Xerox WorkCentre 7525, WorkCentre 7530, WorkCentre 7535, WorkCentre 7545, WorkCentre 7556 Administrator's Guide
Xerox WorkCentre 7500 Series
Multifunction Printer
Xerox® WorkCentre® 7500 Series
System Administrator Guide
Guide de l’administrateur système
Español Guía del administrador del sistema
Português Guia de Administração do Sistema
© 2011 Xerox Corporation. All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Contents of
this publication may not be reproduced in any form without permission of Xerox Corporation.
Copyright protection claimed includes all forms of matters of copyrightable materials and information now allowed by statutory or
judicial law or hereinafter granted, including without limitation, material generated from the software programs which are displayed on
the screen such as styles, templates, icons, screen displays, looks, and so on.
®
XEROX
and XEROX and Design®, Phaser®, CentreWare®, PrintingScout®, Walk-Up®, WorkCentre®, ColorQube®, FreeFlow®,
SMARTsend
Xerox Extensible Interface Platform
States and/or other countries.
Adobe
Incorporated in the United States and/or other countries.
Apple
other countries.
HP-GL
IBM
Microsoft
countries.
Novell
other countries.
SGI
Sun
UNIX
The Xerox
Requirements for Imaging Equipment. The E
®
, Scan to PC Desktop®, Copier Assistant®, MeterAssistant®, SuppliesAssistant®, Xerox Secure Access Unified ID System®,
®
Reader®, Adobe® Type Manager®, ATM™, Flash®, Macromedia®, Photoshop®, and PostScript® are trademarks of Adobe Systems
®
, AppleTalk®, Bonjour®, EtherTalk®, Macintosh®, Mac OS®, and TrueType® are trademarks of Apple Inc., registered in the U.S. and
®
, HP-UX®, and PCL® are trademarks of Hewlett-Packard Corporation in the United States and/or other countries.
®
and AIX® are trademarks of International Business Machines Corporation in the United States and/or other countries.
®
, Windows Vista®, Windows®, and Windows Server® are trademarks of Microsoft Corporation in the United States and other
®
, NetWare®, NDPS®, NDS®, IPX™, and Novell Distributed Print Services™ are trademarks of Novell, Inc. in the United States and
®
and IRIX® are trademarks of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
SM
, Sun Microsystems™, and Solaris™ are trademarks of Sun Microsystems, Inc. in the United States and other countries.
®
is a trademark in the United States and other countries, licensed exclusively through X/ Open Company Limited.
®
WorkCentre 7500 Series of Multifunction Printers are ENERGY STAR® qualified under the ENERGY STAR Program
®
, Global Print Driver®, and Mobile Express Driver are trademarks of Xerox Corporation in the United
NERGY STAR name and logo are registered U.S. marks.
Document version 1.1: March 2011
Contents
1 Introduction 11
Overview ............................................................................................................................................................................... 12
Configuration Steps ................................................................................................................................................. 12
More Information ............................................................................................................................................................. 13
2 Initial Setup 15
Physically Connecting the Printer .............................................................................................................................. 16
Initial Setup at the Control Panel .............................................................................................................................. 17
Installation Wizard .................................................................................................................................................. 17
Quick Setup Home .................................................................................................................................................... 17
Configuration Report .............................................................................................................................................. 17
Disabling the Configuration Report at Startup ........................................................................................... 18
Manually Setting the Ethernet Interface Speed ......................................................................................... 18
Assigning a Network Address .............................................................................................................................. 18
Initial Setup in CentreWare Internet Services ...................................................................................................... 19
Accessing CentreWare Internet Services ........................................................................................................ 19
Locking or Unlocking the Printer ........................................................................................................................ 19
Changing the System Administrator Password ........................................................................................... 19
Using the Configuration Overview Page......................................................................................................... 20
Assigning the Printer Name and Location ..................................................................................................... 20
Enabling Services ...................................................................................................................................................... 20
Physical Connection Settings ....................................................................................................................................... 22
Setting Ethernet Options ....................................................................................................................................... 22
Setting USB Options ................................................................................................................................................ 22
3 Network Configuration 23
AppleTalk .............................................................................................................................................................................. 24
NetWare ............................................................................................................................................................................... 25
Configuring NetWare Settings ............................................................................................................................ 25
Service Advertising Protocol ................................................................................................................................. 25
Configuring NetWare Bindery Settings ........................................................................................................... 26
Configuring NetWare Directory Services (NDS) Settings ........................................................................ 26
IP .............................................................................................................................................................................................. 27
Enabling TCP/IP ......................................................................................................................................................... 27
Configuring TCP/IP Settings at the Control Panel...................................................................................... 27
Configuring IP Settings in CentreWare Internet Services ....................................................................... 28
SLP ........................................................................................................................................................................................... 32
Configuring SLP ......................................................................................................................................................... 32
FTP .......................................................................................................................................................................................... 33
Setting FTP Mode ..................................................................................................................................................... 33
WorkCentre 7500 Series Multifunction Printer 3
System Administrator Guide
Contents
SNMP ..................................................................................................................................................................................... 34
Enabling SNMP .......................................................................................................................................................... 34
Configuring SNMPv1/v2c ...................................................................................................................................... 34
