number for each user.
1.In the Embedded Web Server, click Properties→Security→User Details Setup.
2.To display text other than User ID, on the device control panel, in the Alternative Name for User
ID field, type the text.
3.For Mask User ID, select an option:
•Hide: This option shows user ID characters as asterisks on the control panel touch screen.
•Show: This option shows user ID characters as text on the control panel touch screen.
4.For Failed Access Log, type the number of allowed login attempts from 1-600. To allow an
unlimited number of login attempts, type 0.
Note: If the maximum number of allowed attempts is exceeded, the device locks. Restart
the device.
5.To allow users to log in without case sensitivity, for User ID for Login, select Non-Case Sensitive.
6.In the Login Attempts Limit area, type the number of login attempts allowed for the system
administrator. You can specify from 1-10 attempts. To allow an unlimited number of login
attempts, type 0.
7.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
65
Security
Network Authentication
If you have an LDAP server connected to your network, you can configure the device to retrieve user
information from the LDAP directory when authenticating a user at the control panel.
1.In the Embedded Web Server, click Properties→Securities→Authentication Configuration.
2.On the Authentication Configuration page, for Login Type, select Log In to Remote Accounts.
3.To enable these services, for Print Stored File from Folder or for Folder to PC/Server, select
Enabled.
4.To allow users without accounts to access the device, for Non-account Print, select Enabled.
5.To allow a guest user to access the device, for Guest User, select On. For Guest Passcode, type the
guest user password, then for Retype Guest Passcode, type the password again.
6.To use the domain name for authentication, for Use Domain Name for Print Client
Authentication, select Enabled.
7.Click Apply, then click Reboot Device.
8.After the device restarts, refresh your browser, navigate back to the AuthenticationConfiguration→Step 1 of 2 page, and at the bottom of the page, click Next.
9.For Authentication System, click Configure.
10.On the Authentication System page, select your Authentication System.
11.Type the Server Response Timeout and the Search Timeout.
12.If necessary, to assign the UPN, for Assign UPN (User Principal Name), select Enabled.
To configure authentication settings for the Lightweight Directory Access Protocol (LDAP):
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAPAuthentication.
2.For Authentication Method, select an option:
•Direct Authentication: This method uses the user name and password, which the user types
at the control panel, for authentication with the LDAP server.
•Authentication of User Attributes: This method allows you to specify the Attribute of Typed
User Name, which the user types at the control panel, and the Attribute of the Login User
Name, which the device uses to authenticate the user.
3.If you selected Authentication of User Attributes:
a.Type the Attribute of Typed User Name. This attribute is the LDAP attribute that corresponds
to the information you want the user to type at the control panel. For example, if you want
the user to type the mail address, type mail. You can type a maximum 32 characters.
b.Type the Attribute of Login User Name. This attribute is the login information that is
registered on the LDAP server. You can type a maximum 32 characters.
4.To add text to the user input before authentication, for Use Added Text String, select Enabled. For
Text String Added to User Name, type the additional text string. For example, you can add your
network domain name to the user name, and use this combined string for authentication.
user accounts. For details, refer to the authentication server documentation.
•Connect and configure your card reader.
•Install the appropriate plugin for your card reader and device model. Download the latest plugin
files and plugin installation instructions from www.xerox.com/support.
Note: Accounts created on the Xerox®Secure Access authentication server must match
accounts stored in the device local database or in another network authentication server.
To configure authentication services for Xerox
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
®
Secure Access Unified ID System®(authentication server) and configure with
®
Secure Access:
2.On the Authentication Configuration page, for Login Type, select Xerox Secure Access.
3.To enable these services, for Print Stored File from Folder or for Folder to PC/Server, select
Enabled.
4.To allow users without accounts to access the device, for Non-account Print, select Enabled.
5.To use the domain name for authentication, for Use Domain Name for Print Client
Authentication, select Enabled.
6.Click Apply, then click Reboot Device.
7.After the device restarts, refresh your browser, navigate back to the AuthenticationConfiguration→Step 1 of 2 page, and at the bottom of the page, click Next.
8.For Authentication System, click Configure.
9.On the Authentication System page, from the drop-down list, select Authentication Agent.
