Xerox PrimeLink C9065, PrimeLink C9070 System Administrator Guide

Version 2.0 November 2019 702P07781
Xerox
®
PrimeLink™C9065/C9070 Printer System Administrator Guide
©2019 Xerox Corporation. All rights reserved. Xerox®, Xerox and Design®, and PrimeLink™are trademarks of Xerox Corporation in the United States and/or other countries.
MeterAssistant
®
, SuppliesAssistant®, Scan to PC Desktop®, and Xerox Extensible Interface Platform®, are trademarks of Xerox Corporation in the United States and/or other countries. Product status, build status, and/or specifications are subject to change without notice.
Microsoft
®
, Windows®, Windows XP®, Windows Vista®, and Word are registered trademarks of Microsoft Corporation
in the United States and/or other countries.
®
Apple
, Macintosh®, and Mac OS®are trademarks or registered trademarks of Apple Computer, Inc., registered in the U.S. and other countries. Elements of Apple's Technical User Documentation used by permission from Apple Computer, Inc.
®
GBC
and AdvancedPunch™are trademarks or registered trademarks of General Binding Corporation.
HP, PCL and HP-UX are registered trademarks of Hewlett-Packard Corporation in the United States and/or other countries.
®
Linux
is a registered trademark of Linus Torvalds.
ScanFlowStore
®
is a registered trademark of Nuance Communications, Inc.
TWAIN is a trademark of TWAIN Working Group.
Universal Serial Bus is a trademark of USB Implementors Forum, Inc. (USB-IF)
®
UNIX
is a registered trademark of the Open Group.
®
Oracle
Solaris is a registered trademark of Oracle and/or its affiliates in the United States and other countries.
Table of Contents
1 Introduction.............................................................................................................................15
Configuration Steps ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... 16
More Information.......... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 17
2 Initial Setup ............................................................................................................................19
Physical Connection ... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........ 20
Initial Setup at the Control Panel ........ ..... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... .... 21
The Installation Wizard... ........... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ....... 21
Configuration Report .. ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ........... 21
Printing the Configuration Report....... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .... 21
Administrator Access at the Control Panel.... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... 22
Locking or Unlocking the Device.. ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... . 22
Manually Setting the Ethernet Interface Speed... ..... ........... ..... ........... ..... ........... ..... ..... ...... ... 23
Assigning a Network Address ... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 23
Viewing Services and Options. ...... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... 24
Embedded Web Server ....... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... 25
Accessing the Embedded Web Server ........ ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ... 25
Enabling Services and Options ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... 26
Enabling Services and Options at the Control Panel. ..... ..... ........... ..... ........... ..... ........... .... 26
Enabling Features in the Embedded Web Server ...... ..... ..... ........... ..... ........... ..... ........... .... 26
Changing the System Administrator Password.. ........... ..... ........... ..... ..... ........... ..... ..... ........... . 27
Using the Configuration Overview Page .... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ... 28
Assigning a Name and Location to the Device ... ........... ..... ..... ........... ..... ........... ..... ......... 28
3 Network Connectivity.............................................................................................................29
TCP/IP .......... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... 30
Enabling TCP/IP ... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ... 30
Configuring TCP/IP Settings at the Control Panel ..... ..... ...... ..... ..... ........... ..... ........... ..... ... 30
Configuring TCP/IP Settings in the Embedded Web Server.. ..... ........... ..... ........... ..... ..... .... 32
SNMP ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... 35
Enabling SNMP..... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ....... 35
Configuring SNMP .... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ... 35
LPD...... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... ... 38
Enabling LPD ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... .... 38
Configuring LPD.... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 38
Raw TCP/IP Printing .. ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... ... 39
Enabling Port 9100 ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ........... 39
Configuring Port 9100.... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ... 39
SMTP... ........... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ... 40
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
3
Table of Contents
Configuring SMTP Server Settings ........ ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........ 40
Configuring Optional SMTP Settings ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... . 40
Performing an SMTP Server Connection Test .. ........... ..... ........... ..... ..... ........... ..... ..... ...... .. 41
LDAP.. ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... 42
Configuring LDAP Server Settings . ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ..... 42
Defining User Mappings ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ... 43
Configuring LDAP Custom Filters. ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... 43
Performing an LDAP Connection Test ... ..... ...... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 44
POP3 .. ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .... 45
HTTP . ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... 46
Enabling HTTP ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... .. 46
Configuring HTTP Settings ............ ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... .... 46
Proxy Server ............ ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... 47
Microsoft Networking .. ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... 48
Configuring WINS... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ..... 48
IPP... ...... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 49
Enabling IPP ........ ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........ 49
Configuring IPP. ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... 49
Universal Plug and Play Discovery .... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 50
Enabling UPnP ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 50
Configuring UPnP .... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ...... ... 50
SSDP..... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........ 51
WebDAV ....... ..... ..... ...... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... 52
Enabling WebDAV. ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 52
Configuring WebDAV .......... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ...... ... 52
WSD .. ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ..... ........... ..... 53
Enabling WSD. ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 53
Configuring WSD ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 53
FTP ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .... 54
Enabling FTP......... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 54
Setting Up the FTP Transfer Mode .... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... 54
Google Cloud Print......... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... .... 55
Enabling Google Cloud Print.. ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 55
Registering the Device with the Google Cloud Print Service ...... ..... ........... ..... ........... ..... ... 55
Bonjour Multicast DNS........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... . 56
Enabling Bonjour ..... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... .... 56
Configuring Bonjour......... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 56
AirPrint ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 57
Configuring AirPrint ... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 57
Mopria. ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ... 59
Configuring Mopria.... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 59
SOAP .... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... .. 60
4 Security .....................................................................................................................................61
Setting Up Access Rights.... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... 62
4
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Table of Contents
Overview........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ...... 62
Authentication..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... .. 62
Authorization....... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ... 62
Personalization .... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 62
Local Authentication. ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ... 64
Setting Up Local Authentication .... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ... 64
Defining User Information .. ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ... 64
Editing the User Information Database.... ........... ..... ..... ........... ..... ........... ..... ........... ..... ... 64
Specifying Login Requirements .. ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... . 65
Network Authentication........ ..... ..... ........... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 66
Setting up Network Authentication ... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... 66
Configuring Authentication Server Settings for Kerberos ...... ..... ..... ...... ..... ..... ........... ..... .. 66
Configuring Authentication Server Settings for SMB ..... ..... ........... ..... ..... ........... ..... ..... ..... 67
Configuring Authentication Server Settings for LDAP. ..... ........... ..... ........... ..... ........... ..... .. 67
Authentication Using a Card Reader System ... ..... ........... ..... ........... ..... ........... ..... ........... ..... .. 68
Setting Up Authentication for Xerox
Configuring Xerox
®
Secure Access Login Settings .... ........... ..... ..... ........... ..... ..... ........... .... 68
®
Secure Access .... ..... ........... ..... ..... ........... ..... .......... 68
Setting Up Authentication for a USB Smart Card Reader System..... ........... ..... ........... ..... . 69
Authentication Common Access Card (CAC).. ........... ..... ........... ..... ..... ........... ..... ........... ..... .... 72
Authentication Common Access Card (CAC) Overview........ ..... ..... ........... ..... ..... ........... .... 72
Supported Card Types... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 72
Supported Card Readers..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .... 72
Controlling Access to Tools and Features ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... . 74
Controlling Access for All Users......... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... . 74
Controlling Access for a Group of Users .. ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... 74
Resetting Feature Access for All Local Users........ ..... ........... ..... ..... ........... ..... ..... ........... .... 77
Digital Certificates ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........ 78
Installing a Digital Certificate . ..... ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... .... 78
Creating a Self-Signed Certificate .... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... 78
Creating a Request ..... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... . 79
Uploading a Certificate..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... 79
Managing Certificates ....... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .... 79
Certificate Revocation Retrieval Settings .......... ..... ..... ........... ..... ..... ........... ..... ..... ........... . 80
Secure HTTP and SSL/TLS .... ........... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ...... ..... ..... ........ 81
Configuring Secure HTTP (SSL/TLS).......... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 81
S/MIME .......... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ... 83
IPsec.... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ... 84
Configuring IPSec . ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 84
802.1X... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... . 86
Configuring 802.1X ...... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... 86
FIPS140-2 Data Encryption ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... 87
Overwriting Image Data ... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... . 88
Overwriting Image Data in the Embedded Web Server . ..... ........... ..... ........... ..... ........... .... 88
Overwriting Image Data at the Control Panel......... ..... ..... ........... ..... ........... ..... ..... ........... 89
IP Filtering.... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ..... 90
Creating an IP Filter Rule . ...... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... . 90
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
5
Table of Contents
Unbounded Ports.... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ........... 91
Adding an Unbounded Port. ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ... 91
Editing an Unbounded Port.... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... 91
Deleting an Unbounded Port. ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... . 91
Audit Log......... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 92
Enabling Audit Log. . ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... 92
Saving an Audit Log ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ..... 92
Interpreting the Audit Log ... ...... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 92
PDF and XPS Signatures.......... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... 94
Address Book Security... ........... ..... ........... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... .... 95
Controlling Address Book Access in the Embedded Web Server ............ ..... ..... ........... ..... ... 95
Controlling Control Panel Address Book Access .. ..... ........... ..... ..... ........... ..... ........... ..... ..... 95
Restricting Access to Job Information .. ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........ 96
Hiding or Password Protecting Completed Job Information ......... ..... ........... ..... ..... ........... 96
Hiding Active Job Information .. ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........ 96
Allowing or Restricting Job Operations . ..... ...... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 96
Hiding or Displaying Network Settings ... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... . 98
Restricting Service Representative Operations ......... ..... ........... ..... ..... ........... ..... ..... ........... ..... 99
Setting up Service Representative Restrictions. ........... ..... ........... ..... ........... ..... ..... ........... . 99
Limiting Access to Folder Operations... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... . 100
5 Printing................................................................................................................................... 101
Selecting Print Mode Options ... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... .. 102
Language Emulation Settings .......... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... 103
Configuring PostScript 3 Language Emulations .......... ..... ..... ........... ..... ..... ........... ..... ..... 103
Configuring PCL
Configuring TIFF and JPEG Language Emulations ...... ..... ........... ..... ........... ..... ..... .......... 103
Configuring HP-GL/2 Language Emulations.... ..... ........... ..... ..... ........... ..... ........... ..... ..... . 104
Managing Banner Page Printing Options.. ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .. 105
Enabling Banner Page Printing in the Embedded Web Server..... ..... ..... ........... ..... ..... ...... 105
Enabling Banner Page Printing from the Control Panel .......... ..... ..... ........... ..... ..... .......... 105
Enabling Banner Page Printing in the Xerox Version 3 Print Driver.... ........... ..... ..... .......... 105
Enabling Banner Page Printing in the Xerox Version 4 Print Driver.... ........... ..... ..... .......... 106
Print Service Settings ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... . 107
Allocating Memory for Print Settings.... ..... ...... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 107
Configuring Other Types of Print Settings. ..... ..... ........... ..... ........... ..... ........... ..... ..... ...... . 107
Media Print Service Settings.......... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... .. 109
®
UNIX
, Linux®, and AS/400 Printing ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... 110
®
Xerox
Printer Manager ..... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ... 110
Printing from a Linux
AS/400 for IBM Power Systems ......... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ......... 112
®
6/5e Language Emulations... ...... ..... ..... ........... ..... ........... ..... ..... ......... 103
®
Workstation....... ..... ........... ..... ........... ..... ..... ........... ..... ..... .......... 111
6 Copying..................................................................................................................................113
Creating Copy Feature Presets...... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... .... 114
Specifying Default Copy Settings ..... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... 115
6
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Table of Contents
Copy Control.......... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ..... 116
Original Size Defaults . ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 117
Reduce and Enlarge Presets.... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... .... 118
Defining Custom Colors ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ... 119
7 Scanning................................................................................................................................ 121
Configuring General Scan Service Settings .. ..... ..... ........... ..... ........... ..... ........... ..... ..... .......... 122
Setting Scan Defaults...... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... 122
Configuring Other Scan Settings . ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... .... 122
Setting Scan to PC Defaults .. ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... .......... 122
Scanning to a Folder on the Device .. ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... 123
Managing Folders and Scanned Files..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 124
Creating and Editing a Folder. ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ......... 124
Scheduling Deletion of Files Stored in Folders.... ..... ........... ..... ..... ........... ..... ..... ...... ..... ... 124
Configuring Scan Folder Service Settings ............ ..... ........... ..... ........... ..... ........... ..... ..... .. 125
Scanning to an Email Address .......... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 126
Configuring Email Settings......... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... 126
Editing Email Settings.... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... . 127
Network Scanning..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... . 129
Enabling Network Scanning .... ..... ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... .. 129
Configuring Network Scanning... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 129
Configuring File Repository Settings......... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... . 130
Configuring the Default Template.... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... .......... 133
Configuring Template Pool Repository Settings ... ........... ..... ........... ..... ........... ..... ..... ...... 135
Updating the List of Templates at the Control Panel .......... ..... ..... ........... ..... ..... ........... .. 135
Configuring a Validation Server.......... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .. 135
Scanning to a Home Folder for a User .. ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ...... 136
Configuring Scan to Home .. ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... . 136
Scanning to a USB Drive . ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... . 137
Enabling Scan to USB Functionality ......... ..... ..... ........... ..... ..... ........... ..... ........... ..... ....... 137
Job Flow Sheets .. ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... .. 138
Setting Up a Job Flow Sheet .. ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ......... 138
Job Flow Sheet Restrictions ... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... .......... 140
Linking the Job Flow Sheet to a Folder ..... ..... ..... ........... ..... ..... ........... ..... ........... ..... ....... 140
Enabling Network Scan Utility 3 . ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ...... ..... 141
8 Faxing..................................................................................................................................... 143
Embedded Fax ... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ......... 144
Enabling Embedded Fax.. ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... 144
Configuring Embedded Fax Settings.. ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ..... ... 144
Configuring Fax General Settings ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... .... 145
Enabling the Output Destination... ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... .. 145
Configuring Fax Control Settings ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... .......... 146
Setting Fax Defaults.... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... .... 147
Setting Incoming Fax Options.... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .......... 147
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
7
Table of Contents
Storing and Forwarding Received Faxes....... ..... ........... ..... ........... ..... ........... ..... ..... ......... 148
Storing and Forwarding Faxes Using Fax Identifiers ..... ..... ........... ..... ........... ..... ........... .. 150
Server Fax ........ ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... 152
Enabling Server Fax..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ......... 152
Configuring a Fax Repository using FTP........... ..... ..... ........... ..... ........... ..... ........... ..... ..... 152
Configuring a Fax Repository using SMB .. ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... . 153
Configuring a Fax Repository using SMTP.... ..... ..... ...... ..... ..... ........... ..... ........... ..... ......... 153
Server Fax Confirmation Report and Job Log ..... ..... ........... ..... ........... ..... ........... ..... ..... ... 153
Internet Fax..... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 154
Configuring Internet Fax Settings ..... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ... 154
Configuring Internet Fax General Options ... ........... ..... ........... ..... ........... ..... ..... ........... ... 154
Internet Fax Addresses........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ......... 155
LAN Fax ... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... .. 156
Session Initiation Protocol Fax ..... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ......... 157
Enabling SIP Fax .. ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ...... ..... ..... ...... 157
Configuring VoIP Gateway Registration ......... ..... ........... ..... ..... ........... ..... ..... ........... ..... . 158
Configuring T.38 Settings ...... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... .... 158
Configuring SIP Settings at the Device Control Panel .... ..... ........... ..... ........... ..... ..... ...... . 158
9 Accounting ............................................................................................................................ 159
Xerox®Standard Accounting......... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ... 160
Configuring Xerox
Creating a Group Account ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... .......... 160
Creating a User Account and Setting Usage Limits. ..... ..... ........... ..... ........... ..... ..... ......... 161
Managing Group Accounts......... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 161
Maximum Usage Limits .... ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ......... 161
Managing Limits for Individual Users . ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .. 162
Managing Limits for Groups.... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... .. 162
Resetting Usage Data Values ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... 162
Automatically Resetting the Accounting Counters..... ..... ........... ..... ........... ..... ........... ..... 162
Resetting Standard Accounting to Factory-Default Settings..... ..... ...... ..... ..... ...... ..... ..... .. 163
Printing a Standard Accounting Report .. ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ... 163
Local Accounting ....... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... 164
Configuring Local Accounting .......... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... .... 164
Creating a User Account and Setting Usage Limits. ..... ..... ........... ..... ........... ..... ..... ......... 164
Resetting Local Accounting Usage Counters........ ..... ..... ........... ..... ..... ........... ..... ........... . 165
Automatically Resetting Local Accounting Usage Counters ...... ..... ..... ........... ..... ..... ...... . 165
Network Accounting ... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... 166
Enabling and Configuring Network Accounting ....... ..... ..... ...... ..... ..... ........... ..... ........... .. 166
Configuring Accounting Login Screen Settings ... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... .. 167
Accounting and Billing Device Settings.. ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... 168
Enabling Accounting in Print Drivers... ..... ........... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ... 169
Enabling Accounting in a Xerox Version 3 Windows Print Driver.......... ..... ........... ..... ....... 169
Enabling Accounting in a Xerox Version 4 Windows Print Driver.......... ..... ........... ..... ....... 170
Enabling Accounting in an Apple Macintosh Print Driver... ..... ........... ..... ..... ........... ..... .... 171
®
Standard Accounting......... ..... ..... ........... ..... ..... ........... ..... ..... .......... 160
10 Administrator Tools........................................................................................................... 173
8
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Table of Contents
Monitoring Alerts and Status . ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... .......... 174
Setting Up Job Completion Alerts..... ...... ..... ..... ...... ..... ..... ........... ..... ........... ..... ..... ......... 174
Setting Up Device Status Alerts... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ......... 174
Activating a Supplies Plan ........ ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ... 175
Paper Tray Settings ........ ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... .. 176
Accessing Paper Tray Settings .... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... .......... 176
Setting Custom Paper Name and Color ... ........... ..... ........... ..... ..... ........... ..... ..... ........... .. 176
Establishing Start-Up Attributes ..... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... . 176
Paper Type Priority ...... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... .......... 176
Setting Paper Tray Attributes ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... .... 177
Setting Up a Dedicated Paper Tray .. ........... ..... ........... ..... ........... ..... ........... ..... ..... ......... 178
Changing Paper Settings During Tray Loading..... ..... ..... ........... ..... ..... ........... ..... ..... ...... . 178
Establishing Bypass Tray Defaults . ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... . 179
Customizing the Paper Supply Screen. ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .. 179
Paper Tray Priority........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... 179
Managing Automatic Tray Switching .. ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... . 180
Image Quality ........ ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ... 181
Paper Catalog ....... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... 181
SMart eSolutions... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... 183
SMart eSolutions Overview... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... 183
Configuration Planning ......... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... 183
Configuring SMart eSolutions........... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... .... 184
Viewing SMart eSolutions Information.. ..... ..... ........... ..... ..... ........... ..... ........... ..... .......... 185
Troubleshooting.... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... 186
Configuring Stored File Settings .. ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... .......... 190
Retrieving Stored Files........ ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ... 191
Setting Default Touch Screen Settings. ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... .. 192
Taking the Printer Offline ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... 193
Restarting the Device in the Embedded Web Server.... ..... ........... ..... ..... ...... ..... ..... ........... ..... 194
Changing the Power Saver Settings.... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ... 195
View Usage and Billing Information... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ... 196
Billing Information... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... .. 196
Usage Counters .... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... .......... 196
Enabling the Billing Impression Mode .. ........... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... 196
Cloning ...... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... . 197
Saving Device Settings . ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ... 197
Installing a Clone File . ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... .... 197
Public Address Book . ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .. 198
Address Book Options ... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .. 198
Editing the Public Address Book as a CSV File.. ........... ..... ..... ........... ..... ..... ........... ..... ..... 198
Importing an Address Book File . ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... 199
Adding, Editing, and Deleting Address Book Entries ........... ..... ..... ........... ..... ........... ..... ... 199
Font Management Utility.. ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... .... 201
Customizing Device Contact Information.......... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... .... 202
Updating the Device Software . ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... .. 203
Determining the Current Software Version . ..... ........... ..... ........... ..... ........... ..... ..... .......... 203
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
9
Table of Contents
Updating the Software .... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... .... 203
Date and Time Settings ........ ..... ..... ........... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... 204
Fax Speed Dial Setup Settings... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... .. 205
Watermarks and Annotations... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... .. 206
Creating a Watermark...... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ...... ..... ..... .......... 206
Creating a Universal Unique ID.. ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... .......... 206
Forced Annotations......... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... 206
Memory Settings ........ ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 208
Backup and Restore ... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... 209
Backing Up Device Settings.. ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... 209
Restoring Device Settings... ..... ..... ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... .. 209
Printer Management ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... .. 210
Exporting Job History ....... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... .......... 210
Automatically Deleting Held Jobs.. ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ....... 210
Locking the Printer.... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... . 210
11 Image Quality and Registration..................................................................................... 211
Image Quality and Calibration ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ... 212
Setting Image Quality for the Scanner . ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 212
Calibrating Image Color.... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ......... 213
Two-Sided Color Scanning Calibration.... ..... ........... ..... ........... ..... ........... ..... ..... ........... ... 214
Image Registration Adjustments.......... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... . 216
Adjusting Image Alignment .......... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... .. 216
Adjusting Fold Position. ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ......... 217
Simple Image Quality Adjustment (SIQA) Tools ... ........... ..... ........... ..... ........... ..... ........... ..... 221
Simple Image Quality Adjustment (SIQA) Tools Overview ......... ..... ..... ........... ..... ..... ...... 221
Accessing the SIQA Tools . ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ..... 221
Image Transfer Adjustment .... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ... 222
Auto Alignment Adjustment ... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ... 225
Density Uniformity Adjustment.. ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 227
12 Customization and Expansion........................................................................................ 229
Xerox®Extensible Interface Platform®... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... .... 230
Enabling Extensible Services.... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ... 230
Enabling Extensible Service Registration. ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ... 230
Customizing Apps on the Printer ... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ... 232
®
Xerox
Customizing Apps Available at the Control Panel........ ..... ..... ........... ..... ..... ........... ..... ..... 232
Setting Up Stored Programming ... ..... ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... .. 233
Enabling Stored Programming . ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ...... . 233
Setting the Audio Tones for Stored Programming Registration.. ........... ..... ..... ........... ..... . 233
Plug-ins and Kits . ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... .. 234
Enabling Plug-ins . ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... 234
Managing Plug-Ins... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... .. 234
Enabling Digital Signature Verification for Secure Plug-Ins ... ..... ........... ..... ........... ..... ..... 234
10
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
App Gallery ... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... . 232
Table of Contents
Auxiliary Interface Kit ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ..... 235
Setting Up the Inserter Module..... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ... 236
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
11
Table of Contents
12
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
About this Guide
This guide is designed for a System Administrator with network administrator rights who has knowledge of networking concepts as well as experience creating and managing network user accounts.
This guide will help you install, configure, and manage the device on a network.
Note:
Network features are not available if you are connected over USB.
Embedded fax features are not available for all device models.
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
13
14
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
1