Configuring SNMPv3 ............................................................................................................................................... 35
Configuring SNMP Advanced Settings ............................................................................................................ 36
SSDP ....................................................................................................................................................................................... 38
Microsoft Networking ..................................................................................................................................................... 39
Configuring Microsoft Networking .................................................................................................................... 39
Configuring WINS .................................................................................................................................................... 39
LPR/LPD ................................................................................................................................................................................. 40
Raw TCP/IP Printing ......................................................................................................................................................... 41
Configuring Raw TCP/IP Settings ...................................................................................................................... 41
Configuring Raw TCP/IP Advanced Settings ................................................................................................ 41
SMB Filing ............................................................................................................................................................................ 43
Configuring Kerberos Authentication Options for SMB ........................................................................... 43
SMTP Server ........................................................................................................................................................................ 44
Configuring SMTP Settings .................................................................................................................................. 44
Configuring SMTP Settings Optional Information ..................................................................................... 44
LDAP ....................................................................................................................................................................................... 46
Configuring LDAP Servers ..................................................................................................................................... 46
Configuring LDAP Server Optional Information .......................................................................................... 46
Configuring LDAP Contexts .................................................................................................................................. 47
Configuring LDAP User Mappings ..................................................................................................................... 48
Configuring LDAP Authorization Access ......................................................................................................... 48
Configuring LDAP Custom Filters ....................................................................................................................... 50
HTTP ....................................................................................................................................................................................... 52
Enabling HTTP at the Control Panel ................................................................................................................. 52
Configuring HTTP Settings in CentreWare Internet Services ................................................................ 52
HTTP Web Services .................................................................................................................................................. 52
HTTP Advanced Settings ....................................................................................................................................... 53
POP3 ....................................................................................................................................................................................... 54
Proxy Server ......................................................................................................................................................................... 55
Configuring the Proxy Server ............................................................................................................................... 55
NTP ......................................................................................................................................................................................... 56
WSD ........................................................................................................................................................................................ 57
Enabling WSD ............................................................................................................................................................ 57
Sleep Mode Network Settings ..................................................................................................................................... 58
Configuring Sleep Mode Settings ...................................................................................................................... 58
Sleep Mode Network Settings Advanced ....................................................................................................... 58
4 Security 59
Setting Up Access Rights ............................................................................................................................................... 60
Local Authentication ............................................................................................................................................... 61
User Permissions ....................................................................................................................................................... 63
Network Authentication ........................................................................................................................................ 67
4 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Authorization ........................................................................................................................................... 69
Authentication Using a Card Reader System ............................................................................................... 70
Secure HTTP (SSL) ............................................................................................................................................................ 75
Enabling HTTPS (SSL) ............................................................................................................................................. 75
FIPS 140-2 ........................................................................................................................................................................... 76
Enabling FIPS 140 Mode and Checking for Compliance ......................................................................... 76
Stored Data Encryption .................................................................................................................................................. 78
Enabling Encryption of Stored Data ................................................................................................................. 78
IP Filtering ............................................................................................................................................................................ 79
Creating an IP Filter Rule ...................................................................................................................................... 79
Editing an IP Filter Rule .......................................................................................................................................... 79
Arranging the Execution Order of IP Filter Rules ........................................................................................ 80
Audit Log .............................................................................................................................................................................. 81
Enabling Audit Log ................................................................................................................................................... 81