10.Type the Server Response Timeout and the Search Timeout.
11.If necessary, for Assign UPN (User Principal Name), select Enabled.
1.In the Embedded Web Server, click Properties→Security→Remote AuthenticationServers→Xerox Secure Access Settings.
2.Type the Default Prompt text and Default Title text.
3.To allow users to type their credentials at the control panel, for Local Login, select Enabled.
68
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Security
4.To allow the device to obtain the user accounting code from a network accounting server
automatically when the user logs in at the control panel, for Get Accounting Code, select
Enabled.
Ensure that network authentication and network accounting are configured. If Get Accounting
Code is not enabled, the user is required to type an accounting code when logging in at the
control panel.
5.For Connection Timeout, type a connection timeout from 1-300 seconds.
6.Click Apply.
SSeettttiinngg UUpp AAuutthheennttiiccaattiioonn ffoorr aa UUSSBB SSmmaarrtt CCaarrdd
RReeaaddeerr SSyysstteemm
To use the device with a card reader system other than Xerox®Secure Access, you must order and
install a card reader kit. The kit includes hardware, software, and instructions for connecting and
configuring your card reader system.
Before you begin:
•Install a Kerberos authentication server and configure with user accounts.
To enable the USB interface for a smart card reader:
1.In the Embedded Web Server, click Properties→Services→USB→General.
2.To enable USB for smart cards, for Smart Card, select Enabled. To use the public key infrastructure
for Smart Card certificates, select Enabled (PKI Only).
3.Click Apply.
Enabling Smart Cards
To enable smart cards:
1.In the Embedded Web Server, click Properties→Security→Smart Card Settings→General.
2.For Smart Card, click Enabled.
3.To enable login and logout tones for a non-contact card reader, for Smart Card Log In / Out Tone,
select Enabled.
4.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
69
Security
Setting Smart Card Certificate Information
To set certificate information for smart cards:
1.In the Embedded Web Server, click Properties→Security→Smart Card Settings→CertificateSettings.
2.To verify certificates, for Certificate Verification, select Enabled.
3.Type the hexadecimal values for the object identifiers for the authentication, signing, and
encryption certificates.
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch Authentication / Security Settings→Authentication→User Details Setup→Use of SmartCard.
3.Touch Change Settings.
4.To enable the use of a smart card, touch Enabled. To use the public key infrastructure for the
certificates, touch Enabled (PKI Only).
5.For Jobs Validated by Card, select Copy, Print, or Fax / Scan, as needed
Note: You can select any or all of the available options.
6.Touch Save.
Set the Smart Card Certificate Verification Mode
For additional security, you can set the device to validate a Smart Card against certificates stored on
the device.
To set the Smart Card verification mode:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
Note: Configure certificate revocation retrieval settings as necessary.
•Ensure that the root CA and intermediate CA of the Smart Card certificate are stored on the
device.
•Ensure that the date and time settings on the device are correct for certificate validation.
70
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Security
Set the Smart Card Logout Timing
You can use this feature to set the way the user interfaces with the card reader. You can require the
user to leave the Smart Card in the card reader while using the device. Alternatively, you can allow
the user to access the system by tapping the Smart Card on the card reader. If the card does not
remain in the card reader, the user is required to log out at the control panel.
To set the Smart Card Logout Timing:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
The Common Access Card (CAC) system is part of a Department of Defense initiative to increase the
security of its facilities and critical information through the use of smart identification cards.
Eventually, all department employees will use CAC cards to gain access to computers, networks, and
buildings. In many cases, the department is requesting that same level of authentication at the
device level also. When enabled on this device, Department of Defense employees use their CAC card
to access the device for scan, fax, or copy functions, providing greater security and device
management.
Xerox®CAC Enablement software supports a number of card readers and allows users to authenticate
at the device. The card reader is connected to a USB port on the device.
SSuuppppoorrtteedd CCaarrdd TTyyppeess
The CAC solution is compatible with most common CAC card types listed below.