Introduction

This chapter contains:
Configuration Steps ........ ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 16
More Information ...... ........... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... . 17
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
15
Introduction

Configuration Steps

When you configure the device for the first time, it is recommended that you follow these steps in this order:
Note: Most configuration settings are on the Properties tab in the Embedded Web Server. If
your device is locked, log in as a system administrator.
1. Connect an Ethernet cable from your device to the network.
2. Confirm that your device is recognized on your network. By default, the device is configured to receive an IP address from a DHCP server over a TCP/IP network.
3. To provide basic information, such as your location, time zone, and date and time preferences, complete the Installation Wizard.
4. Print a Configuration Report that lists the current configuration for the device. Review the report and locate the IP address for the device.
5. To access the Embedded Web Server, open a Web browser. In the address field, type the IP address of your device. The Embedded Web Server is administration and configuration software installed on the device.
6. Configure the Authentication settings.
7. Configure the Security settings.
8. Enable services in the Embedded Web Server.
9. Configure Print, Scan, and Fax features.
10. Configure the Accounting features.
16
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Introduction

More Information

Refer to the following sources for more information about your device and its capabilities.
Information Source
Installation Guide Packaged with the device.
Other documentation for your device Go to www.xerox.com/office/PLC9065_PLC9070support, then select
Technical support information for your device, including online technical support, Online Support Assistant, and print driver downloads.
Third-party and open-source software disclosure notices and terms and conditions
Online Support Assistant
Device Management Tools
your specific device model.
Recommended Media List
Information about menus or error messages
Information Pages
Order supplies for your device Go to www.xerox.com/office/PLC9065_PLC9070supplies, then
Local sales and Technical Customer Support
Local sales and customer support
Device registration www.xerox.com/office/register
United States: www.xerox.com/rmlna
Europe: www.xerox.com/rlmeu
View the Status area of the control panel touch screen.
To print from the control panel, touch DeviceInformation Pages or DeviceSupportSupport Pages.
To print from the Embedded Web Server, click HomeInformation Pages.
select your specific device model.
www.xerox.com/office/worldcontacts
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
17
Introduction
18
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
2

Initial Setup

This chapter contains:
Physical Connection . ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ...... ... 20
Initial Setup at the Control Panel ..... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... 21
Administrator Access at the Control Panel . ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 22
Manually Setting the Ethernet Interface Speed ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... 23
Viewing Services and Options.... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... .. 24
Embedded Web Server .... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ....... 25
Enabling Services and Options.. ..... ........... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ... 26
Changing the System Administrator Password..... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ... 27
Using the Configuration Overview Page . ..... ...... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ..... 28
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
19
Initial Setup

Physical Connection

To connect your device:
1. Connect the power cord to the device, then plug the power cord into an electrical outlet.
2. Connect one end of a Category 5 or better Ethernet cable to the Ethernet port in the back of the device. Connect the other end of the cable to a correctly configured network port.
3. If you purchased and installed the Fax Hardware Kit, connect the device to a correctly configured telephone line.
4. Power on the device.
20
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Initial Setup

Initial Setup at the Control Panel

TThhee IInnssttaallllaattiioonn WWiizzaarrdd
The first time that you power on the device, the Installation Wizard starts. The wizard prompts you with a series of questions to help you configure the following basic settings for your device:
Current date and time
Local time zone
Certification, system access level, SMTP, and LDAP
CCoonnffiigguurraattiioonn RReeppoorrtt
After you complete the Installation Wizard, you can obtain a Configuration Report. The Configuration Report lists the current settings for the device.
PPrriinnttiinngg tthhee CCoonnffiigguurraattiioonn RReeppoorrtt
To print a configuration report:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Device Information tab. For details, refer to Administrator Access at the Control Panel.
2. Touch Print Reports.
3. Touch Printer Reports.

4. Touch Configuration Report, then press the Start button.

Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
21
Initial Setup

Administrator Access at the Control Panel

To configure the device from the control panel, press the Machine Status button, then touch the Tools tab. If the device is locked, log in as Administrator.
To log in as Administrator:
1. At the device control panel, press the Log In/Out button.
2. Type admin, then touch Next.
3. Type the administrator password, then touch Enter.
Note: The original password is the device serial number. When the administrator password
is set to the device serial number, administrator functions are not accessible. If the administrator password is set to the device serial number, at the next administrator login attempt, you are prompted to change the administrator password. After you change the administrator password, you have full access to administrator privileges.
To log out, touch Admin, then touch Logout. On the new screen, touch Logout.
LLoocckkiinngg oorr UUnnlloocckkiinngg tthhee DDeevviiccee
To lock or unlock the device:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch Authentication / Security SettingsSystem Administrator SettingsSystem Administrator’s Login ID.
3. To lock the device, touch On. To unlock the device, touch Off. If you touched On, touch Keyboard, then type the System Administrator Login ID. Touch Save. Touch Keyboard, type the Login ID again, then touch Save.
To confirm the change, touch Yes.
4. Touch Save.
22
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Initial Setup

Manually Setting the Ethernet Interface Speed

The device Ethernet interface detects the speed of your network automatically. If your network is connected to another auto-sensing device, such as a hub, it is possible that the hub does not detect the correct speed. To ensure that the device has detected the correct speed of your network, refer to the Configuration Report. To view the Configuration Report, refer to Printing the Configuration Report.
To set the device Ethernet interface speed manually:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel
2. Touch System SettingsConnectivity & Network SetupProtocol Settings.
3. Touch Ethernet Settings, then touch Change Settings.
4. Touch Ethernet - Rated Speed, then touch Change Settings.
5. To match the speed set on your hub or switch, select the speed.
6. Touch Save, then touch Close.
AAssssiiggnniinngg aa NNeettwwoorrkk AAddddrreessss
By default, the device acquires a network address from a DHCP server automatically. To assign a static IP address, configure DNS server settings, or configure other TCP/IP settings, refer to TCP/IP.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
23
Initial Setup

Viewing Services and Options

To view the services and options that are enabled or installed:
1. At the device control panel, press the Machine Status button, then touch the Device Information tab.
2. Touch Device Configuration.
The Device Configuration screen appears.
3. To close the Device Configuration screen, touch Close.
24
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Initial Setup