Saving an Audit Log................................................................................................................................................. 81
Interpreting the Audit Log .................................................................................................................................... 81
IPsec ....................................................................................................................................................................................... 83
Enabling IPsec ............................................................................................................................................................ 83
Managing Actions .................................................................................................................................................... 83
Managing Protocol Groups ................................................................................................................................... 85
Managing Host Groups .......................................................................................................................................... 86
Managing Security Policies ................................................................................................................................... 87
Security Certificates ......................................................................................................................................................... 88
Installing a Digital Certificate ............................................................................................................................. 89
802.1X ................................................................................................................................................................................... 92
Enabling and Configuring 802.1X at the Control Panel ........................................................................... 92
Enabling and Configuring 802.1X in CentreWare Internet Services .................................................. 93
System Timeout ................................................................................................................................................................ 95
Setting System Timeout Values ......................................................................................................................... 95
Overwriting Image Data ................................................................................................................................................ 96
Manually Deleting Image Data.......................................................................................................................... 96
Scheduling Routine Deletion of Image Data ............................................................................................... 97
Immediate Image Overwrite .....................................................................................................
.......................... 97
PostScript Passwords ....................................................................................................................................................... 98
Enabling or Creating PostScript Passwords ................................................................................................... 98
USB Port Security .............................................................................................................................................................. 99
Enabling or Disabling USB Ports ......................................................................................................................... 99
Contents
5 Printing 101
General Print Settings ................................................................................................................................................... 102
Configuring General Print Settings ................................................................................................................. 102
Saving and Reprinting Jobs ........................................................................................................................................ 103
Enabling the Reprint Saved Jobs Feature ..................................................................................................... 103
Creating and Managing Saved Jobs Folders .............................................................................................. 103
WorkCentre 7500 Series Multifunction Printer 5
System Administrator Guide
Contents
Saving and Printing Jobs ..................................................................................................................................... 104
Backing up Saved Jobs ......................................................................................................................................... 105
Restoring Saved Jobs from an FTP Repository ........................................................................................... 105
Printing Jobs from CentreWare Internet Services ............................................................................................ 106
Managing Banner Page Printing Options ............................................................................................................. 107
Enabling Banner Page Printing in CentreWare Internet Services ...................................................... 107
Enabling Banner Page Printing at the Control Panel .............................................................................. 107
Enabling Banner Page Printing in the Print Driver .................................................................................... 108
Secure Print Settings ..................................................................................................................................................... 109
Chapter Hold All Jobs ................................................................................................................................................. 110
Configuring the Hold all Jobs Feature ........................................................................................................... 110
UNIX, Linux, and AS/400 Printing ........................................................................................................................... 111
Xerox® Services for UNIX Systems ................................................................................................................ 111
Printing from a Linux Workstation .................................................................................................................. 112
Adding the Printer .................................................................................................................................................. 113
Printing with CUPS ................................................................................................................................................. 113
AS/400 ......................................................................................................................................................................... 113
Print from USB ................................................................................................................................................................. 114
Enabling Print from USB ...................................................................................................................................... 114
6 Managing Copy Functions 115
Specifying Default Copy Settings ............................................................................................................................ 116
Changing the Reading Order ..................................................................................................................................... 117
Accessing Copy Presets ................................................................................................................................................ 118
Edge Erase Presets .................................................................................................................................................. 118
Changing Image Shift Presets .......................................................................................................................... 118
Changing Reduce/Enlarge Presets .................................................................................................................. 118
7 Scanning 119
Scanning to a Folder on the Printer ........................................................................................................................ 120
Enabling or Disabling Scan to Mailbox .......................................................................................................... 120
Setting Scan Policies .............................................................................................................................................. 120