•Axalto Pegasus 64K / V2
•Axalto Cyberflex 32K / V1
•Axalto Cyberflex 64K / V2
•Gemplus GemXpresso 64K / V2
•Oberthur 72K / V2
•Oberthur CosmopoIIC 32K / V1
•Oberthur D1 72K / V2 (contact-less and PIV)
•Gemalto GCX4 72K DI
•Oberthur ID One 128 v5.5 Dual
•Gemalto TOPDLGX4 144K
Note: Other card types may function with the Common Access Card (CAC)/Personal Identity
Verification (PIV) ID system, but they have not been validated.
SSuuppppoorrtteedd CCaarrdd RReeaaddeerrss
The following card readers are compatible with the CAC ID system:
•Gemplus GemPC USB SL
•Gemplus GemPC Twin
•SCM Micro SCR3310
72
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
•Panasonic ZU 9PS
Other USB CCID-compliant readers may function with the CAC ID system, but have not been
validated.
You can configure the device to require users to authenticate themselves to access tools and features
at the control panel and in the Embedded Web Server.
To lock or unlock tools and features:
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.Click Next.
3.In the Access Control area, for Device Access, click Configure.
4.For Services Pathway, to require authentication for all services at the control panel, select Locked.
To allow unauthenticated access, select Unlocked.
5.For Job Status Pathway, to require authentication for all services accessed from the Job Status
button, select Locked. To allow unauthenticated access, select Unlocked.
6.For Machine Status Pathway, to require authentication for all services accessed from the Machine
Status button, select Locked. To allow unauthenticated access, select Unlocked.
7.For Local UI Tools & CWIS Properties Tab, to require authentication for all services in the Tools tab
at the control panel, and for the Properties tab in the Embedded Web Server, select Locked. To
allow unauthenticated access, select Unlocked.
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.Click Next.
3.In the Access Control area, for Service Access, click Configure.
4.To require authentication for all services, click Lock All. To allow unauthenticated access to all
services, click Unlock All.
5.To set the access for each individual service, select the required access:
•Locked (Show Icon): Use this setting to require authentication for the service at the control
panel. The service icon is visible to all users.
•Locked (Hide Icon): Use this setting to require authentication for the service at the control
panel. The service icon is hidden until an authorized user logs in.
•Locked: Use this option to hide the service so that it is not available at the control panel.
•Unlocked: Use this option to allow access to the service without authentication.
6.Click Apply.
CCoonnttrroolllliinngg AAcccceessss ffoorr aa GGrroouupp ooff UUsseerrss
If your network is connected to an LDAP server, you can configure network authentication and control
individual access to services and features for users or groups.
74
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Security
You can use LDAP server user groups to control access to device services and features. For example, if
the LDAP server contains a group of users called Admin, you can configure the Admin group on the
device so that only members of this group have administrator access to the device. When a user
belonging to the group Admin logs onto the device, the device performs an LDAP directory lookup to
verify the user. Once authenticated, the user is allowed administrative rights to the device.
You can set up and control access to your device:
•User Roles Access Setup
•Device Access Setup
•Service Access Setup
•Feature Access Setup
Before you begin:
•Configure Network Authentication.
•Configure Configuring LDAP Server Settings.
UUsseerr RRoollee AAcccceessss SSeettuupp
To assign users to specific access groups according to role:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAPAuthorization Access.
2.In the User Role area, for System Administrator Access, click Edit.
3.For System Administrator Access, type the name of the group, defined in the LDAP server
database, that you want to use to grant system administrator access to the device. Click Apply.
5.Type the name of the group, defined in the LDAP server database, that you want to use to grant
accounting administrator access to the device. Click Apply.
6.Continue with other access settings, as needed.
•Device Access Setup
•Service Access Setup
•Feature Access Setup
7.Click Apply.
DDeevviiccee AAcccceessss SSeettuupp
Note: Device Access setup requires that authentication is enabled and that Tools and Feature
Access are configured to require users to log in before they can access pathways.
To set up device access:
1.In In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAPAuthorization Access.
2.In the Device Access area, for Services Pathway, click Edit. Type the name of a group, defined at
the LDAP server, that you want to use to provide access to the services features on the device.
3.Click Apply.
4.Repeat the same process for the Job Status Pathway and Machine Status Pathway.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
75
Security
5.Continue with other access settings, as needed.
•User Role Access Setup
•Service Access Setup
•Feature Access Setup
6.Click Apply.