Embedded Web Server

The Embedded Web Server allows you to configure and administer the device from a Web browser on any computer.
AAcccceessssiinngg tthhee EEmmbbeeddddeedd WWeebb SSeerrvveerr
Before you begin:
Ensure that TCP/IP and HTTP are enabled. A TCP/IP or HTTP connection is required to access the
Embedded Web Server. For details, refer to Enabling TCP/IP.
To determine the device IP address, do one of the following:
Obtain a Configuration Report. For details, refer to Printing the Configuration Report.
At the control panel, press the Machine Status button.
To access the Embedded Web Server:
1. At your computer, open a Web browser.
2. Type the device IP address in the address field. Press Enter. The Status page of the Embedded Web Server appears.
You can access the device using a combination of the host name and the domain name as
the Internet address. A DNS (Domain Name System) is required. The DNS server requires that the device host name is registered.
To specify a port number, for the IP address, type : and the port number.
3. Click the Properties tab.
4. If prompted, type the user name and password for the administrator account, then click Sign in.
Note: The default administrator user name is admin and the original password is the
device serial number. When the administrator password is set to the device serial number, administrator functions are not accessible. If the administrator password is set to the device serial number, at the next administrator login attempt, you are prompted to change the administrator password. After you change the administrator password, you have full access to administrator privileges.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
25
Initial Setup

Enabling Services and Options

Some services and options are disabled by default. To enable these special services and options, use the device control panel or the Embedded Web Server.
EEnnaabblliinngg SSeerrvviicceess aanndd OOppttiioonnss aatt tthhee CCoonnttrrooll PPaanneell
To enable services and options at the device control panel:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch System SettingsCommon Service SettingsMaintenance.
3. Touch Software Options.
4. Touch Keyboard.
5. Type the code, then touch Save.
6. Touch Close.
EEnnaabblliinngg FFeeaattuurreess iinn tthhee EEmmbbeeddddeedd WWeebb SSeerrvveerr
To enable services and options in the Embedded Web Server:
1. In the Embedded Web Server, click PropertiesSecurityFeature Enablement.
2. For Unique Function Code, type the required information.
3. Click Apply.
4. Click Reboot.
26
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Initial Setup

Changing the System Administrator Password

For security purposes, after you configure the device, it is recommended that you change the default system administrator password. Store the password in a secure location.
To change the Administrator password:
1. In the Embedded Web Server, click PropertiesSecuritySystem Administrator Settings.
2. If required, change the login credentials for Administrator’s Login ID.
3. For Administrator's Passcode, type the new password.
4. Retype the password.
5. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
27
Initial Setup

Using the Configuration Overview Page

In the Embedded Web Server, the Configuration Overview page provides shortcuts to commonly accessed pages on the Properties tab. To access the Configuration Overview page, click PropertiesConfiguration Overview.
AAssssiiggnniinngg aa NNaammee aanndd LLooccaattiioonn ttoo tthhee DDeevviiccee
On the Description page, you can assign a name and location to the device for future reference.
To assign a device name and location:
1. In the Embedded Web Server, click PropertiesDescription.
2. For Device Name, type a name for the device.
3. For Location, type the location of the device.
4. In the fields provided, type the Administrator contact information and the device email address, as needed.
5. Click Apply.
28
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
3

Network Connectivity

This chapter contains:
TCP/IP ..... ........... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ... 30
SNMP ... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... . 35
LPD... ..... ........... ..... ..... ........... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... 38
Raw TCP/IP Printing .... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... 39
SMTP ........... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ..... 40
LDAP.... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ....... 42
POP3 .... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... . 45
HTTP ... ...... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 46
Proxy Server.... ........... ..... ........... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... . 47
Microsoft Networking......... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 48
IPP........... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ... 49
Universal Plug and Play Discovery . ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ... 50
SSDP.. ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .... 51
WebDAV .... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 52
WSD .... ...... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 53
FTP ....... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... . 54
Google Cloud Print ...... ..... ..... ........... ..... ..... ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... 55
Bonjour Multicast DNS........ ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ... 56
AirPrint .. ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... 57
Mopria... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... 59
SOAP . ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 60
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
29
Network Connectivity

TCP/IP

Transmission Control Protocol (TCP) and Internet Protocol (IP) are two protocols within the Internet Protocol Suite. IP manages the transmission of messages from computer to computer, while TCP manages the actual end-to-end connections.
EEnnaabblliinngg TTCCPP//IIPP
Note: TCP/IP is enabled by default. If you disable TCP/IP, to access the Embedded Web Server,
at the device control panel, enable TCP/IP.
To enable TCP/IP:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch System SettingsConnectivity & Network SetupProtocol Settings.
3. Touch TCP/IP - Common Settings, then touch Change Settings.
4. Select the item you want to change, then touch Change Settings.
5. Touch IPv4 Mode or IPv6 Mode. To enable both IPv4 and IPv6, touch Dual Stack.
6. Touch Save.
7. Touch Close.
CCoonnffiigguurriinngg TTCCPP//IIPP SSeettttiinnggss aatt tthhee CCoonnttrrooll PPaanneell
MMaannuuaallllyy CCoonnffiigguurriinngg aann IIPPvv44 NNeettwwoorrkk AAddddrreessss
To configure an IPv4 network address:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch System SettingsConnectivity & Network SetupProtocol Settings.
3. Select TCP-IP - Network Settings, then touch Change Settings.
4. Select IPv4 - IP Address Resolution, then touch Change Settings.
5. Touch Static, then touch Save.
6. Touch IPv4 - IP Address, then touch Change Settings.
7. Using the touch-screen keypad, type the static IP address, then touch Save.
8. Touch IPv4 - Subnet Mask, then touch Change Settings.
9. Using the touch-screen keypad, type the subnet mask, then touch Save.
10. Touch IPv4 - Gateway Address, then touch Change Settings.
11. Using the touch-screen keypad, type the gateway address, then touch Save.
12. Touch Close.
30
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity
MMaannuuaallllyy CCoonnffiigguurriinngg aann IIPPvv66 NNeettwwoorrkk AAddddrreessss
To configure an IPv6 network address:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch Connectivity & Network SetupProtocol Settings.
3. Touch TCP/IP - Network Settings, then touch Change Settings.
4. Touch IPv6 Address Manual Configuration, then touch Change Settings.
5. Touch Enabled, then touch Save.
6. Touch Manually Configured IPv6 Address, then touch Change Settings.
7. Using the touch-screen keypad, type the static IP address, then touch Save.
8. Touch Manually Configured IPv6 Address Prefix, then touch Change Settings.
9. Using the touch-screen keypad, type the prefix, then touch Save.
10. Touch Manually Configured IPv6 Address Gateway, then touch Change Settings.
11. Using the touch-screen keypad, type the gateway address, then touch Save.
12. Touch Close.
CCoonnffiigguurriinngg IIPPvv44 DDyynnaammiicc AAddddrreessss SSeettttiinnggss
To configure IPv4 dynamic address settings:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch System SettingsConnectivity & Network SetupProtocol Settings.
3. Touch TCP/IP - Network Settings, then touch Change Settings.
4. Touch IPv4 - IP Address Resolution, then touch Change Settings.
5. Touch DHCP, BOOTP, DHCP/AutoIP, or STATIC, then touch Save.
6. Touch Close.
CCoonnffiigguurriinngg IIPPvv66 DDyynnaammiicc AAddddrreessss SSeettttiinnggss
To configure IPv6 dynamic address settings at the control panel:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch System SettingsConnectivity & Network SetupProtocol Settings.
3. Touch TCP/IP-Network Settings, then touch Change Settings.
4. Touch IPv6 Address Manual Configuration, then touch Change Settings.
5. Touch Disabled, then touch Save.
6. To view the acquired IPv6 address information, touch Automatically Configured IPv6 Address, then touch Change Settings.
7. Touch Close.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
31
Network Connectivity
CCoonnffiigguurriinngg DDNNSS aanndd DDDDNNSS SSeettttiinnggss
Domain Name System (DNS) and Dynamic Domain Name System (DDNS) are systems that map host names to IP addresses.
To configure DNS settings at the control panel:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch System SettingsConnectivity & Network SetupProtocol Settings.
3. Touch TCP/IP - Network Settings, then touch Change Settings.
4. Touch IPv4 DNS Server Setup, or IPv6 DNS Server Setup, then touch Change Settings.
5. Do one of the following:
To allow your DHCP server to provide the DNS server address, touch Get IP Address from
DHCP, then touch Change Settings. Touch Enabled, then touch Save.
To provide the DNS server address manually, touch Preferred DNS Server IP Address, then
touch Change Settings. Type the DNS server address, then touch Save.
6. Touch Close.
CCoonnffiigguurriinngg TTCCPP//IIPP SSeettttiinnggss iinn tthhee EEmmbbeeddddeedd WWeebb SSeerrvveerr
If your device has a valid network address, you can configure TCP/IP settings in the Embedded Web Server.
CCoonnffiigguurriinngg SSeettttiinnggss ffoorr IIPPvv44
You can use IPv4 in addition to, or in place of, IPv6.
Note: If both IPv4 and IPv6 are disabled, you cannot access the Embedded Web Server. Before
you can access the Embedded Web Server, at the device control panel, re-enable TCP/IP.
Disabling TCP/IP or changing the IP address disables any dependent protocols.
To configure settings for IPv4:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsTCP/IP.
Note: IPv4 is enabled by default.
2. Type a unique host name for your device.
3. From the IP Address Resolution menu, select the method for obtaining a dynamic IP address, or to define a static IP address, select Static.
4. If you selected Static, type the appropriate information in the following fields: IP Address, Subnet Mask, and Gateway Address.
Note: If you select BOOTP or DHCP, you cannot change the IP Address, Subnet Mask, or
Gateway Address.
5. In the Domain Name field, type a valid domain name.
6. Click Apply.
32
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity
DDNNSS CCoonnffiigguurraattiioonn ffoorr IIPPvv44
To configure settings for IPv4:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsTCP/IP.
2. To allow your DHCP server to provide the DNS server address, in the DNS Configuration area, for Obtain DNS Server Address Automatically, select Enabled. To provide the DNS server address manually, clear the check box. For Preferred DNS Server, Alternate DNS Server 1, and Alternate DNS Server 2, type the appropriate IP addresses.
Note: If DHCP or BOOTP is the IP Address Resolution setting, you cannot change the
Domain Name, Primary DNS Server, Alternate DNS Server 1, and Alternate DNS Server 2
settings.
3. To register the device host name in the DNS server, for Dynamic DNS Registration (DDNS), select
Enabled. To replace existing entries in the DNS server, select Overwrite.
Note: If your DNS Server does not support dynamic updates, you do not need to enable
DDNS.
4. To instruct the device to generate a list of search domains, for Generate Domain Search List Automatically, select Enabled. If this option is disabled, type the domain names.
5. For Connection Timeout, type the number of seconds allowed until the device stops attempting to connect to the server.
6. To instruct the device to release its IP address when the device restarts, for Release Current IP Address When the Host is Powered Off, select Enabled.
7. Click Apply.
CCoonnffiigguurriinngg SSeettttiinnggss ffoorr IIPPvv66
IPv6 hosts can configure themselves automatically when connected to a routed IPv6 network using the Internet Control Message Protocol Version 6 (ICMPv6). ICMPv6 performs error reporting for IP, along with other diagnostic functions. When first connected to a network, a host sends a link-local multicast router solicitation request for configuration parameters. If suitably configured, routers respond to the request with a router advertisement packet containing network-layer configuration parameters.
Note:
IPv6 is optional. You can use IPv6 in addition to, or in place of, IPv4. If both protocols are disabled, you cannot access the Embedded Web Server. The host name is the same for IPv4 and IPv6. If you change the host name for IPv6, the host name also changes for IPv4.
If both IPv4 and IPv6 are disabled, you cannot access the Embedded Web Server. Before you can access the Embedded Web Server, at the device control panel, re-enable TCP/IP. If you disable TCP/IP or change the IP address, any dependent protocols are disabled.
To configure settings for IPv6:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsTCP/IP.
2. For IP Mode, select IPv6, or to use both IPv4 and IPv6, select Dual Stack. By default, IPv6 is
disabled.
3. Type a unique Host Name for the device.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
33
Network Connectivity
4. To assign an address manually, for Enable Manual Address, select Enabled. Type the IP Address
and Gateway Address.
5. To allow your DHCP server to assign an IP address to the device, for Get IP Address from DHCP,
select Enabled.
6. Type the required Domain Name.
7. Click Apply.
Note: If you enable or disable IPv6, when you click Apply, the device restarts.
DDNNSS CCoonnffiigguurraattiioonn ffoorr IIPPvv66
To configure settings for IPv6:
1. In the Embedded WebServer, click PropertiesConnectivityProtocolsTCP/IP.
2. Select a method for obtaining the DNS server address:
To allow the DHCP server to provide the DNS server address automatically, for DHCPv6–Lite,
select Enabled.
To specify the DNS server addresses manually, for DHCPv6–Lite, clear the check box for
Enabled. Type the IP addresses of the Preferred DNS Server, the Alternate DNS Server 1, and the Alternate DNS Server 2.
3. To register the device host name in the DNS server, for Dynamic DNS Registration, select
Enabled. To replace the existing DNS entry, for Dynamic DNS Registration, select Overwrite.
4. To generate the domain search list automatically, for Generate Domain Search List
Automatically, select Enabled.
5. For Domain Name 1, Domain Name 2, and Domain Name 3, type the domain names.
6. For Connection Timeout, type the number of seconds allowed until the device stops attempting to connect to the server.
7. To use IPv6 before using IPv4 to resolve DNS, for DNS Resolution via IPv6 First, select Enabled.
8. To instruct the device to release the IP address when the device restarts, for Release Current IP Address When the Host is Powered Off, select Enabled.
9. Click Apply.
ZZeerroo--CCoonnffiigguurraattiioonn NNeettwwoorrkkiinngg
To support zero-configuration networking, the printer assigns a self-signed address automatically. The self-signed address is for IPv4, IPv6, or both, for a dual-stack configuration. If the printer cannot connect to a DHCP server to obtain an IP address, the printer assigns itself a Link-Local address.
34
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity

SNMP

Simple Network Management Protocol (SNMP) is used in network management systems to monitor network-attached devices for conditions that require administrative attention. SNMP consists of a set of standards for network management, including an application layer, a database schema, and a set of data objects. Agents, or software modules, reside in the SNMPv3 engine of the device. A manager is an SNMPv3 management application such as OpenView, that is used to monitor and configure devices on the network. The agent responds to read (GET) requests and write (SET) requests from the manager. The agent can generate alert messages, or traps, based on certain events.
You can configure SNMP settings in the Embedded Web Server. You can enable or disable Authentication Failure Generic Traps on the device. To create an encrypted channel for secure device management, you can enable SNMPv3.
EEnnaabblliinngg SSNNMMPP
To enable SNMP:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. For SNMP, select Enabled.
3. To enable the UDP transport protocol if necessary, for UDP, select Enabled.
4. Click Apply.
CCoonnffiigguurriinngg SSNNMMPP
To configure SNMP settings:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsSNMP Configuration.
2. For SNMP Properties, select Enable SNMP v1/v2c Protocols, or Enable SNMP v3 Protocol. To use SNMPv3, enable and configure HTTPS.
3. To allow remote management servers to change SNMP settings on the device, select Allow Write.
4. To instruct the device to generate a trap for every SNMP request received by the device that contains an invalid community name, for Authentication Failure Generic Traps, select Enabled.
5. Click Apply.
Note: If you do not click Apply, the protocol remains disabled.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
35
Network Connectivity
EEddiittiinngg SSNNMMPP vv11//vv22cc PPrrooppeerrttiieess
Note:
For security purposes, Xerox recommends that you change the SNMP v1/v2c public and private community names from the default values.
Ensure that the GET or SET community names in each application that uses SNMP to communicate with this device match the corresponding names on the device.
To edit SNMP v1/v2c properties:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsSNMP Configuration.
2. For SNMP Properties, click Edit SNMP v1/v2c Properties.
3. For Community Name (Read Only), type a name up to 256 characters, or use the default value of public.
GET returns the password for the SNMP GET requests to the device. Applications that use SNMP to obtain information from the device, such as the Embedded Web Server, use this password.
4. For Community Name (Read / Write), type a name up to 256 characters, or use the default value of private.
SET returns the password for the SNMP SET requests to the device. Applications that use SNMP to set information on the device use this password.
5. For Trap Community Name, type a name up to 256 characters for the default, or use the default value of SNMP_TRAP.
Note: The Default Trap Community Name is used to specify the default community name
for all traps generated by this device. The Trap Community Name specified for each individual trap destination address can override the Default Trap Community Name. The Trap Community Name for one address can differ from the Trap Community Name specified for another address.
6. For the System Administrator's Login ID field, type the administrator login credentials.
7. Click Apply.
EEddiittiinngg SSNNMMPP vv33 SSeettttiinnggss
Note: Before you can enable SNMPv3, ensure that a digital certificate is installed on the device
and that HTTPS is enabled. For details, refer to Installing a Digital Certificate and Enabling
HTTP.
To edit SNMP v3 properties:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsSNMP Configuration.
2. For SNMP Properties, click Edit SNMP v3 Properties.
3. To create the administrator account, for Administrator Account, click Account Enabled.
4. Type an Authentication Password, then confirm it. The Authentication Password must be at least eight characters in length and can include any characters, except control characters. The Authentication Password is used to generate a key for authentication.
36
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity
5. Type a Privacy Password, then to confirm, type the Privacy Password again. The Privacy Password is used for encryption of SNMPv3 data. The password used for data encryption must match the password for the server.
6. For Print Drivers / Remote Clients Account, click Account Enabled.
7. To reset the password, for Reset to default Password, click Reset.
8. Click Apply.
AAddddiinngg IIPP TTrraapp DDeessttiinnaattiioonn AAddddrreesssseess
To configure IP trap destinations:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsSNMP Configuration.
2. At the bottom of the page, click Advanced.
3. For Trap Destination Addresses, click Add UDP IPv4 Address or Add UDP IPv6 Address.
4. Type the IP address of the host running the SNMP manager application that is to receive traps.
Note: Port 162 is the port for UDP and is the default port for traps. Select v1 or v2c based
on which protocol the trap-receiving system supports.
5. For Traps, select the type of traps that the SNMP manager receives.
6. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
37
Network Connectivity
LPD
The Line Printer Daemon (LPD) protocol is used to provide print spooling and network print-server functionality for operating systems such as HP-UX, Linux
Note: For information on setting up print queues on your client system, refer to the
documentation for your client system.
®
, and MAC OS X.
EEnnaabblliinngg LLPPDD
To enable the LPD protocol:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. For LPD, select Enabled.
Note: Disabling LPD affects clients printing to the device over TCP/IP using the LPR
printing port.
3. Click Apply.
CCoonnffiigguurriinngg LLPPDD
To configure the Line Printer Daemon protocol:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsLPD.
2. Type an LPD port number or use the default port number, 515.
3. For Connection Timeout, type the timeout information.
4. For Maximum Number of Sessions, type a number.
5. If required, for TCP-MSS Mode, select Enabled.
6. If TCP-MSS mode is enabled, for IPv4, type the IP addresses for Subnet 1, Subnet 2, and Subnet 3.
Note: TCP-MSS settings are common for LPD and Port 9100.
7. Click Apply.
38
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity

Raw TCP/IP Printing

Raw TCP/IP is a printing method used to open a TCP socket-level connection over Port 9100. This connection is used to stream a print-ready file to the device input buffer. The connection closes after sensing an End-Of-Job character in the PDL or after the expiration of a preset timeout value. Port 9100 does not require an LPR request from the computer or the use of an LPD running on the device. In Windows, the Standard TCP/IP port is port 9100.
EEnnaabblliinngg PPoorrtt 99110000
Note: Before you enable Port 9100, enable TCP/IP.
To enable port 9100:
1. In the Embedded Web Server, click ConnectivityPort Settings.
2. For Port 9100, select Enabled.
3. Click Apply.
CCoonnffiigguurriinngg PPoorrtt 99110000
To configure port 9100:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsPort 9100.
2. If necessary, for TCP-MSS Mode, select Enabled.
Note: TCP-MSS settings are common for LPD and Port 9100.
3. If TCP-MSS mode is enabled, for IPv4, type the IP addresses for Subnet 1, Subnet 2, and Subnet 3.
4. Ensure that the TCP Port Number is set to 9100.
5. To set the number of seconds before the device processes a job with an End-of-Job character, set the End of Job Timeout to the needed number of seconds between 0–65535. The default time is 300 seconds.
6. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
39
Network Connectivity

SMTP

The device email feature uses Simple Mail Transfer Protocol (SMTP) to deliver scanned images and Internet Fax jobs through email. After you enable SMTP, the email button is enabled on the device control panel.
CCoonnffiigguurriinngg SSMMTTPP SSeerrvveerr SSeettttiinnggss
To configure SMTP server settings:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsSMTP ServerGeneral.
2. For SMTP Server Setup, select the needed method to locate an SMTP server.
To map to a specific SMTP server, select STATIC.
To allow DNS to automatically find an SMTP server on the network, select From DNS.
Note: If you select From DNS, before you can define the SMTP server, ensure that DNS is
configured for either IPv4 or IPv6.
3. Type the SMTP server IP address or host name.
4. Type the port numbers for sending email, sending Internet Fax, and for receiving email. The default port number is 25.
5. For SMTP - SSL / TLS Communication, select an option.
6. Type the Device’s Email Address.
7. Click Apply.
CCoonnffiigguurriinngg OOppttiioonnaall SSMMTTPP SSeettttiinnggss
To configure optional SMTP settings:
To improve transmission speed, you can set messages for fragmentation 2–500 times. To enable
message fragmentation, for Split Send, select Enabled.
To set the number of fragments per message, for Maximum Split Count, type a value 2–500.
To select how the email jobs are split, for Split Send Method, select one of the following:
Split into Pages: If you select this option, the mail client does not reassemble the job on
receipt.
Split by Data Size: If you select this option, the mail client is required to reassemble the job
on receipt.
To define a maximum message size for messages with attachments, for Maximum Data Size per
Email type a value 512–20480 Kbytes. The default size is 10240 Kbytes.
To set a maximum job size, for Maximum Total Data Size, type a value 512–2000000 Kbytes.
To have the device authenticate itself using the Login Name and Password set up on this page, for
Login Credentials for the Device to access the SMTP Server to send automated Emails, select an option:
40
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity
None: If you select this option, the device does not provide authentication credentials to the
SMTP server.
SMTP AUTH: If you select this option, type the Login Name and Password, then retype the
password.
If authentication is enabled and the device is configured to require users to log in before they can
access email, to use the credentials of the user to access the SMTP server, for Login Credentials for Email Send, select Remotely Authenticated User. To allow the field to default to the same setting that you selected for sending automated email messages, select System.
For When Remotely Authenticated User Fails to Log In, select an option:
Cancel Email Send: This option cancels the email transfer.
Relogin using System Data: This option allows the device to log in the user using stored
credentials. If login is successful, the device sends the email.
Click Apply.
PPeerrffoorrmmiinngg aann SSMMTTPP SSeerrvveerr CCoonnnneeccttiioonn TTeesstt
To perform the connection test:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsSMTP ServerConnection Test.
2. In the Connection Test Email area, type your email address.
3. Click Send Email.
You can view the test result in the Email Delivery Status area. You can find the email that was sent from the device in the email for the Connection Test Email address that you provided.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
41
Network Connectivity

LDAP

Lightweight Directory Access Protocol (LDAP) is a protocol used to process queries and updates to an information directory, also known as an LDAP directory, stored on an external server. LDAP directories are optimized heavily for read performance. Use this page to define how the device retrieves user information from an LDAP directory.
CCoonnffiigguurriinngg LLDDAAPP SSeerrvveerr SSeettttiinnggss
To configure LDAP server settings:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsLDAPLDAP Server.
2. For Server Information, type the appropriately formatted main and backup LDAP server addresses, host names, and port numbers. The default port number is 389.
3. For LDAP Server, select the type of LDAP server.
4. In the Optional Information area, specify settings, as needed:
a. For Search Directory Root, type the search directory root path using Base DN format.
b. For Login Credentials to Search Entries, select Remotely Authenticated User, or System.
c. If necessary, type the login name, then type and retype the password.
d. For Maximum Number of Search Results, type the maximum number of addresses that can
be returned matching the search criteria. Type a number between 5-100.
e. For Search Timeout, select Use LDAP Server Timeout or Wait. If you select Wait, type a
duration between 5-120 seconds.
f. If your primary LDAP server is connected to other LDAP servers, to include the servers in your
searches, for LDAP Referrals, select Enabled.
g. For LDAP Referral Hop Limit, type the maximum number of consecutive LDAP referrals.
Specify a limit between 1-5.
5. In the Perform Query on area, select an option if necessary:
Mapped Name Field: This option specifies how the fields are mapped.
Surname and Given Name Fields: This option searches for the last name and first name of
the user.
6. Click Apply.
42
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity
DDeeffiinniinngg UUsseerr MMaappppiinnggss
LDAP servers provide different results to search queries depending on how user data is mapped. Editing the mapping allows you to fine-tune server search results.
Note: If you are using Internet Fax, ensure that the Internet Fax field is not set to No attribute
type that can be used. This setting prevents the LDAP Address Book from appearing on the
Internet Fax screen on the device control panel. For the Internet Fax setting, select Mail.
To define LDAP user mappings:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsLDAPLDAP User Mappings.
The information that you entered on the LDAP Server tab is summarized in the Server Information area.
2. To send a test query, in the User Name field, type the name of the user for whom you want to search, then click Search. Any matching user information appears.
3. If necessary, to remap fields, for Imported Heading, use the menus.
Note: Headings are defined by your LDAP server schema.
4. Click Apply.
CCoonnffiigguurriinngg LLDDAAPP CCuussttoomm FFiilltteerrss
To configure LDAP filters:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsLDAPCustom Filters.
2. In the User ID Query Filter field, type the LDAP search string or filter that you want to apply.
Note:
The filter defines a series of conditions that the LDAP search must fulfill to return the information you want.
The search string should be formatted as LDAP objects inside of parentheses. For example, to find the user with a sAMAccountName of Bob, type (objectClass= user) (sAMAccountName=Bob).
3. For Email Address Book Filter, select Enable Filter.
4. In the Email Address Book Filter field, type the LDAP search string or filter that you want to apply.
Note: Format the search string as LDAP objects placed inside parentheses. For example, to
find all users that have an email attribute (mail enabled), type (objectClass=
user) (mail=*).
5. For Fax Address Book Filter, select Enable Filter. Then type the LDAP search string or filter that
you want to apply.
6. For Internet Fax Address Book Filter, select Enable Filter. Then type the LDAP search string or
filter that you want to apply.
7. Click Apply.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
43
Network Connectivity
PPeerrffoorrmmiinngg aann LLDDAAPP CCoonnnneeccttiioonn TTeesstt
To perform the LDAP connection test:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsLDAPConnection Test.
2. Type a name for the test.
3. Click Search.
The test results appear in Search Result area.
44
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity

POP3

Post Office Protocol, version 3 (POP3) allows email clients to retrieve email from remote servers over TCP/IP on network port 110. This device uses POP3 for the Internet Fax service.
To configure POP3:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsPOP3 Setup.
2. Type the appropriately formatted IP address, host name, and port number. The default port number is 110.
3. If required, for POP Receive Password Encryption, select APOP Authentication.
4. For Login Name, type the name assigned to the device for logging in to the POP3 server.
5. Type a password. Retype the password.
6. To enable POP3 - SSL / TSL Communication, select Enabled.
7. For Polling Interval, type a value from 1–120 minutes. The default value is 10 minutes.
8. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
45
Network Connectivity

HTTP

Hypertext Transfer Protocol (HTTP) is a request-response standard protocol between clients and servers. Clients making HTTP requests are referred to as User Agents (UAs). Servers responding to the HTTP requests for resources, such as HTML pages, are referred to as origin servers. There can be any number of intermediaries, such as tunnels, proxies, or gateways between UAs and origin servers.
EEnnaabblliinngg HHTTTTPP
HTTP is enabled by default. If you disable HTTP, before you can access the Embedded Web Server, re­enable HTTP at the device.
To enable HTTP:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch System SettingsConnectivity & Network SetupPort Settings.
3. Touch Internet Services (HTTP), then touch Change Settings.
4. Touch Port Status, then touch Change Settings.
5. Touch Enabled, then touch Save.
6. Touch Close.
CCoonnffiigguurriinngg HHTTTTPP SSeettttiinnggss
To configure HTTP settings:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsHTTP.
2. For Maximum Number of Sessions, change the number as needed. The default is 5.
3. To use cross-site request forgery protection, for CSRF Protection, select Enabled.
4. Type the port number. The default is 80.
5. You can encrypt HTTP communication between the device and client computers using the Embedded Web Server, including data sent using IPSec, SNMP, and Audit Log. To encrypt HTTP communication, for Secure HTTP (SSL), select Enabled. Ensure that a digital certificate is installed on the device.
6. For Secure HTTP Port Number, type the port number. When Secure HTTP is enabled, HTTP traffic is routed to this port. The default is 443.
7. For Connection Timeout, type the number of seconds until the connection times out.
8. Click Apply.
46
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity

Proxy Server

A proxy server acts as a go-between for clients seeking services and servers that provide the services. The proxy server filters client requests. If the client requests conform to the filtering rules, the proxy server grants the request and allows the connection.
A proxy server has two main purposes:
The proxy server keeps any devices behind it anonymous for security purposes.
The proxy server decreases the amount of time needed to access a resource by caching content,
such as web pages from a web server.
Note: Proxy server settings are used for Xerox®Remote Print Services, formerly called SMart
eSolutions.
To configure proxy server settings:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsProxy Server.
2. In the General area, for Use Proxy Server, select Enabled.
3. For Proxy Server Setup, select an option:
Same Proxy for All Protocols: Select this option to apply the same proxy settings for HTTP
and HTTPS.
Different Proxy for Each Protocol: Select this option to apply one proxy setting for HTTP and
a different proxy setting for HTTPS.
Use Automatic Proxy Configuration Script: Select this option to use a specific script that you
define.
Automatically Detect Settings: Select this option to detect proxy settings automatically.
4. For Addresses to Bypass Proxy Server, type any Web addresses or domains that you want to bypass the proxy server. For example, type the address of your company intranet site.
5. In the HTTP Server area, type the Server Name and Port Number. The factory default port number is 8080.
Note: Ensure that the port number that you set for the device matches the port number
that the server is configured to use for this proxy.
6. If your proxy server is configured to require authentication, for Authentication, select Enabled, then type a Login Name and Password. Retype the password.
7. To use a different proxy server for HTTPS, type the server information in the HTTPS Server area. The default port number is 8080.
8. To use an automatic proxy configuration script, type the URL for the script in the Use Automatic Proxy Configuration Script area.
9. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
47
Network Connectivity

Microsoft Networking

CCoonnffiigguurriinngg WWIINNSS
When running Windows Internet Naming Service (WINS), the device registers the IP address and NetBIOS host name with a WINS server. WINS allows users to communicate with the device using the host name only.
To configure primary and secondary WINS servers:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsMicrosoft Networking. The SMB client page opens.
2. To allow your DHCP server to provide your WINS server address to the device, for Obtain WINS Server Address Automatically, select DHCP.
3. If you want to provide the WINS server address manually, for the Primary Server IP Address field, type the address.
4. If needed, for the Secondary Server IP Address field, type the secondary WINS server address.
5. Click Apply.
48
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity
IPP
Internet Printing Protocol (IPP) is used for remote printing and managing print jobs.
EEnnaabblliinngg IIPPPP
To enable IPP:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. For IPP, select Enabled.
3. Click Apply.
CCoonnffiigguurriinngg IIPPPP
To configure IPP printing:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsIPP.
2. For Add Port Number (IPP), type the port number for IPP.
3. For Add Port Number (IPPS), type the port number for Secure IPP.
4. To enable the TBCP Filter, select Enabled.
5. To allow only one specific user to control or delete any print job, for Administrator Mode, select Enabled.
6. Type the Connection Timeout period. The default is 60 seconds.
7. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
49
Network Connectivity

Universal Plug and Play Discovery

The Universal Plug and Play Protocol (UPnP) network protocol allows devices in a TCP/IP network to discover each other. Devices can establish connections for data sharing and communications. You can configure the device to use the Simple Service Discovery Protocol in the UPnP network. For details, refer to SSDP.
EEnnaabblliinngg UUPPnnPP
To enable UPnP:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. For UDP, UPnP Discovery, and SOAP, select Enabled.
3. Click Apply.
CCoonnffiigguurriinngg UUPPnnPP
To configure UPnP:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsUPnP Discovery.
2. Type a port number. Port 1900 is the standard port for UPnP.
3. Click Apply.
50
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity

SSDP

The Simple Service Discovery Protocol (SSDP) can be used in Universal Plug and Play networks. When SSDP is enabled on the printer, the printer advertises itself to other Universal Plug and Play (UPnP) clients in the network. For example, the printer advertises itself to personal computers.
To configure SSDP:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsSSDP.
2. For SSDP Port Status, click Enabled.
3. For Valid Advertising Period, type an interval value from 60–4320 minutes.
Note: The device advertises itself to other devices in the network using the advertising
period. The default is every 180 minutes.
4. For Maximum TTL, type a value from 1–10.
Note: Maximum TTL allows the device to reach Universal Plug and Play (UPnP) devices in
other subnetworks. The time-to-live (TTL) value specifies the number of routers through
which an SSDP message can pass.
5. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
51
Network Connectivity

WebDAV

Web-based Distributed Authoring and Versioning (WebDAV) is a set of extensions to HTTP that allow users to edit and manage files collaboratively on remote Web servers. WebDAV enablement is required to use Network Scan Utility 3.
EEnnaabblliinngg WWeebbDDAAVV
To enable WebDAV:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. For WebDAV, select Enabled.
3. Click Apply.
CCoonnffiigguurriinngg WWeebbDDAAVV
To configure WebDAV settings:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsWebDAV.
2. Type the Port Number.
3. Type the Connection Timeout period. The default is 30 seconds.
4. Click Apply.
52
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity
WSD
Web Services for Devices (WSD) is technology from Microsoft that provides a standard method for discovering and using network-connected devices. WSD is supported in all of the current Windows and Windows Server operating systems. WSD is one of several supported communication protocols.
EEnnaabblliinngg WWSSDD
To enable the WSD protocol:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. To enable the WSD print service, for WSD Print, select Enabled.
3. To enable the WSD scan service, for WSD Scan, select Enabled.
4. Click Apply.
CCoonnffiigguurriinngg WWSSDD
To configure the WSD protocol:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsWSD.
2. Edit the following settings as needed:
Port Number. The default is 80.
TBCP Filter. To use the filter, select Enabled.
Data Receive Timeout in seconds. The default is 30.
Notification Delivery Timeout in seconds. The default is 8.
Maximum TTL. The default maximum time to live is 1.
Maximum Number of Subscribers. The default is 50.
3. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
53
Network Connectivity
FTP
File Transport Protocol (FTP) is a standard network protocol that allows you to pass and manipulate files over a TCP/IP network. Several services running on your device, including Network Scanning and Fax, can use FTP as a filing service.
EEnnaabblliinngg FFTTPP
To enable FTP:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. For FTP Client, select Enabled.
3. Click Apply.
SSeettttiinngg UUpp tthhee FFTTPP TTrraannssffeerr MMooddee
To set up the FTP transfer mode:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsFTP.
2. For Transfer Mode, select Passive Mode, or Active Mode.
3. Click Apply.
54
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity

Google Cloud Print

The Google Cloud Print service allows users to access the cloud print queue from any Internet­connected device in any geographic location. To allow access to the service, provide users with registration details. Users register for the service with the information that you provide.
EEnnaabblliinngg GGooooggllee CClloouudd PPrriinntt
To enable Google Cloud Print:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. For Google Cloud Print, select Enabled.
3. Click Apply.
RReeggiisstteerriinngg tthhee DDeevviiccee wwiitthh tthhee GGooooggllee CClloouudd PPrriinntt SSeerrvviiccee
To allow users to use Google Cloud Print, supply users with the registration details. To print the registration details:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsGoogle Cloud Print.
2. Click Register This Device to Google Cloud Print. The device prints the registration details and instructions.
3. Tell users to complete the registration using the printed information.
The user follows the printed instructions, which registers the device to the Google Cloud Print Service. Information about the registration appears in the Status area of the Google Cloud Print page.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
55
Network Connectivity

Bonjour Multicast DNS

Bonjour is a zero-configuration networking protocol developed by Apple to allow devices on a LAN to locate each other. When you enable Multicast DNS (Bonjour) on the printer, the device responds to mDNS calls. Any computer that runs the Apple Macintosh operating system Bonjour technology can discover the device on a network. Bonjour and IPP are required for Mopria and the Mac OS Print Center and Print Setup Utility. To use Bonjour, enable LPD and Raw TCP/IP printing on port 9100. For details, refer to IPP and Raw TCP/IP Printing.
EEnnaabblliinngg BBoonnjjoouurr
To enable Bonjour:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. For Bonjour, select Enabled.
3. Click Apply.
CCoonnffiigguurriinngg BBoonnjjoouurr
Mobile Printing, AirPrint®,
To configure Bonjour:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsBonjour.
2. For Host Name and Printer Name, type the appropriate names.
3. To use wide-area Bonjour, for Wide-Area Bonjour, select Enabled. Wide-area Bonjour allows devices to discover each other even if they are in different subnets on the network.
4. Click Apply.
56
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity

AirPrint

AirPrint is a software feature that allows you to print from wired or wireless Apple iOS-based mobile devices and Mac OS-based devices without the need to install a print driver. AirPrint-enabled printers allow you to print or fax directly from a Mac, an iPhone, iPad, or iPod touch.
To use AirPrint, enable and configure IPP and Bonjour Multicast DNS.
Note:
Not all iOS applications support printing using AirPrint.
Wireless devices must join the same wireless network as the printer. You can connect the printer by its wired network interface.
To allow devices to print from different subnets, configure your network to pass multicast DNS traffic.
AirPrint-enabled printers work with all models of iPad, iPhone 3GS or later, and iPod touch third generation or later, running the latest version of iOS.
The Mac OS device requires Mac OS 10.7 or later.
CCoonnffiigguurriinngg AAiirrPPrriinntt
To configure AirPrint:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsAirPrint.
2. In the General area, for AirPrint, select Enabled.
3. To use AirPrint on a USB connection, for USB Connection, select Enabled.
4. To specify device information, in the Bonjour area, type the device name and location. Optionally, type the geographical coordinates.
5. To use IPP authentication:
a. In the IPP Authentication area, for Basic Authentication, select Enabled.
b. Type a user name.
c. In the Password and Retype Password fields, type a password, then retype the password.
6. To use a digital certificate:
a. In the Device Digital Certificate area, for Device Digital Certificate Management, click
Settings.
b. Create a certificate or upload a signed certificate. For details, refer to Digital Certificates.
7. To configure AirPrint, for software updates:
a. In the Device Software area, for Manual Upgrade, click Update.
b. To check for software updates, in the Software Update area, click Check Now.
c. To specify when the printer checks for updates, in the Check for Update area, select Never,
Daily, Weekly, or Monthly.
d. To receive email notifications for the software upgrades, in the Email Notifications area, click
Setup. In the Software Update page, type up to three email addresses, then click Apply.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
57
Network Connectivity
8. To check life and status for toner, waste, and drum cartridges, in the Consumables area, click Check Status. To return to the AirPrint page, click Back.
9. To specify what happens when a data error occurs, for Print Job Handling when Data Error Occurs, select Cancel Print Job or Force Print Job.
10. Click Apply.
58
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Network Connectivity

Mopria

Mopria™is a software feature that enables users to print from mobile devices without requiring a print driver. To enable printing, users install the Mopria app or plug-in available from the appropriate app store. When you enable and configure Mopria on the printer, the required protocols IPP and Bonjour are enabled.
CCoonnffiigguurriinngg MMoopprriiaa
To configure Mopria:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsMopria.
2. Select Enabled.
3. Click Apply.
Note: Before you disable Mopria, disable IPP and Bonjour. If AirPrint is configured on the
printer, disabling IPP and Bonjour also disables AirPrint. To continue to use AirPrint, enable
AirPrint again. For details, refer to Configuring AirPrint.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
59
Network Connectivity

SOAP

Simple Object Access Protocol (SOAP) is an open-standard, platform-independent, XML-based messaging protocol that allows computers and networks that use different operating systems to exchange information. SOAP is used by other network protocols, including Universal Plug and Play Discovery.
To enable SOAP:
1. In the Embedded Web Server, click PropertiesConnectivityPort Settings.
2. For SOAP, select Enabled.
3. Click Apply.
60
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
4

Security

This chapter contains:
Setting Up Access Rights. ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... . 62
Local Authentication.... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ..... 64
Network Authentication..... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 66
Authentication Using a Card Reader System ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 68
Authentication Common Access Card (CAC).......... ..... ........... ..... ........... ..... ........... ..... ..... ........... 72
Controlling Access to Tools and Features .. ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ...... ... 74
Digital Certificates .. ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 78
Secure HTTP and SSL/TLS...... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... . 81
S/MIME .. ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... .... 83
IPsec. ........... ..... ..... ........... ..... ........... ..... ..... ...... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... ..... 84
802.1X ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ... 86
FIPS140-2 Data Encryption........ ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... . 87
Overwriting Image Data ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........ 88
IP Filtering . ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ..... ........... . 90
Unbounded Ports . ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ........... ..... ........... ..... .. 91
Audit Log ...... ..... ..... ........... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... ..... .... 92
PDF and XPS Signatures ...... ........... ..... ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........ 94
Address Book Security ........... ..... ........... ..... ........... ..... ..... ...... ..... ..... ........... ..... ..... ........... ..... ..... . 95
Restricting Access to Job Information......... ..... ........... ..... ..... ........... ..... ..... ........... ..... ........... ..... . 96
Hiding or Displaying Network Settings ........... ..... ..... ........... ..... ........... ..... ..... ........... ..... ..... ........ 98
Restricting Service Representative Operations . ..... ..... ........... ..... ..... ........... ..... ..... ........... ..... ....... 99
Limiting Access to Folder Operations ...... ...... ..... ..... ...... ..... ..... ........... ..... ........... ..... ..... ........... .. 100
Xerox®PrimeLink™C9065/C9070 Printer
System Administrator Guide
61
Security

Setting Up Access Rights

OOvveerrvviieeww
You can control access to the device services and features by setting up authentication, authorization, and personalization.
AAuutthheennttiiccaattiioonn
Authentication is the process of confirming the identity of a user by comparing information provided by the user, such as user name and password, against another source of user information, such as a Lightweight Directory Access Protocol (LDAP) network directory. Users can be authenticated when accessing the control panel or when accessing the Embedded Web Server.
There are several ways to authenticate a user:
Local: If you have a limited number of users, or do not have access to a Lightweight Directory
Access Protocol (LDAP) network directory, you can add user information, such as user names and passwords, to the device internal database. You can then specify tools and feature access for all users. Users are authenticated and authorized when they log in at the control panel.
Network: The device retrieves user information from an LDAP network directory to authenticate
and authorize users when they log in at the control panel. Configure LDAP server settings before you configure authentication settings. The device can use any of the following protocols to communicate with your authentication server:
- Kerberos (Solaris, or Windows 2000/2003)
- SMB (Windows 2000/2003)
- LDAP
Card Reader: To use this feature, purchase and install a magnetic or proximity card reading
system, such as Xerox identification card.
®
Secure Access. To access the device, users swipe a pre-programmed
AAuutthhoorriizzaattiioonn
Authorization is the process of defining the services and features that users are allowed to access. For example, you can configure the device to allow a user to copy, scan, and fax, but not email. There are two types of authorization:
Locally on the Device (Internal Database): User login information is stored locally in the device
internal User Information Database.
Remotely on the Network: User login information is stored externally in a network database such
as an LDAP directory.
PPeerrssoonnaalliizzaattiioonn
Personalization is the process of customizing services for a specific user. If your network is connected to an LDAP server, the device can look up the home directory and email address for a user when using the Scan to Home or Email scanning features.
62
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Note: Personalization is only available when the device is configured to use network
authentication.
Security
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
63
Security