Managing Folders and Scanned Files ............................................................................................................ 121
Scanning to an Email Address ................................................................................................................................... 124
Editing Default Scan Settings ........................................................................................................................... 124
Managing the Email Address Book ................................................................................................................. 124
Workflow Scanning ........................................................................................................................................................ 125
Configuring Workflow Scanning ...................................................................................................................... 125
Configuring File Repository Settings .............................................................................................................. 125
Configuring the Default Template .................................................................................................................. 130
Configuring Workflow Scanning General Settings ................................................................................... 132
Setting Scanned Image File Naming Conventions .................................................................................. 133
Configuring Template Pool Repository Settings ....................................................................................... 133
Updating the List of Templates at the Control Panel ............................................................................. 134
Setting Template Display Settings for the Control Panel ..................................................................... 134
6 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Contents
Configuring a Validation Server ....................................................................................................................... 135
Scan to USB ....................................................................................................................................................................... 136
Enabling Scan to USB ........................................................................................................................................... 136
Scanning to a User Home Folder ............................................................................................................................. 137
Configuring Scan to Home ................................................................................................................................. 137
Configuring the Printer for the Xerox Scan Utility ............................................................................................ 138
8 Faxing 139
Embedded Fax ................................................................................................................................................................. 140
Enabling Embedded Fax ...................................................................................................................................... 140
Configuring Embedded Fax Settings ............................................................................................................. 140
Setting Fax Defaults .............................................................................................................................................. 141
Setting Transmission Defaults .......................................................................................................................... 143
Fax Reports ................................................................................................................................................................ 144
Fax Forwarding ........................................................................................................................................................ 146
Fax Polling .................................................................................................................................................................. 147
Server Fax ........................................................................................................................................................................... 149
Configuring a Server Fax Filing Repository .................................................................................................. 149
Configuring Server Fax General Settings ...................................................................................................... 153
Configuring Server Fax Settings ....................................................................................................................... 153
Configuring Server Fax Image Quality Settings ........................................................................................ 154
Configuring Fax Settings Layout Adjustment ............................................................................................ 154
Configuring Server Fax Filing Options ........................................................................................................... 154
Internet Fax ...................................................................................................................................................................... 155
Configuring Default Internet Fax Settings .................................................................................................. 155
Configuring Internet Fax Receive Settings .................................................................................................. 157
Internet Fax Addresses ........................................................................................................................................ 157
LAN Fax ............................................................................................................................................................................... 158
9 Accounting 159
Xerox Standard Accounting ....................................................................................................................................... 160
Enabling Xerox® Standard Accounting ........................................................................................................ 160
General and Group Accounts ............................................................................................................................. 160
Adding a New User and Setting Usage Limits ........................................................................................... 161
Assigning Users to an Account ......................................................................................................................... 162
Maximum Usage Limits ....................................................................................................................................... 162
Printing a Report ..................................................................................................................................................... 163
Network Accounting ...................................................................................................................................................... 164
Enabling and Configuring Network Accounting ........................................................................................ 165
Enabling Accounting in Print Drivers ...................................................................................................................... 166
Enabling Accounting in a Windows Print Driver ........................................................................................ 166
Enabling Accounting in an Apple Macintosh Print Driver...................................................................... 166
Displaying Your Company Logo on the Blocking Screen ............................................................................... 167
Displaying Your Company Logo on the Blocking Screen ....................................................................... 167
WorkCentre 7500 Series Multifunction Printer 7
System Administrator Guide
Contents
10 Administrator Tools 169
Monitoring Alerts and Status ..................................................................................................................................... 170
Alert Notification .................................................................................................................................................... 170
Energy Saving Settings ................................................................................................................................................. 172
Configuring Sleep Mode Settings at the Control Panel ......................................................................... 172