SSeerrvviiccee AAcccceessss SSeettuupp
Note: Service Access Setup requires that authentication is enabled and that Tools and Feature
Access are configured to require users to log in before they can access services.
You can specify access to the services of the device in the Service Access area. Type the names of the
LDAP groups for any of the services listed.
To set up service access:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAPAuthorization Process.
2.In the Service Access area, for the service, click Edit.
3.Type the name of the LDAP group allowed to access the service, then click Apply.
4.Repeat the process for each of the individual services in the Service Access area, as needed.
5.Continue with other access settings, as needed.
•User Role Access Setup
•Device Access Setup
•Feature Access Setup
6.Click Apply.
FFeeaattuurree AAcccceessss SSeettuupp
Note: Feature Access Setup requires that authentication is enabled and Tools and Feature
Access are configured to require users to log in before they can access features.
You can set specific access to the color copying feature of the device listed on the Feature Access
page.
To set up feature access:
1.In the Embedded Web Server, click Properties→Connectivity→Protocols→LDAP→LDAPAuthorization Access.
2.In the Feature Access area, for Color Copying, click Edit.
3.Type the names of the LDAP groups allowed to access the color copying feature, then click Apply.
4.Continue with other access settings, as needed.
•User Role Access Setup
•Device Access Setup
•Service Access Setup
5.Click Apply.
76
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Before you begin, configure the device for local authentication. Add user information and feature
access information to the User Information Database. For details, refer to Local Authentication.
To reset feature access for all local users:
1.In the Embedded Web Server, click Properties→Security→Authentication Configuration.
2.Click Next.
3.In the Authentication Configuration area, for All User Accounts, click Edit.
4.For Reset All Feature Access, select Reset.
5.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
77
Security
Digital Certificates
A digital certificate must be installed on the device before you can enable secure HTTP (SSL). A digital
certificate is a set of data used to verify the identity of the holder or sender of the certificate. A
certificate includes the following data:
•Information about the person, organization, or computer to which the certificate is issued,
including the name, location, email address, and other contact information.
•Certificate serial number
•Certificate expiration date
•Name of the certificate authority (CA) that issued the certificate
•A public key
•The digital signature of a certificate authority
IInnssttaalllliinngg aa DDiiggiittaall CCeerrttiiffiiccaattee
There are three ways to install a certificate on the device:
•Create a Self-Signed Certificate. A Self-Signed Certificate is the result when the device creates its
own certificate, signs it, and creates a public key for the certificate to be used in SSL encryption.
•Create a request to have a certificate authority (CA), or a server functioning as a certificate
authority sign a certificate and then upload the certificate to the device. An example of a server
functioning as a CA is Windows Server running Certificate Services.
•Install a trusted root certificate created by a CA.
Note: Installing a self-signed certificate is less secure than installing a certificate signed by a
trusted CA. However, if you do not have a server functioning as a certificate authority, this is
your only option.
CCrreeaattiinngg aa SSeellff--SSiiggnneedd CCeerrttiiffiiccaattee
1.If necessary, enable S/MIME capability for the self-signed certificate. For details, refer to
Assigning a Name and Location to the Device.
2.In the Embedded Web Server, click Properties→Security→Device Digital CertificateManagement.
3.Click Create New Certificate.
4.Select Self Signed Certificate.
5.Click Continue.
6.Select a Digital Signature Algorithm.
7.Select a Public Key Size and type the name of the Issuer.
8.For Days of Validity, type the number of days, 1-9999, until the certificate expires.
9.Click Apply.
78
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Security
CCrreeaattiinngg aa RReeqquueesstt
To create a request:
1.In the Embedded Web Server, click Properties→Security→Device Digital CertificateManagement.
2.Click Create New Certificate.
3.Select Certificate Signing Request (CSR), then click Continue.
4.Fill out the form with the Digital Signature Algorithm, Public Key Size or Elliptic Curve, 2-Letter
Country Code, State/Province Name, Locality Name, Organization Name, and Organization Unit.
5.Click Apply.
6.Values from the form are used to generate a Certificate Signing Request.
7.When the process is complete, you are prompted to save the Certificate Signing Request. Rightclick the link and save the csr.pem file to your computer.