Local Authentication

SSeettttiinngg UUpp LLooccaall AAuutthheennttiiccaattiioonn
To configure local authentication:
1. In the Embedded Web Server, click PropertiesSecurityAuthentication Configuration.
2. On the Authentication Configuration page, for Login Type, select Log In to Local Accounts.
3. To enable these services, for Print Stored File from Folder or for Folder to PC/Server, select Enabled.
4. To allow users without accounts to access the device, for Non-account Print, select Enabled.
5. To use the domain name for print client authentication, select Enabled.
6. Click Apply, then click Reboot Device.
DDeeffiinniinngg UUsseerr IInnffoorrmmaattiioonn
Before you can define access rights for users, you must define user information. You can add information to, or edit, the device internal User Information Database, or you can specify a network database or LDAP server that contains user information. For details on network authentication and LDAP user information, refer to Network Authentication and LDAP.
EEddiittiinngg tthhee UUsseerr IInnffoorrmmaattiioonn DDaattaabbaassee
You can add users to the User Information Database on the device or you can edit existing user information. The database can contain a maximum of 1000 users.
To edit the User Information Database:
1. In the Embedded Web Server, click PropertiesSecurityAuthentication Configuration.
2. Click Next.
3. In the Authentication Configuration area, for Account Number, type a number from 1–1000, then click Edit. Each user in the database has a unique number.
4. In the User Identification area, type the user information:
a. For the User Name and UserID fields, type the required information.
b. If necessary, type a password, then retype the password.
c. Type an email address.
5. In the Feature Access area, specify feature access to the following services for the user:
Copy Service
Fax Service
Scan Service
Print Service
Device Access
6. In the Impression / Limits area, specify the copy and scan usage limits for the user.
7. In the User Role area, for User Role, select System Administrator, Account Administrator, or User.
64
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security
8. If needed, add the user to an authorization group.
9. Click Apply.
The user is added to the User Information Database. When you add other users, for Account Number, ensure that you type a unique account number for each user.
SSppeecciiffyyiinngg LLooggiinn RReeqquuiirreemmeennttss
To specify password requirements:
1. In the Embedded Web Server, click PropertiesSecurityUser Details Setup.
2. To display text other than User ID, on the device control panel, in the Alternative Name for User ID field, type the text.
3. For Mask User ID, select an option:
Hide: This option shows user ID characters as asterisks on the control panel touch screen.
Show: This option shows user ID characters as text on the control panel touch screen.
4. For Failed Access Log, type the number of allowed login attempts from 1-600. To allow an unlimited number of login attempts, type 0.
Note: If the maximum number of allowed attempts is exceeded, the device locks. Restart
the device.
5. To allow users to log in without case sensitivity, for User ID for Login, select Non-Case Sensitive.
6. In the Login Attempts Limit area, type the number of login attempts allowed for the system administrator. You can specify from 1-10 attempts. To allow an unlimited number of login attempts, type 0.
7. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
65
Security

Network Authentication

If you have an LDAP server connected to your network, you can configure the device to retrieve user information from the LDAP directory when authenticating a user at the control panel.
SSeettttiinngg uupp NNeettwwoorrkk AAuutthheennttiiccaattiioonn
To set up network authentication:
1. In the Embedded Web Server, click PropertiesSecuritiesAuthentication Configuration.
2. On the Authentication Configuration page, for Login Type, select Log In to Remote Accounts.
3. To enable these services, for Print Stored File from Folder or for Folder to PC/Server, select Enabled.
4. To allow users without accounts to access the device, for Non-account Print, select Enabled.
5. To allow a guest user to access the device, for Guest User, select On. For Guest Passcode, type the guest user password, then for Retype Guest Passcode, type the password again.
6. To use the domain name for authentication, for Use Domain Name for Print Client Authentication, select Enabled.
7. Click Apply, then click Reboot Device.
8. After the device restarts, refresh your browser, navigate back to the Authentication ConfigurationStep 1 of 2 page, and at the bottom of the page, click Next.
9. For Authentication System, click Configure.
10. On the Authentication System page, select your Authentication System.
11. Type the Server Response Timeout and the Search Timeout.
12. If necessary, to assign the UPN, for Assign UPN (User Principal Name), select Enabled.
13. Click Apply.
14. Click Reboot Device.
CCoonnffiigguurriinngg AAuutthheennttiiccaattiioonn SSeerrvveerr SSeettttiinnggss ffoorr KKeerrbbeerrooss
To configure authentication settings for the Kerberos server:
1. In the Embedded Web Server, click PropertiesSecurityRemote Authentication ServersKerberos Server.
2. To enable the Kerberos validation services, for Server Certificate Validation, select Enabled.
3. For Kerberos Server 1, type the server information:
a. Type the server name or IP address of your primary server.
b. Type the Primary Server Port Number.
c. Type the server name or IP address of your secondary server.
d. Type the Secondary Server Port Number.
e. Type the Domain Name of your server.
66
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security
4. Type the server name, port name, and domain name of any additional Kerberos servers, as needed.
5. Click Apply.
CCoonnffiigguurriinngg AAuutthheennttiiccaattiioonn SSeerrvveerr SSeettttiinnggss ffoorr SSMMBB
To configure settings for the SMB server:
1. In the Embedded Web Server, click PropertiesSecurityRemote Authentication ServersSMB Server.
2. For SMB Server Setup, select an option:
By Domain Name
By Domain Name & Server Name / IP Address
3. For each of your servers, type the Domain Name and Server Name / IP Address.
4. Click Apply.
CCoonnffiigguurriinngg AAuutthheennttiiccaattiioonn SSeerrvveerr SSeettttiinnggss ffoorr LLDDAAPP
To configure authentication settings for the Lightweight Directory Access Protocol (LDAP):
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsLDAPLDAP Authentication.
2. For Authentication Method, select an option:
Direct Authentication: This method uses the user name and password, which the user types
at the control panel, for authentication with the LDAP server.
Authentication of User Attributes: This method allows you to specify the Attribute of Typed
User Name, which the user types at the control panel, and the Attribute of the Login User Name, which the device uses to authenticate the user.
3. If you selected Authentication of User Attributes:
a. Type the Attribute of Typed User Name. This attribute is the LDAP attribute that corresponds
to the information you want the user to type at the control panel. For example, if you want the user to type the mail address, type mail. You can type a maximum 32 characters.
b. Type the Attribute of Login User Name. This attribute is the login information that is
registered on the LDAP server. You can type a maximum 32 characters.
4. To add text to the user input before authentication, for Use Added Text String, select Enabled. For Text String Added to User Name, type the additional text string. For example, you can add your network domain name to the user name, and use this combined string for authentication.
5. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
67
Security

Authentication Using a Card Reader System

SSeettttiinngg UUpp AAuutthheennttiiccaattiioonn ffoorr XXeerrooxx®®SSeeccuurree AAcccceessss
Before you begin:
Enable Secure HTTP (SSL).
Install the Xerox
user accounts. For details, refer to the authentication server documentation.
Connect and configure your card reader.
Install the appropriate plugin for your card reader and device model. Download the latest plugin
files and plugin installation instructions from www.xerox.com/support.
Note: Accounts created on the Xerox®Secure Access authentication server must match
accounts stored in the device local database or in another network authentication server.
To configure authentication services for Xerox
1. In the Embedded Web Server, click PropertiesSecurityAuthentication Configuration.
®
Secure Access Unified ID System®(authentication server) and configure with
®
Secure Access:
2. On the Authentication Configuration page, for Login Type, select Xerox Secure Access.
3. To enable these services, for Print Stored File from Folder or for Folder to PC/Server, select Enabled.
4. To allow users without accounts to access the device, for Non-account Print, select Enabled.
5. To use the domain name for authentication, for Use Domain Name for Print Client Authentication, select Enabled.
6. Click Apply, then click Reboot Device.
7. After the device restarts, refresh your browser, navigate back to the Authentication ConfigurationStep 1 of 2 page, and at the bottom of the page, click Next.
8. For Authentication System, click Configure.
9. On the Authentication System page, from the drop-down list, select Authentication Agent.
10. Type the Server Response Timeout and the Search Timeout.
11. If necessary, for Assign UPN (User Principal Name), select Enabled.
12. Click Apply.
13. Click Reboot Device.
CCoonnffiigguurriinngg XXeerrooxx®®SSeeccuurree AAcccceessss LLooggiinn SSeettttiinnggss
To configure Xerox®secure access login settings:
1. In the Embedded Web Server, click PropertiesSecurityRemote Authentication ServersXerox Secure Access Settings.
2. Type the Default Prompt text and Default Title text.
3. To allow users to type their credentials at the control panel, for Local Login, select Enabled.
68
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security
4. To allow the device to obtain the user accounting code from a network accounting server automatically when the user logs in at the control panel, for Get Accounting Code, select Enabled. Ensure that network authentication and network accounting are configured. If Get Accounting Code is not enabled, the user is required to type an accounting code when logging in at the control panel.
5. For Connection Timeout, type a connection timeout from 1-300 seconds.
6. Click Apply.
SSeettttiinngg UUpp AAuutthheennttiiccaattiioonn ffoorr aa UUSSBB SSmmaarrtt CCaarrdd RReeaaddeerr SSyysstteemm
To use the device with a card reader system other than Xerox®Secure Access, you must order and install a card reader kit. The kit includes hardware, software, and instructions for connecting and configuring your card reader system.
Before you begin:
Install a Kerberos authentication server and configure with user accounts.
Connect your card reader to the device.
CCoonnffiigguurree NNeettwwoorrkk AAuutthheennttiiccaattiioonn SSeettttiinnggss
1. Configure network authentication. For details, refer to Network Authentication.
2. Configure Kerberos server settings. For details, refer to Configuring Authentication Server Settings
for Kerberos.
CChhaannggiinngg SSmmaarrtt CCaarrdd SSeettttiinnggss iinn tthhee EEmmbbeeddddeedd WWeebb SSeerrvveerr
Enabling USB for Smart Cards
To enable the USB interface for a smart card reader:
1. In the Embedded Web Server, click PropertiesServicesUSBGeneral.
2. To enable USB for smart cards, for Smart Card, select Enabled. To use the public key infrastructure for Smart Card certificates, select Enabled (PKI Only).
3. Click Apply.
Enabling Smart Cards
To enable smart cards:
1. In the Embedded Web Server, click PropertiesSecuritySmart Card SettingsGeneral.
2. For Smart Card, click Enabled.
3. To enable login and logout tones for a non-contact card reader, for Smart Card Log In / Out Tone, select Enabled.
4. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
69
Security
Setting Smart Card Certificate Information
To set certificate information for smart cards:
1. In the Embedded Web Server, click PropertiesSecuritySmart Card SettingsCertificate Settings.
2. To verify certificates, for Certificate Verification, select Enabled.
3. Type the hexadecimal values for the object identifiers for the authentication, signing, and encryption certificates.
4. Click Apply.
CChhaannggiinngg SSmmaarrtt CCaarrdd SSeettttiinnggss aatt tthhee CCoonnttrrooll PPaanneell
Enable Smart Card Settings
To enable Smart Card settings:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch Authentication / Security SettingsAuthenticationUser Details SetupUse of Smart Card.
3. Touch Change Settings.
4. To enable the use of a smart card, touch Enabled. To use the public key infrastructure for the certificates, touch Enabled (PKI Only).
5. For Jobs Validated by Card, select Copy, Print, or Fax / Scan, as needed
Note: You can select any or all of the available options.
6. Touch Save.
Set the Smart Card Certificate Verification Mode
For additional security, you can set the device to validate a Smart Card against certificates stored on the device.
To set the Smart Card verification mode:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch Authentication / Security SettingsAuthenticationUser Details SetupSmart Card Certificate Verification.
3. Touch Change Settings.
4. Touch Enabled.
5. Touch Save.
Note: Configure certificate revocation retrieval settings as necessary.
Ensure that the root CA and intermediate CA of the Smart Card certificate are stored on the device.
Ensure that the date and time settings on the device are correct for certificate validation.
70
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security
Set the Smart Card Logout Timing
You can use this feature to set the way the user interfaces with the card reader. You can require the user to leave the Smart Card in the card reader while using the device. Alternatively, you can allow the user to access the system by tapping the Smart Card on the card reader. If the card does not remain in the card reader, the user is required to log out at the control panel.
To set the Smart Card Logout Timing:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch Authentication / Security SettingsAuthenticationUser Details SetupSmart Card Logout Timing.
3. Touch Change Settings.
4. Select Log Out when Card is Removed or Log Out from Control Panel.
5. Touch Save.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
71
Security

Authentication Common Access Card (CAC)

AAuutthheennttiiccaattiioonn CCoommmmoonn AAcccceessss CCaarrdd ((CCAACC)) OOvveerrvviieeww
The Common Access Card (CAC) system is part of a Department of Defense initiative to increase the security of its facilities and critical information through the use of smart identification cards. Eventually, all department employees will use CAC cards to gain access to computers, networks, and buildings. In many cases, the department is requesting that same level of authentication at the device level also. When enabled on this device, Department of Defense employees use their CAC card to access the device for scan, fax, or copy functions, providing greater security and device management.
Xerox®CAC Enablement software supports a number of card readers and allows users to authenticate at the device. The card reader is connected to a USB port on the device.
SSuuppppoorrtteedd CCaarrdd TTyyppeess
The CAC solution is compatible with most common CAC card types listed below.
Axalto Pegasus 64K / V2
Axalto Cyberflex 32K / V1
Axalto Cyberflex 64K / V2
Gemplus GemXpresso 64K / V2
Oberthur 72K / V2
Oberthur CosmopoIIC 32K / V1
Oberthur D1 72K / V2 (contact-less and PIV)
Gemalto GCX4 72K DI
Oberthur ID One 128 v5.5 Dual
Gemalto TOPDLGX4 144K
Note: Other card types may function with the Common Access Card (CAC)/Personal Identity
Verification (PIV) ID system, but they have not been validated.
SSuuppppoorrtteedd CCaarrdd RReeaaddeerrss
The following card readers are compatible with the CAC ID system:
Gemplus GemPC USB SL
Gemplus GemPC Twin
SCM Micro SCR3310
72
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Panasonic ZU 9PS
Other USB CCID-compliant readers may function with the CAC ID system, but have not been validated.
Security
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
73
Security