Setting the Date and Time ......................................................................................................................................... 173
Setting the Date and Time in CentreWare Internet Services .............................................................. 173
Setting the Date and Time at the Control Panel ...................................................................................... 173
Taking the Printer Offline ............................................................................................................................................ 174
Restarting the Printer in CentreWare Internet Services ......................................................................... 174
Restarting the Printer at the Control Panel ................................................................................................. 174
SMart eSolutions and Billing Information ........................................................................................................... 175
SMart eSolutions ..................................................................................................................................................... 175
View Usage and Billing Information .............................................................................................................. 177
Cloning ................................................................................................................................................................................ 178
Creating a Clone File ............................................................................................................................................. 178
Installing a Clone File ........................................................................................................................................... 178
Address Books .................................................................................................................................................................. 179
Internet Fax and Email Address Book............................................................................................................ 179
Fax Address Book .................................................................................................................................................... 181
LAN Fax Address Book .......................................................................................................................................... 181
Font Management Utility ........................................................................................................................................... 182
Network Logs .................................................................................................................................................................... 183
Downloading a Network Log Using a USB Flash Drive........................................................................... 183
Downloading a Network Log from CentreWare Internet Services .................................................... 183
Customizing Printer Contact Information ........................................................................................................... 184
Updating the Printer Software .................................................................................................................................. 185
Enabling Upgrades ................................................................................................................................................. 185
Manually Upgrading Printer Software ........................................................................................................... 185
Manually Updating the Software Using a USB Flash Drive ................................................................. 185
Configuring Automatic Updates ...................................................................................................................... 186
Xerox Online Support .................................................................................................................................................... 187
Enabling Xerox Online Support ......................................................................................................................... 187
11 Customization and Expansion 189
Xerox Extensible Interface Platform....................................................................................................................... 190
Enabling Extensible Services .............................................................................................................................. 190
Auxiliary Interface Kit ................................................................................................................................................... 191
Driver Download Link .................................................................................................................................................... 192
Customizing or Hiding the Driver Download Link ..................................................................................... 192
A Audit Log Event Identification Numbers 193
Audit Log Event Identification Numbers .............................................................................................................. 194
8 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Contents
WorkCentre 7500 Series Multifunction Printer 9
System Administrator Guide
Introduction
This chapter includes:
Overview .................................................................................................................................................................................. 12
More Information ................................................................................................................................................................ 13
1
WorkCentre 7500 Series Multifunction Printer 11
System Administrator Guide
Introduction
Overview
This guide is designed for a system administrator with network administrator rights who understands
networking concepts and has experience creating and managing network user accounts.
Use this guide to help you install, configure, and manage your printer on a network.
Notes:
Network features are not available when you are connected over USB.
Configuration Steps
When configuring the printer for the first time, complete the following tasks:
1. Connect an Ethernet cable from your printer to the network.
2. Confirm that your printer is recognized on your network. By default, the printer is configured to
3. Complete the installation wizards. These wizards help you configure basic printer settings such as
4. Print a Configuration Report listing the current printer configuration. Review the report and locate
5. Open a Web browser and type the IP address of your printer to access CentreWare Internet Services.
6. Print the Configuration Checklist. The Configuration Checklist provides space for you to write down
7. Configure Authentication. For details, see Setting Up Access Rights on page 60.
8. Configure Security. For details, see Security on page 59.
9. Enable services in CentreWare Internet Services. For details, see Enabling Services on page 20.
10. Configure Print, Scan, and Fax features. For details, see Printing on page 101, Scanning on page 119,
11. Configure Accounting. For details, see Accounting on page 159.
Embedded fax features are not available for all printer models.
receive an IP address from a DHCP server over a TCP/IP network. If you have another type of
network, or want to assign a static IP address, see IP on page 27.
your location, time zone, and date and time preferences.
the printer IP address. For details, see Configuration Report on page 17.
CentreWare Internet Services is the administration and configuration software installed on the
embedded Web server in the printer. For details, see Accessing CentreWare Internet Services on page
19.
Note: Most configuration settings are located on the Properties tab in CentreWare Internet Services.
important information as you go through the configuration process. Use it to record information
about your network settings, including passwords, network paths, and server addresses.
and Faxing on page 139.
Note: Not all printer models support these features.
12 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Introduction
More Information
You can obtain more information about your printer from these sources:
Resource Location
Installation Guide Packaged with printer and at
www.xerox.com/office/WC75xxdocs
Quick Use Guide Packaged with printer and at
www.xerox.com/office/WC75xxdocs
User Guide Software and Documentation Disc and at
www.xerox.com/office/WC75xxdocs
Video Tutorials www.xerox.com/office/WC75xxdocs
Recommended Media List United States: www.xerox.com/paper
Europe: www.xerox.com/europaper
Technical support information for your printer.
Includes online technical support, Online
Support Assistant, and driver downloads.
Information about printer menus or error
messages.