8.Email the file to a trusted certificate authority for signing.
Note: If you want to use SSL/TLS for SMTP communication, for SMTP - SSL / TLS
Communication, select a method that your server supports.
UUppllooaaddiinngg aa CCeerrttiiffiiccaattee
When a signed certificate is received back from a trusted certificate authority (CA), you can upload
the certificate to the device. You can also upload certificates, root certificates, and intermediate CA
certificates to establish a complete chain of trust.
To upload a certificate:
1.In the Embedded Web Server, click Properties→Security→Device Digital CertificateManagement.
2.Click Upload Signed Certificate.
3.If the certificate is password-protected, type the password, then retype the password.
4.Click Browse or Choose File, navigate to the signed certificate in .crt format, then click Open or
Choose.
5.Click Import.
Note: The signed certificate must match the CSR created by the device.
MMaannaaggiinngg CCeerrttiiffiiccaatteess
To view information about the certificates installed on the device, or specify the certificate to use for
S/MIME, SSL, and IPSEC:
1.In the Embedded Web Server, click Properties→Security→Certificate Management.
2.To filter the display, for Category, Certificate Purpose, and Certificate Order, select the
appropriate options.
3.Click Display the list.
4.Select a certificate from the list, then click Certificate Details.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
79
Security
5.To set the certificate as the primary certificate, click Use this certificate. If this option is not
available, then the selected certificate has expired or is not valid. All certificates in the
certification path (chain of trust) must be installed on the device and must be valid.
6.To remove the certificate, click Delete.
7.To save the certificate to your computer, click Export this certificate.
To configure certificate revocation retrieval settings:
1.In the Embedded Web Server, click Properties→Security→Certificate Revocation Settings.
2.In the General area, for Level of Certificate Verification, select an option:
•Low: The revocation status of certificates is not checked. The device verifies that the
certificate has not expired and that the certificate issuer and signature are valid.
•Medium: The revocation status of certificates is checked. If the certificate status cannot be
obtained due to a network error, the certificate is still considered valid.
•High: The revocation status of certificates is checked. The certificate is only considered valid
after successfully verifying that the certificate has not been revoked.
3.Select the Retrieval of Certificate Status: By Retrieving CRL or By OCSP.
•If you selected By OCSP:
1. In the OCSP area, for Send Query to OCSP Responder With, select URL as Specified inCertificate or URL as Specified by Administrator.
2. For URL of OCSP Responder, type the required URL.
3. For OCSP Communication Timeout, type the time in seconds that the device waits for
information about certificate revocation. The permitted range is 5-60 seconds.
•If you selected By Retrieving CRL:
1. If necessary, in the CRL area, for Auto Retrieval of CRL, select Enabled.
2. For CRL Retrieval Timeout, type the time in seconds that the device waits for information
about certificate revocation. The permitted range is 5-60 seconds.
4.Click Apply.
80
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Security
Secure HTTP and SSL/TLS
You can encrypt all data sent over HTTP by establishing an encrypted SSL connection. You can enable
SSL encryption for the following services:
•Configuring the device in the Embedded Web Server
•Printing from the Embedded Web Server
•Printing using IPP
•Managing scan templates
•Network scanning
•Network accounting
Before you begin:
•Install a digital certificate. For details, refer to Installing a Digital Certificate.
•Ensure that the date and time on the device are configured correctly. The date and time are used
to set the start time for self-signed certificates.
3.Type the port number you want to use for HTTP SSL / TLS.
4.To use secure LDAP, for LDAP - SSL/TLS Communication, select Enabled.
5.To use secure email, for SMTP - SSL / TLS Communication, select a method that your server
supports:
•STARTTLS (If Available)
•STARTTLS
•SSL / TLS
Note: If you are unsure what method your server supports, select STARTTTLS (If
Available). If you select STARTTLS, the device attempts to use STARTTLS. If your server
does not support STARTTLS, SMTP communication is not encrypted.
6.To use POP3, for POP3 - SSL / TLS Communication, select Enabled.
7.To use S/MIME, for S/MIME Communication, select Enabled.
8.To verify a remote server certificate, for Verify Remote Server Certificate, select Enabled.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
81
Security
9.For Protocol Version, select the TLS version to be used.