Controlling Access to Tools and Features

CCoonnttrroolllliinngg AAcccceessss ffoorr AAllll UUsseerrss
LLoocckkiinngg oorr UUnnlloocckkiinngg TToooollss aanndd FFeeaattuurreess ffoorr AAllll UUsseerrss
You can configure the device to require users to authenticate themselves to access tools and features at the control panel and in the Embedded Web Server.
To lock or unlock tools and features:
1. In the Embedded Web Server, click PropertiesSecurityAuthentication Configuration.
2. Click Next.
3. In the Access Control area, for Device Access, click Configure.
4. For Services Pathway, to require authentication for all services at the control panel, select Locked. To allow unauthenticated access, select Unlocked.
5. For Job Status Pathway, to require authentication for all services accessed from the Job Status button, select Locked. To allow unauthenticated access, select Unlocked.
6. For Machine Status Pathway, to require authentication for all services accessed from the Machine Status button, select Locked. To allow unauthenticated access, select Unlocked.
7. For Local UI Tools & CWIS Properties Tab, to require authentication for all services in the Tools tab at the control panel, and for the Properties tab in the Embedded Web Server, select Locked. To allow unauthenticated access, select Unlocked.
8. Click Apply.
LLoocckkiinngg,, UUnnlloocckkiinngg,, oorr HHiiddiinngg IInnddiivviidduuaall SSeerrvviicceess ffoorr AAllll UUsseerrss
1. In the Embedded Web Server, click PropertiesSecurityAuthentication Configuration.
2. Click Next.
3. In the Access Control area, for Service Access, click Configure.
4. To require authentication for all services, click Lock All. To allow unauthenticated access to all services, click Unlock All.
5. To set the access for each individual service, select the required access:
Locked (Show Icon): Use this setting to require authentication for the service at the control
panel. The service icon is visible to all users.
Locked (Hide Icon): Use this setting to require authentication for the service at the control
panel. The service icon is hidden until an authorized user logs in.
Locked: Use this option to hide the service so that it is not available at the control panel.
Unlocked: Use this option to allow access to the service without authentication.
6. Click Apply.
CCoonnttrroolllliinngg AAcccceessss ffoorr aa GGrroouupp ooff UUsseerrss
If your network is connected to an LDAP server, you can configure network authentication and control individual access to services and features for users or groups.
74
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security
You can use LDAP server user groups to control access to device services and features. For example, if the LDAP server contains a group of users called Admin, you can configure the Admin group on the device so that only members of this group have administrator access to the device. When a user belonging to the group Admin logs onto the device, the device performs an LDAP directory lookup to verify the user. Once authenticated, the user is allowed administrative rights to the device.
You can set up and control access to your device:
User Roles Access Setup
Device Access Setup
Service Access Setup
Feature Access Setup
Before you begin:
Configure Network Authentication.
Configure Configuring LDAP Server Settings.
UUsseerr RRoollee AAcccceessss SSeettuupp
To assign users to specific access groups according to role:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsLDAPLDAP Authorization Access.
2. In the User Role area, for System Administrator Access, click Edit.
3. For System Administrator Access, type the name of the group, defined in the LDAP server database, that you want to use to grant system administrator access to the device. Click Apply.
4. For Accounting Administrator Access, click Edit.
5. Type the name of the group, defined in the LDAP server database, that you want to use to grant accounting administrator access to the device. Click Apply.
6. Continue with other access settings, as needed.
Device Access Setup
Service Access Setup
Feature Access Setup
7. Click Apply.
DDeevviiccee AAcccceessss SSeettuupp
Note: Device Access setup requires that authentication is enabled and that Tools and Feature
Access are configured to require users to log in before they can access pathways.
To set up device access:
1. In In the Embedded Web Server, click PropertiesConnectivityProtocolsLDAPLDAP Authorization Access.
2. In the Device Access area, for Services Pathway, click Edit. Type the name of a group, defined at the LDAP server, that you want to use to provide access to the services features on the device.
3. Click Apply.
4. Repeat the same process for the Job Status Pathway and Machine Status Pathway.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
75
Security
5. Continue with other access settings, as needed.
User Role Access Setup
Service Access Setup
Feature Access Setup
6. Click Apply.
SSeerrvviiccee AAcccceessss SSeettuupp
Note: Service Access Setup requires that authentication is enabled and that Tools and Feature
Access are configured to require users to log in before they can access services.
You can specify access to the services of the device in the Service Access area. Type the names of the LDAP groups for any of the services listed.
To set up service access:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsLDAPLDAP Authorization Process.
2. In the Service Access area, for the service, click Edit.
3. Type the name of the LDAP group allowed to access the service, then click Apply.
4. Repeat the process for each of the individual services in the Service Access area, as needed.
5. Continue with other access settings, as needed.
User Role Access Setup
Device Access Setup
Feature Access Setup
6. Click Apply.
FFeeaattuurree AAcccceessss SSeettuupp
Note: Feature Access Setup requires that authentication is enabled and Tools and Feature
Access are configured to require users to log in before they can access features.
You can set specific access to the color copying feature of the device listed on the Feature Access page.
To set up feature access:
1. In the Embedded Web Server, click PropertiesConnectivityProtocolsLDAPLDAP Authorization Access.
2. In the Feature Access area, for Color Copying, click Edit.
3. Type the names of the LDAP groups allowed to access the color copying feature, then click Apply.
4. Continue with other access settings, as needed.
User Role Access Setup
Device Access Setup
Service Access Setup
5. Click Apply.
76
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security
RReesseettttiinngg FFeeaattuurree AAcccceessss ffoorr AAllll LLooccaall UUsseerrss
Before you begin, configure the device for local authentication. Add user information and feature access information to the User Information Database. For details, refer to Local Authentication. To reset feature access for all local users:
1. In the Embedded Web Server, click PropertiesSecurityAuthentication Configuration.
2. Click Next.
3. In the Authentication Configuration area, for All User Accounts, click Edit.
4. For Reset All Feature Access, select Reset.
5. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
77
Security

Digital Certificates

A digital certificate must be installed on the device before you can enable secure HTTP (SSL). A digital certificate is a set of data used to verify the identity of the holder or sender of the certificate. A certificate includes the following data:
Information about the person, organization, or computer to which the certificate is issued,
including the name, location, email address, and other contact information.
Certificate serial number
Certificate expiration date
Name of the certificate authority (CA) that issued the certificate
A public key
The digital signature of a certificate authority
IInnssttaalllliinngg aa DDiiggiittaall CCeerrttiiffiiccaattee
There are three ways to install a certificate on the device:
Create a Self-Signed Certificate. A Self-Signed Certificate is the result when the device creates its
own certificate, signs it, and creates a public key for the certificate to be used in SSL encryption.
Create a request to have a certificate authority (CA), or a server functioning as a certificate
authority sign a certificate and then upload the certificate to the device. An example of a server functioning as a CA is Windows Server running Certificate Services.
Install a trusted root certificate created by a CA.
Note: Installing a self-signed certificate is less secure than installing a certificate signed by a
trusted CA. However, if you do not have a server functioning as a certificate authority, this is
your only option.
CCrreeaattiinngg aa SSeellff--SSiiggnneedd CCeerrttiiffiiccaattee
1. If necessary, enable S/MIME capability for the self-signed certificate. For details, refer to
Assigning a Name and Location to the Device.
2. In the Embedded Web Server, click PropertiesSecurityDevice Digital Certificate Management.
3. Click Create New Certificate.
4. Select Self Signed Certificate.
5. Click Continue.
6. Select a Digital Signature Algorithm.
7. Select a Public Key Size and type the name of the Issuer.
8. For Days of Validity, type the number of days, 1-9999, until the certificate expires.
9. Click Apply.
78
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security
CCrreeaattiinngg aa RReeqquueesstt
To create a request:
1. In the Embedded Web Server, click PropertiesSecurityDevice Digital Certificate Management.
2. Click Create New Certificate.
3. Select Certificate Signing Request (CSR), then click Continue.
4. Fill out the form with the Digital Signature Algorithm, Public Key Size or Elliptic Curve, 2-Letter Country Code, State/Province Name, Locality Name, Organization Name, and Organization Unit.
5. Click Apply.
6. Values from the form are used to generate a Certificate Signing Request.
7. When the process is complete, you are prompted to save the Certificate Signing Request. Right­click the link and save the csr.pem file to your computer.
8. Email the file to a trusted certificate authority for signing.
Note: If you want to use SSL/TLS for SMTP communication, for SMTP - SSL / TLS
Communication, select a method that your server supports.
UUppllooaaddiinngg aa CCeerrttiiffiiccaattee
When a signed certificate is received back from a trusted certificate authority (CA), you can upload the certificate to the device. You can also upload certificates, root certificates, and intermediate CA certificates to establish a complete chain of trust.
To upload a certificate:
1. In the Embedded Web Server, click PropertiesSecurityDevice Digital Certificate Management.
2. Click Upload Signed Certificate.
3. If the certificate is password-protected, type the password, then retype the password.
4. Click Browse or Choose File, navigate to the signed certificate in .crt format, then click Open or Choose.
5. Click Import.
Note: The signed certificate must match the CSR created by the device.
MMaannaaggiinngg CCeerrttiiffiiccaatteess
To view information about the certificates installed on the device, or specify the certificate to use for S/MIME, SSL, and IPSEC:
1. In the Embedded Web Server, click PropertiesSecurityCertificate Management.
2. To filter the display, for Category, Certificate Purpose, and Certificate Order, select the appropriate options.
3. Click Display the list.
4. Select a certificate from the list, then click Certificate Details.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
79
Security
5. To set the certificate as the primary certificate, click Use this certificate. If this option is not available, then the selected certificate has expired or is not valid. All certificates in the certification path (chain of trust) must be installed on the device and must be valid.
6. To remove the certificate, click Delete.
7. To save the certificate to your computer, click Export this certificate.
CCeerrttiiffiiccaattee RReevvooccaattiioonn RReettrriieevvaall SSeettttiinnggss
To configure certificate revocation retrieval settings:
1. In the Embedded Web Server, click PropertiesSecurityCertificate Revocation Settings.
2. In the General area, for Level of Certificate Verification, select an option:
Low: The revocation status of certificates is not checked. The device verifies that the
certificate has not expired and that the certificate issuer and signature are valid.
Medium: The revocation status of certificates is checked. If the certificate status cannot be
obtained due to a network error, the certificate is still considered valid.
High: The revocation status of certificates is checked. The certificate is only considered valid
after successfully verifying that the certificate has not been revoked.
3. Select the Retrieval of Certificate Status: By Retrieving CRL or By OCSP.
If you selected By OCSP:
1. In the OCSP area, for Send Query to OCSP Responder With, select URL as Specified in Certificate or URL as Specified by Administrator.
2. For URL of OCSP Responder, type the required URL.
3. For OCSP Communication Timeout, type the time in seconds that the device waits for information about certificate revocation. The permitted range is 5-60 seconds.
If you selected By Retrieving CRL:
1. If necessary, in the CRL area, for Auto Retrieval of CRL, select Enabled.
2. For CRL Retrieval Timeout, type the time in seconds that the device waits for information about certificate revocation. The permitted range is 5-60 seconds.
4. Click Apply.
80
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security

Secure HTTP and SSL/TLS

You can encrypt all data sent over HTTP by establishing an encrypted SSL connection. You can enable SSL encryption for the following services:
Configuring the device in the Embedded Web Server
Printing from the Embedded Web Server
Printing using IPP
Managing scan templates
Network scanning
Network accounting
Before you begin:
Install a digital certificate. For details, refer to Installing a Digital Certificate.
Ensure that the date and time on the device are configured correctly. The date and time are used to set the start time for self-signed certificates.
CCoonnffiigguurriinngg SSeeccuurree HHTTTTPP ((SSSSLL//TTLLSS))
Note:
Before you can enable Secure HTTP, ensure that you install a digital certificate on the device.
If Secure HTTP is enabled, all pages in the Embedded Web Server contain https:// in the web page URL.
To configure HTTP SSL / TLS settings:
1. In the Embedded Web Server, click PropertiesSecuritySSL / TLS Settings.
2. For HTTP - SSL/TLS Communication, select Enabled.
3. Type the port number you want to use for HTTP SSL / TLS.
4. To use secure LDAP, for LDAP - SSL/TLS Communication, select Enabled.
5. To use secure email, for SMTP - SSL / TLS Communication, select a method that your server supports:
STARTTLS (If Available)
STARTTLS
SSL / TLS
Note: If you are unsure what method your server supports, select STARTTTLS (If
Available). If you select STARTTLS, the device attempts to use STARTTLS. If your server
does not support STARTTLS, SMTP communication is not encrypted.
6. To use POP3, for POP3 - SSL / TLS Communication, select Enabled.
7. To use S/MIME, for S/MIME Communication, select Enabled.
8. To verify a remote server certificate, for Verify Remote Server Certificate, select Enabled.
®
Xerox
PrimeLink™C9065/C9070 Printer
System Administrator Guide
81
Security
9. For Protocol Version, select the TLS version to be used.
10. Click Apply.
82
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security

S/MIME

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and signing of email encapsulated in MIME.
Before you begin:
Enable SSL/TLS.
Install an S/MIME certificate and all certificates in the certification path (chain of trust) for the S/
MIME certificate. The S/MIME certificate must be in PKCS #12 format, and the email address in the certificate must be the same as the device email address.
Enable S/MIME Communication on the SSL/TLS Settings page.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
83
Security

IPsec

Internet Protocol Security (IPsec) is a group of protocols used to secure Internet Protocol (IP) communications by authenticating and encrypting each IP data packet. It allows you to control IP communication by creating protocol groups, policies, and actions for the following protocols:
DHCP v4/v6 (TCP and UDP)
DNS (TCP and UDP)
FTP (TCP)
HTTP (Scan Out, TCP port 80)
HTTPS (Scan Out, TCP port 443)
HTTPS (Web Server, TCP port 443)
ICMP v4/v6
IPP (TCP port 631)
LPR Print (TCP port 515)
Port 9100 Print (TCP port 9100)
SMTP (TCP/UDP port 25)
SNMP (TCP/UDP port 161)
SNMP Traps (TCP/UDP port 162)
WS-Discovery (UDP port 3702)
Up to 10 additional services
CCoonnffiigguurriinngg IIPPSSeecc
Note: Before you can enable IPsec, ensure the HTTP (SSL) is enabled with an installed digital
certificate.
To configure Internet Protocol security communications:
1. In the Embedded Web Server, click PropertiesSecurityIPSec.
2. For Protocol, select Enabled.
3. For IKE Authentication Method, select Preshared Key, or Digital Signature.
4. If you selected Preshared Key, type the Preshared Key, then to verify, retype the key.
5. For IKE SA Lifetime and IPSec SA Lifetime, type the values in minutes:
IKE SA Lifetime: 5-28800 minutes
IPSec SA Lifetime: 300-172800 minutes
Note: Ensure that you set the IPSec SA Lifetime to a shorter period of time than the
setting for IKE SA Lifetime.
6. Select the DH Group type.
7. If necessary, enable PFS.
8. Type the Specific Destination IPv4 Address and the Specific Destination IPv6 Address.
84
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
9. To restrict the device from communicating with devices that are not using IPSec, for Communicate with Non-IPsec Device, select Disabled .
10. Click Apply.
Security
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
85
Security