Information pages Click Status > Information Pages in CentreWare Internet
CentreWare Internet Services Help Help button in CentreWare Internet Services
Order supplies for your printer www.xerox.com/office/WC75xxsupplies
A resource for tools and information, such as
interactive tutorials, printing templates, helpful
tips, and customized features to meet your
individual needs.
Local sales and support center www.xerox.com/office/worldcontacts
Printer registration www.xerox.com/office/register
Xerox® Direct online store www.direct.xerox.com/
www.xerox.com/office/WC75xxsupport
Control panel Help (?) button
Services
www.xerox.com/office/businessresourcecenter
WorkCentre 7500 Series Multifunction Printer 13
System Administrator Guide
Initial Setup
This chapter includes:
Physically Connecting the Printer ................................................................................................................................. 16
Initial Setup at the Control Panel ................................................................................................................................. 17
Initial Setup in CentreWare Internet Services ......................................................................................................... 19
Physical Connection Settings .......................................................................................................................................... 22
2
WorkCentre 7500 Series Multifunction Printer 15
System Administrator Guide
Initial Setup
Physically Connecting the Printer
1. Connect the power cord to the printer, and plug it into an electrical outlet.
2. Connect one end of a Category 5 or better Ethernet cable to the Ethernet port on the back of the
printer. Connect the other end of the cable to a correctly configured network port.
3. If your printer has fax installed, connect it to a correctly configured telephone line.
4. Turn on the printer.
16 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Initial Setup
Initial Setup at the Control Panel
Installation Wizard
The Installation wizard starts the first time you turn on the printer. The wizard prompts you with a series
of questions to help you configure basic printer settings.
Note: You can change these settings at any time.
Quick Setup Home
After the Installation wizard completes, the Quick Setup Home wizard appears. Use the Quick Setup
Home wizard to configure printer settings.
Note: You can complete the wizard at any time.
1. Use the IP Address Settings wizard to assign a static IP address or change the default dynamic
addressing settings.
2. Use the Contact Numbers wizard to type phone numbers for support or supplies.
After the Quick Setup Home wizard completes, the printer restarts and a Configuration Report
automatically prints.
Configuration Report
The Configuration Report lists all current settings of the printer. A configuration report prints at startup by
default.
1. In CentreWare Internet Services, click Status > Configuration Report.
2. To print the report, click Print Configuration Page.
To turn off automatic printing of a Configuration Report at startup, see Disabling the Configuration
Report at Startup on page 18.
Note: If the system administrator has restricted printing of the Configuration Report, you need a user
name and password to print. For details, see the system administrator.
System Administrator Access at the Control Panel
1. At the printer control panel, press the Machine Status button, then touch the Tools tab.
2. Press the Log In/Out button.
3. Type admin and touch Next.
4. Type the Admin Password and touch Enter. The default password is 1111.
WorkCentre 7500 Series Multifunction Printer 17
System Administrator Guide
Initial Setup
Disabling the Configuration Report at Startup
1. In CentreWare Internet Services, click Properties > Services.
2. Click Printing > General.
3. Under Configuration Report, clear Print at Power on.
4. Click Apply to save the new settings or Undo to retain the previous settings.
Manually Setting the Ethernet Interface Speed
The Ethernet interface on the printer automatically detects the speed of your network. Any auto-sensing
devices connected to the network, such as a hub, do not always detect the correct speed. Refer to the
configuration report to ensure that the printer detects the correct network speed.
1. At the printer control panel, press the Machine Status button, then touch the Tools tab.
2. Touch Network Settings > Advanced Settings.
3. When the warning message appears, touch Continue.
4. Touch Ethernet Physical Media.
5. Select the speed to match the speed of your hub or switch.
6. Touch Save, then touch Close.
Assigning a Network Address
The printer automatically acquires a network address from a DHCP server by default. To assign a static IP
address, configure DNS server settings, or configure other TCP/IP settings, see IP on page 27.
18 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Initial Setup
Initial Setup in CentreWare Internet Services
CentreWare Internet Services is the administration and configuration software installed on the
embedded Web server in the printer. It allows you to configure and administer the printer from a Web
browser.