10.Click Apply.
82
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Security
S/MIME
Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and
signing of email encapsulated in MIME.
Before you begin:
•Enable SSL/TLS.
•Install an S/MIME certificate and all certificates in the certification path (chain of trust) for the S/
MIME certificate. The S/MIME certificate must be in PKCS #12 format, and the email address in
the certificate must be the same as the device email address.
•Enable S/MIME Communication on the SSL/TLS Settings page.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
83
Security
IPsec
Internet Protocol Security (IPsec) is a group of protocols used to secure Internet Protocol (IP)
communications by authenticating and encrypting each IP data packet. It allows you to control IP
communication by creating protocol groups, policies, and actions for the following protocols:
•DHCP v4/v6 (TCP and UDP)
•DNS (TCP and UDP)
•FTP (TCP)
•HTTP (Scan Out, TCP port 80)
•HTTPS (Scan Out, TCP port 443)
•HTTPS (Web Server, TCP port 443)
•ICMP v4/v6
•IPP (TCP port 631)
•LPR Print (TCP port 515)
•Port 9100 Print (TCP port 9100)
•SMTP (TCP/UDP port 25)
•SNMP (TCP/UDP port 161)
•SNMP Traps (TCP/UDP port 162)
•WS-Discovery (UDP port 3702)
•Up to 10 additional services
CCoonnffiigguurriinngg IIPPSSeecc
Note: Before you can enable IPsec, ensure the HTTP (SSL) is enabled with an installed digital
certificate.
To configure Internet Protocol security communications:
1.In the Embedded Web Server, click Properties→Security→IPSec.
2.For Protocol, select Enabled.
3.For IKE Authentication Method, select Preshared Key, or Digital Signature.
4.If you selected Preshared Key, type the Preshared Key, then to verify, retype the key.
5.For IKE SA Lifetime and IPSec SA Lifetime, type the values in minutes:
•IKE SA Lifetime: 5-28800 minutes
•IPSec SA Lifetime: 300-172800 minutes
Note: Ensure that you set the IPSec SA Lifetime to a shorter period of time than the
setting for IKE SA Lifetime.
6.Select the DH Group type.
7.If necessary, enable PFS.
8.Type the Specific Destination IPv4 Address and the Specific Destination IPv6 Address.
84
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
9.To restrict the device from communicating with devices that are not using IPSec, for
Communicate with Non-IPsec Device, select Disabled .
10.Click Apply.
Security
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
85
Security
802.1X
802.1X is an Institute for Electrical and Electronics Engineers (IEEE) standard that defines a method
for port-based network access control or authentication. In an 802.1X-secured network, the device
must be authenticated by a central authority, typically a RADIUS server, before it can access the
physical network. You can enable and configure the device to be used in an 802.1X-secured network.
Before you begin:
•Ensure your 802.1X authentication server and authentication switch are available on the network.
•Determine the authentication method supported by the server.
•Create a user name and password on your authentication server.
•Ensure that the device can be offline for several minutes. Changing and applying 802.1X settings
causes the device to restart.
CCoonnffiigguurriinngg 880022..11XX
To configure 802.1x network settings:
1.In the Embedded Web Server, click Properties→Security→IEEE 802.1X.
2.For Enable IEEE 802.1x, select Enabled.
3.For Authentication Method, select the method used on your network:
•EAP-TTLS / PAP
•EAP-TTLS / CHAP
•EAP-TTLS / MS-CHAPv2
•PEAP / MS-CHAPv2
Note: EAP-TTLS is available if the device is configured to use EAP-TTLS.
4.For Login Name: (Device Name), type the login name required by your authentication switch and
server.
5.Type the password, then retype the password.
6.If necessary, for Certificate Validation, select Enabled.
7.Click Apply.
86
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Security
FIPS140-2 Data Encryption
All data that is stored on and transmitted by the device is encrypted. Some services and protocols,
such as SMB and the PDF Direct Print service, do not use an encryption method that complies with
government standard FIPS140-2. You can warn users with a control panel message when data is
about to be transmitted that is not encrypted to FIPS140-2 standard. For details, refer to the device
Security White Paper on the Xerox website.