802.1X

802.1X is an Institute for Electrical and Electronics Engineers (IEEE) standard that defines a method
for port-based network access control or authentication. In an 802.1X-secured network, the device must be authenticated by a central authority, typically a RADIUS server, before it can access the physical network. You can enable and configure the device to be used in an 802.1X-secured network.
Before you begin:
Ensure your 802.1X authentication server and authentication switch are available on the network.
Determine the authentication method supported by the server.
Create a user name and password on your authentication server.
Ensure that the device can be offline for several minutes. Changing and applying 802.1X settings
causes the device to restart.
CCoonnffiigguurriinngg 880022..11XX
To configure 802.1x network settings:
1. In the Embedded Web Server, click PropertiesSecurityIEEE 802.1X.
2. For Enable IEEE 802.1x, select Enabled.
3. For Authentication Method, select the method used on your network:
EAP-TTLS / PAP
EAP-TTLS / CHAP
EAP-TTLS / MS-CHAPv2
PEAP / MS-CHAPv2
Note: EAP-TTLS is available if the device is configured to use EAP-TTLS.
4. For Login Name: (Device Name), type the login name required by your authentication switch and server.
5. Type the password, then retype the password.
6. If necessary, for Certificate Validation, select Enabled.
7. Click Apply.
86
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security

FIPS140-2 Data Encryption

All data that is stored on and transmitted by the device is encrypted. Some services and protocols, such as SMB and the PDF Direct Print service, do not use an encryption method that complies with government standard FIPS140-2. You can warn users with a control panel message when data is about to be transmitted that is not encrypted to FIPS140-2 standard. For details, refer to the device Security White Paper on the Xerox website.
To enable the data encryption warning message:
1. In the Embedded Web Server, click PropertiesSecurityFIPS140 Validation Mode.
2. For FIPS140 Validation Mode, select Enabled.
3. Click Apply.
Note: FIPS 140-2 encryption does not apply to the SMB protocol or to the PDF Direct Print
Service.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
87
Security

Overwriting Image Data

To ensure that image data on the device hard drive is not accessible, you can delete and overwrite image data. Image data is any and all in-process or temporary user data on the hard drive, such as current jobs, queued jobs, and temporary scan files, but not saved jobs or folders. To use this feature, you must purchase and install the Data Security Kit.
OOvveerrwwrriittiinngg IImmaaggee DDaattaa iinn tthhee EEmmbbeeddddeedd WWeebb SSeerrvveerr
DDeelleettiinngg IImmaaggee DDaattaa IImmmmeeddiiaatteellyy
To delete image data from the device hard drive:
1. In the Embedded Web Server, click PropertiesSecurityOn Demand OverwriteImmediate.
2. Select the number of overwrites to perform.
3. Click Apply.
While the data is deleted, the device is offline. When the process has completed, the device restarts.
SScchheedduulliinngg RRoouuttiinnee DDeelleettiioonn ooff IImmaaggee DDaattaa
To schedule a regular time to delete the image data from the device hard drive:
1. In the Embedded Web Server, click PropertiesSecurityOn Demand OverwriteScheduled.
2. For Scheduled Image Overwrite, select Enabled.
3. Select the Frequency of the overwrite operation.
4. To specify when you want the image data deleted, set the date, day, and time, as needed.
5. Click Apply.
MMaannuuaallllyy DDeelleettiinngg IImmaaggee DDaattaa
To remove image data manually:
1. In the Embedded Web Server, click PropertiesSecurityOn Demand OverwriteScheduled.
2. ClickStart.
While the data is deleted, the device is offline. When the process has completed, the device restarts.
88
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security
OOvveerrwwrriittiinngg IImmaaggee DDaattaa aatt tthhee CCoonnttrrooll PPaanneell
MMaannuuaallllyy DDeelleettiinngg IImmaaggee DDaattaa
To delete image data from the device hard drive manually:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch Authentication / Security SettingsOverwrite Hard Disk.
3. Touch Number of Overwrites, then touch 1 Overwrite or 3 Overwrites.
4. Touch Save.
5. Touch Run Image Overwrite.
6. Touch Start.
7. Touch Yes. The following data is deleted:
Secure, Sample, and Delay print jobs
Images stored in folders
PDL spool files
Fax documents
All temporary files
Note:
All image data is deleted.
While data is deleted, the device is offline. When the process has completed, the device restarts.
SScchheedduulliinngg RRoouuttiinnee DDeelleettiioonn ooff IImmaaggee DDaattaa
To schedule a regular time for image data to be deleted from the device hard drive:
1. At the device control panel, log in as Administrator, press the Machine Status button, then touch the Tools tab. For details, refer to Administrator Access at the Control Panel.
2. Touch Authentication / Security SettingsOverwrite Hard Disk.
3. Touch Number of Overwrites, then touch 1 Overwrite or 3 Overwrites.
4. Touch Save.
5. Touch Scheduled Image Overwrite.
6. Touch Daily, Weekly, or Monthly. To specify when you want image data deleted, use the arrow icons.
Note: All image data is deleted.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
89
Security

IP Filtering

You can prevent unauthorized network access by only allowing data to be transmitted to and from specific IP addresses and ports.
CCrreeaattiinngg aann IIPP FFiilltteerr RRuullee
To create an IP filter rule:
1. In the Embedded Web Server, click PropertiesSecurityIP Filtering.
2. For IPv4 Filtering or IPv6 Filtering, select Enabled.
3. For the option that you enabled, click Add.
4. In the Define IP Filter Rule area area, type the Source IP Address. This is the IP address of the computer or device that you want to allow to access the printer.
5. For Source IP Mask, type a number for the filter rule.
For IPv4, the range of 0–32 corresponds to the 32-bit binary number that comprises IP addresses. The number 8 represents a Class A address with a mask of 255.0.0.0. The number 16 represents a Class B address with a mask of 255.255.0.0. The number 24 represents a Class C address with a mask of 255.255.255.0.
For IPv6, the range of 0–128 corresponds to the 128-bit binary number that comprises IP addresses. For example, a mask of /64 represents a 64-bit mask, which defines a single IPv6 subnet.
6. Click Apply, then follow the prompts to restart the device.
7. Refresh your browser, then navigate back to the IP Filtering page.
8. For IP Filter Rule List, select the rule that you created in the first part of the process.
9. Select your rule in the list, then click Apply.
To edit or delete an existing rule, select the rule, then click Edit or Delete.
Note: To edit or delete an existing rule, click Edit or Delete.
90
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security

Unbounded Ports

The unbounded port feature provides printer security by allowing you to register the ports that are permitted to communicate with the device.
AAddddiinngg aann UUnnbboouunnddeedd PPoorrtt
To add a port that is allowed to communicate with the device:
1. In the Embedded Web Server, click PropertiesSecurityUnbounded Port.
2. Click Add.
3. Type the port number.
4. For Port Destination, select Source or Destination.
5. For Protocol, select TCP or UDP.
6. Click Apply.
EEddiittiinngg aann UUnnbboouunnddeedd PPoorrtt
To edit an unbounded port:
1. In the Embedded Web Server, click PropertiesSecurityUnbounded Port.
2. Select an item in the Unbounded Port List, then click Edit.
3. Edit the port number, destination, and protocol, as needed.
4. Click Apply.
DDeelleettiinngg aann UUnnbboouunnddeedd PPoorrtt
To delete an unbounded port:
1. In the Embedded Web Server, click PropertiesSecurityUnbounded Port.
2. Select an item in the Unbounded Port List, then click Delete.
3. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
91
Security

Audit Log

When the Audit Log feature is enabled, the device begins recording events that happen on the device. You can download the Audit Log as a tab-delimited text file and review it to find security breaches and assess the device security.
EEnnaabblliinngg AAuuddiitt LLoogg
Note: Secure HTTP (SSL) must be enabled before you can enable the Audit Log. For details,
refer to Secure HTTP and SSL/TLS.
To enable the Audit Log:
1. In the Embedded Web Server, click PropertiesSecurityAudit Log.
2. For Audit Log, select Enabled.
3. Click Apply.
SSaavviinngg aann AAuuddiitt LLoogg
1. In the Embedded Web Server, click PropertiesSecurityAudit Log.
2. For Export Audit Log, right-click the Export as text file link and save the compressed auditfile.txt file to your computer.
3. Open the file in an application that can read a tab-delimited text file.
IInntteerrpprreettiinngg tthhee AAuuddiitt LLoogg
The Audit Log is formatted into columns:
Log ID: A unique value that identifies the event.
Date: The date that the event happened in mm/dd/yy format.
Time: The time that the event happened in hh:mm:ss format.
Audit Event ID: The type of event. The number corresponds to a unique description.
Logged Events: An abbreviated description of the type of event.
User Name: User Name, Job Name, Computer Name, Device Name, Folder Name, or Accounting
Account ID (when Network Accounting is enabled).
Description: More information about the Logged Event. When the Logged Event is System Status
for example, one of the following can appear: Started normally (cold start), Started normally (warm start), Shutdown requested, Image Overwriting started.
Optionally Logged Items: Other information recorded when the event occurs, such as log in and
authentication access method.
92
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Note:
For a Network Scanning scan job, an audit log entry is recorded for each network destination within the job.
For Server Fax jobs, an audit log entry is recorded for each Server Fax job.
For Email jobs, an audit log entry is recorded for each SMTP recipient within the job.
To record user names in the Audit Log, configure network authentication.
Security
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
93
Security

PDF and XPS Signatures

You can add a digital signature to PDF or XPS documents that are created by the device scan feature. The signature uses the information in an S/MIME digital certificate.
Before you begin:
Install an S/MIME digital certificate.
Enable secure HTTP (SSL) and S/MIME communication. For details, refer to Secure HTTP and SSL/
TLS and S/MIME.
To set digital signatures:
1. In the Embedded Web Server, click PropertiesSecurityPDF / XPS Signature Settings.
2. For PDF Signature, select when you want the signature added.
3. Select the required PDF Signature Hash Algorithm.
4. For XPS Signature, select when you want the signature added.
5. For Signing Certificate, select the type of certificate to which these changes apply.
6. Click Apply.
94
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Security

Address Book Security

CCoonnttrroolllliinngg AAddddrreessss BBooookk AAcccceessss iinn tthhee EEmmbbeeddddeedd WWeebb SSeerrvveerr
You can allow all users to edit the public address book in the Embedded Web Server or you can restrict access to system administrators only.
To control address book access:
1. In the Embedded Web Server, click the Address Book tab.
2. In the Security area, click Access Rights.
3. Select System Administrators Only or Open to All Users.
4. Click Apply.
CCoonnttrroolllliinngg CCoonnttrrooll PPaanneell AAddddrreessss BBooookk AAcccceessss
Before you begin, configure local authentication. For details, refer to Setting Up Local Authentication. To restrict users from using or editing the address book at the control panel you can create an Authorization Group.
To restrict access to the control panel address book:
1. In the Embedded Web Server, click PropertiesSecurityCreate Authorization Groups.
2. For one of the group numbers, click Edit.
3. Type the Group Name.
4. To allow access for the group, for Restrict Recipient Selection Method, select No Restriction, or to
require authentication for the group, Always Apply Restriction.
5. For Restrict User to Edit Address Book, select No Restriction, or Always Apply Restriction.
6. For Allow User to Disable Active Settings, select Allow or Do Not Allow.
7. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
95
Security

Restricting Access to Job Information

You can control how job information displays at the control panel when the user presses the Job Status button.
HHiiddiinngg oorr PPaasssswwoorrdd PPrrootteeccttiinngg CCoommpplleetteedd JJoobb IInnffoorrmmaattiioonn
To control access to completed job information:
1. In the Embedded Web Server, click PropertiesSecurityJob Status DefaultCompleted Jobs
View.
2. For Completed Jobs View, select an option:
Require Login to View Jobs: This option allows users to view completed jobs only when they
are logged in.
No Job Viewing: This option prevents users from seeing completed job information.
3. If you selected Require Login to View Jobs, for Access To, select an option:
All Jobs: This option allows users to view all completed jobs.
Jobs Run By Logged-in User Only: This option allows users to view only jobs completed by
logged-in users.
4. For Hide Job Details, select an option:
Yes: This option allows users to view only basic information for completed jobs.
No: This option allows users to view all information for completed jobs.
5. Click Apply.
HHiiddiinngg AAccttiivvee JJoobb IInnffoorrmmaattiioonn
To hide or show active job information:
1. In the Embedded Web Server, click PropertiesSecurityJob Status DefaultActive Jobs
View.
2. For Hide Job Details, select an option:
To hide job details, select Yes.
To show job details, select No.
3. Click Apply.
AAlllloowwiinngg oorr RReessttrriiccttiinngg JJoobb OOppeerraattiioonnss
To control the job operations that a user can perform:
1. In the Embedded Web Server, click PropertiesSecurityJob Status DefaultJob Operation
Restrictions.
2. For Pause / Cancel, select All Users, Administrator Only, or Job Owner and Administrator.
3. For Continue / Edit Scan, select All Users, or Job Owner and Administrator.
4. For Continue / Edit Print, select All Users, or Job Owner and Administrator.
96
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
5. For Promote Print Job, select All Users, or Job Owner and Administrator.
6. Click Apply.
Security
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
97
Security

Hiding or Displaying Network Settings

To show or hide the IPv4 address or host name of the device on the control panel touch screen:
1. In the Embedded Web Server, click PropertiesSecurityDisplay Network Settings.
2. Select Show IP Address (IPv4 only) or Show Host Name. To hide network information, select
Hide Network Information.
3. Click Apply.
98
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide

Restricting Service Representative Operations

You can allow a service representative full access to the device, or you can restrict access to the following operations:
Delete all data
Image log control
Print universal unique ID
Data encryption
Encryption key for confidential data
Service representative restricted operation
SSL / TLS settings
S/MIME settings
IPsec settings
System administrator settings
Maximum login attempts by the system administrator
Security
Overwrite hard drive
Creating or changing users with system administrator rights
Changing SNMPv3 settings
If you restrict access, you can specify a password for the service representative operations.
Caution:
If you lose the system administrator user ID and password, and need to recover the device, a repair can be required.
If you lose the system administrator user ID and password, you cannot change these restrictions.
If you lose the password, the service representative cannot perform maintenance if an error occurs on the device.
SSeettttiinngg uupp SSeerrvviiccee RReepprreesseennttaattiivvee RReessttrriiccttiioonnss
To restrict the access of a service representative:
1. In the Embedded Web Server, click PropertiesSecurityService Representative Restricted Operation.
2. For Restricted Operation, select Enabled.
3. To set a password, type and retype the password.
4. Click Apply.
Xerox
®
PrimeLink™C9065/C9070 Printer
System Administrator Guide
99
Security

Limiting Access to Folder Operations

You can limit access to folder operations on the device. Limiting access forces users to provide a password to perform a folder operation. The restriction does not apply to any folders that are already registered.
1. In the Embedded Web Server, click PropertiesSecurityLimit Access to Folder.
2. For Limit Access, select Enabled.
3. Click Apply.
100
Xerox®PrimeLink™C9065/C9070 Printer System Administrator Guide
Loading...