Before you begin:
TCP/IP and HTTP must be enabled to access CentreWare Internet Services. If you disable either of
these services, enable them at the printer before accessing CentreWare Internet Services.
Locate your printer IP address using the Configuration Report.
Note: If your printer is locked, type the system administrator user name and password to access the
Properties tab. The administrator user name is admin and the default password is 1111.
Accessing CentreWare Internet Services
At your computer, open a Web browser, type the IP address of the printer in the address field, then press
Enter or Return.
Locking or Unlocking the Printer
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click Tools & Feature Access.
3. Under Presets, select:
Standard Access - Only Lock Tools to lock the printer.
Open Access - Unlock All Tools and Features to unlock the printer.
Custom Access to select to lock or unlock individually any of the services in the list.
4. Click Apply to save the new settings or Undo to retain the previous settings.
Changing the System Administrator Password
Xerox® recommends that you change the default system administrator password after you configure the
printer. Be sure to store the password in a secure location.
1. In CentreWare Internet Services, click Properties > Security.
2. Click Admin Password.
3. Under User Name, type the New Password.
4. Retype the password to verify.
5. Click Apply to save the new settings or Undo to retain the previous settings.
WorkCentre 7500 Series Multifunction Printer 19
System Administrator Guide
Initial Setup
Using the Configuration Overview Page
The Configuration Overview page contains links to the commonly-accessed pages on the Properties tab.
Use the Configuration Overview page to help you install your printer successfully.
1. In CentreWare Internet Services, click Properties > Configuration Page.
2. To configure any of the services or features, click Settings next to the service to open that page. You
can also click View to open a page showing all options that you can select to create a clone file.
Possible options include:
SMart eSolutions
Print Protocols
Email
Workflow Scanning
Server Fax
Internet Fax
Cloning
Note: Not all options listed are supported on all printers. Some options apply only to specific printer
models or configurations.
Assigning the Printer Name and Location
1. In CentreWare Internet Services, click Properties > Description.
2. Under Device Name, type a name for the printer.
3. Under Location, type the location of the printer.
4. Click Apply to save the new settings or Undo to retain the previous settings.
Enabling Services
Services must be enabled before they can be managed through the Tools and Feature Access page.
1. In CentreWare Internet Services, click Properties > Services.
2. Click Service Registration.
3. Select the services to enable or click Enable All.
4. Click Apply to save the new settings or Undo to retain the previous settings.
Note: If a service is not enabled on the Service Registration page, you cannot view or manage it from
the Tools and Features page. Ensure that the desired service is enabled.
Viewing Services on the Control Panel
1. At the printer control panel, press the Machine Status button, then touch the Machine Information
tab.
2. Touch Installed Options.
All installed options registered in CentreWare Internet Services and their status appear. Set options
to Locked or Unlocked on the Tools & Services page.
20 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Initial Setup
WorkCentre 7500 Series Multifunction Printer 21
System Administrator Guide
Initial Setup
Physical Connection Settings
You can specify Ethernet and USB settings, such as Ethernet Rated Speed, USB Connection Mode, and
Print Timeout for USB printing.
Setting Ethernet Options
1. In CentreWare Internet Services, click Properties > Connectivity > Physical Connections.
2. Click Ethernet.
3. Under Rated Speed, click the down arrow and select the speed of your connection.
4. Click Apply to save the new settings or Undo to retain the previous settings.
Click Default All to reset settings to default values.
Note: Restart the printer for the new settings to take effect.
Setting USB Options
1. In CentreWare Internet Services, click Properties > Connectivity > Physical Connections.
2. Click USB Settings.
3. Under USB Connection Mode, select an option:
Software Tools: Select this option if you are using Xerox
disable Direct Printing via Driver. Xerox representatives also use this option to connect directly
to the printer and use diagnostic software and other software utilities.
Direct Printing via Driver: Select this option to allow users to connect to the printer using a USB
cable.
4. Under Print Timeout, type the amount of time in seconds that the printer waits inactive before
disconnecting from a device connected to the port. Type 0 to disable the timeout.