To enable the data encryption warning message:
1.In the Embedded Web Server, click Properties→Security→FIPS140 Validation Mode.
2.For FIPS140 Validation Mode, select Enabled.
3.Click Apply.
Note: FIPS 140-2 encryption does not apply to the SMB protocol or to the PDF Direct Print
Service.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
87
Security
Overwriting Image Data
To ensure that image data on the device hard drive is not accessible, you can delete and overwrite
image data. Image data is any and all in-process or temporary user data on the hard drive, such as
current jobs, queued jobs, and temporary scan files, but not saved jobs or folders. To use this feature,
you must purchase and install the Data Security Kit.
To delete image data from the device hard drive manually:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch Authentication / Security Settings→Overwrite Hard Disk.
3.Touch Number of Overwrites, then touch 1 Overwrite or 3 Overwrites.
4.Touch Save.
5.Touch Run Image Overwrite.
6.Touch Start.
7.Touch Yes. The following data is deleted:
•Secure, Sample, and Delay print jobs
•Images stored in folders
•PDL spool files
•Fax documents
•All temporary files
Note:
•All image data is deleted.
•While data is deleted, the device is offline. When the process has completed, the device
restarts.
To schedule a regular time for image data to be deleted from the device hard drive:
1.At the device control panel, log in as Administrator, press the Machine Status button, then touch
the Tools tab. For details, refer to Administrator Access at the Control Panel.
2.Touch Authentication / Security Settings→Overwrite Hard Disk.
3.Touch Number of Overwrites, then touch 1 Overwrite or 3 Overwrites.
4.Touch Save.
5.Touch Scheduled Image Overwrite.
6.Touch Daily, Weekly, or Monthly. To specify when you want image data deleted, use the arrow
icons.
Note: All image data is deleted.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
89
Security
IP Filtering
You can prevent unauthorized network access by only allowing data to be transmitted to and from
specific IP addresses and ports.
CCrreeaattiinngg aann IIPP FFiilltteerr RRuullee
To create an IP filter rule:
1.In the Embedded Web Server, click Properties→Security→IP Filtering.
2.For IPv4 Filtering or IPv6 Filtering, select Enabled.
3.For the option that you enabled, click Add.
4.In the Define IP Filter Rule area area, type the Source IP Address. This is the IP address of the
computer or device that you want to allow to access the printer.
5.For Source IP Mask, type a number for the filter rule.
For IPv4, the range of 0–32 corresponds to the 32-bit binary number that comprises IP addresses.
The number 8 represents a Class A address with a mask of 255.0.0.0. The number 16 represents a
Class B address with a mask of 255.255.0.0. The number 24 represents a Class C address with a
mask of 255.255.255.0.
For IPv6, the range of 0–128 corresponds to the 128-bit binary number that comprises IP
addresses. For example, a mask of /64 represents a 64-bit mask, which defines a single IPv6
subnet.
6.Click Apply, then follow the prompts to restart the device.
7.Refresh your browser, then navigate back to the IP Filtering page.
8.For IP Filter Rule List, select the rule that you created in the first part of the process.
9.Select your rule in the list, then click Apply.
To edit or delete an existing rule, select the rule, then click Edit or Delete.
Note: To edit or delete an existing rule, click Edit or Delete.
90
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Security
Unbounded Ports
The unbounded port feature provides printer security by allowing you to register the ports that are
permitted to communicate with the device.
AAddddiinngg aann UUnnbboouunnddeedd PPoorrtt
To add a port that is allowed to communicate with the device:
1.In the Embedded Web Server, click Properties→Security→Unbounded Port.
2.Click Add.
3.Type the port number.
4.For Port Destination, select Source or Destination.
5.For Protocol, select TCP or UDP.
6.Click Apply.
EEddiittiinngg aann UUnnbboouunnddeedd PPoorrtt
To edit an unbounded port:
1.In the Embedded Web Server, click Properties→Security→Unbounded Port.
2.Select an item in the Unbounded Port List, then click Edit.
3.Edit the port number, destination, and protocol, as needed.
4.Click Apply.
DDeelleettiinngg aann UUnnbboouunnddeedd PPoorrtt
To delete an unbounded port:
1.In the Embedded Web Server, click Properties→Security→Unbounded Port.
2.Select an item in the Unbounded Port List, then click Delete.
3.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
91
Security
Audit Log
When the Audit Log feature is enabled, the device begins recording events that happen on the device.
You can download the Audit Log as a tab-delimited text file and review it to find security breaches
and assess the device security.
EEnnaabblliinngg AAuuddiitt LLoogg
Note: Secure HTTP (SSL) must be enabled before you can enable the Audit Log. For details,
refer to Secure HTTP and SSL/TLS.
To enable the Audit Log:
1.In the Embedded Web Server, click Properties→Security→Audit Log.
2.For Audit Log, select Enabled.
3.Click Apply.
SSaavviinngg aann AAuuddiitt LLoogg
1.In the Embedded Web Server, click Properties→Security→Audit Log.
2.For Export Audit Log, right-click the Export as text file link and save the compressed auditfile.txt
file to your computer.
3.Open the file in an application that can read a tab-delimited text file.
IInntteerrpprreettiinngg tthhee AAuuddiitt LLoogg
The Audit Log is formatted into columns:
•Log ID: A unique value that identifies the event.
•Date: The date that the event happened in mm/dd/yy format.
•Time: The time that the event happened in hh:mm:ss format.
•Audit Event ID: The type of event. The number corresponds to a unique description.
•Logged Events: An abbreviated description of the type of event.
•User Name: User Name, Job Name, Computer Name, Device Name, Folder Name, or Accounting
Account ID (when Network Accounting is enabled).
•Description: More information about the Logged Event. When the Logged Event is System Status
for example, one of the following can appear: Started normally (cold start), Started normally
(warm start), Shutdown requested, Image Overwriting started.
•Optionally Logged Items: Other information recorded when the event occurs, such as log in and
authentication access method.
92
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Note:
•For a Network Scanning scan job, an audit log entry is recorded for each network
destination within the job.
•For Server Fax jobs, an audit log entry is recorded for each Server Fax job.
•For Email jobs, an audit log entry is recorded for each SMTP recipient within the job.
•To record user names in the Audit Log, configure network authentication.
Security
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
93
Security
PDF and XPS Signatures
You can add a digital signature to PDF or XPS documents that are created by the device scan feature.
The signature uses the information in an S/MIME digital certificate.
Before you begin:
•Install an S/MIME digital certificate.
•Enable secure HTTP (SSL) and S/MIME communication. For details, refer to Secure HTTP and SSL/
TLS and S/MIME.
To set digital signatures:
1.In the Embedded Web Server, click Properties→Security→PDF / XPS Signature Settings.
2.For PDF Signature, select when you want the signature added.
3.Select the required PDF Signature Hash Algorithm.
4.For XPS Signature, select when you want the signature added.
5.For Signing Certificate, select the type of certificate to which these changes apply.
6.Click Apply.
94
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Before you begin, configure local authentication. For details, refer to Setting Up Local Authentication.
To restrict users from using or editing the address book at the control panel you can create an
Authorization Group.
To restrict access to the control panel address book:
1.In the Embedded Web Server, click Properties→Security→Create Authorization Groups.
2.For one of the group numbers, click Edit.
3.Type the Group Name.
4.To allow access for the group, for Restrict Recipient Selection Method, select No Restriction, or to
require authentication for the group, Always Apply Restriction.
5.For Restrict User to Edit Address Book, select No Restriction, or Always Apply Restriction.
6.For Allow User to Disable Active Settings, select Allow or Do Not Allow.
7.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
95
Security
Restricting Access to Job Information
You can control how job information displays at the control panel when the user presses the Job
Status button.
To restrict the access of a service representative:
1.In the Embedded Web Server, click Properties→Security→Service Representative RestrictedOperation.
2.For Restricted Operation, select Enabled.
3.To set a password, type and retype the password.
4.Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
99
Security
Limiting Access to Folder Operations
You can limit access to folder operations on the device. Limiting access forces users to provide a
password to perform a folder operation. The restriction does not apply to any folders that are already
registered.
1.In the Embedded Web Server, click Properties→Security→Limit Access to Folder.
2.For Limit Access, select Enabled.
3.Click Apply.
100
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.