5. Click Apply.
®
Copier Assistant, or if you want to
22 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
This chapter includes:
AppleTalk ................................................................................................................................................................................. 24
NetWare ................................................................................................................................................................................... 25
IP ................................................................................................................................................................................................. 27
SLP .............................................................................................................................................................................................. 32
FTP .............................................................................................................................................................................................. 33
SNMP ......................................................................................................................................................................................... 34
SSDP .......................................................................................................................................................................................... 38
Microsoft Networking ......................................................................................................................................................... 39
LPR/LPD .................................................................................................................................................................................... 40
Raw TCP/IP Printing ............................................................................................................................................................ 41
SMB Filing................................................................................................................................................................................ 43
SMTP Server ........................................................................................................................................................................... 44
LDAP .......................................................................................................................................................................................... 46
HTTP .......................................................................................................................................................................................... 52
POP3 .......................................................................................................................................................................................... 54
Proxy Server ............................................................................................................................................................................ 55
NTP ............................................................................................................................................................................................. 56
WSD ........................................................................................................................................................................................... 57
Sleep Mode Network Settings ........................................................................................................................................ 58
3
WorkCentre 7500 Series Multifunction Printer 23
System Administrator Guide
Network Configuration
AppleTalk
AppleTalk is a proprietary suite of protocols developed for networking computers by Apple, Inc. An
AppleTalk zone is a group of nodes or networks organized by departments or physical locations.
Before you begin:
Verify that there is an existing operational AppleTalk network.
Determine the AppleTalk Name you wish to assign to your printer.
Determine the AppleTalk Zone, if used, to assign to your printer.
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click AppleTalk.
3. Under Protocol, select Enabled to enable the protocol.
4. Under Printer Name, type the printer name or use the default name. The default printer name is
based on the printer MAC address.
5. Under Zone Name, type a new zone name or use the default AppleTalk local zone. The default
AppleTalk local zone is *.
6. Click Apply to save the new settings or Undo to retain the previous settings.
7. Click Default All to reset settings to default values.
24 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
NetWare
NetWare is a network operating system developed by Novell to run various services using cooperative
multitasking.
Before you begin:
Ensure an existing operational NetWare network is available.
Verify that you have administrator rights to log in to a NetWare file server or tree.
Ensure that the printer is connected to the network.
Set up a print server object using the appropriate Novell utility. Refer to the Novell system
documentation for help.
Configuring NetWare Settings
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click NetWare.
3. Select Enabled to enable the protocol.
4. Select IP or IPX from the Filing Transport menu.
5. Select the Frame Type from the menu. Options are:
Auto
Ethernet II
Ethernet 802.2
Ethernet 802.3
6. Type a polling rate between 1–240 seconds for the print server in Queue Poll Interval. The default
value is 5 seconds.
7. Type the Printer Server Name. The default name is XRX_MAC address.
8. Type then retype the server password in the New Print Server Password and Retype New Print Server
Password fields.
9. Enable Select to save new password.
Service Advertising Protocol
Service Advertising Protocol (SAP) sends periodic broadcast messages to other network components
about available services on the printer. SAP facilitates dynamic adding and removing of services on an
IPX internetwork. As servers start up and shut down, they can advertise and remove their services using
SAP.
1. Under Protocol, select Enabled.
2. Under SAP Frequency, type the time in seconds between 15–300. The default time value is 60
seconds.
WorkCentre 7500 Series Multifunction Printer 25
System Administrator Guide
Network Configuration
Configuring NetWare Bindery Settings
Bindery services are a stand-alone database system that contains user information and security data.
NetWare can use Bindery services for authentication.
If you are using Bindery mode, under Bindery Settings, type the names of up to four primary file servers in
the File Server fields.
Note: When the printer uses Bindery mode, the NDS Tree and NDS Context fields are blank.
Configuring NetWare Directory Services (NDS) Settings
NetWare Directory Services (NDS) is a hierarchical, object-oriented database that represents all of the
assets of an organization in a logical tree structure. Assets can include printers, servers, computers,
people, organizations, and more.
1. Under NetWare Directory Services (NDS), select the preferred address type. Select IPv4 to set a
static IPv4 address or select Host Name to configure with an NDS server.
Note: The NDS server is used for Workflow Scanning and Server Fax only.
2. Type a name for the NDS tree. The default entry for this field is Xerox_DS_Tree. If you are using
bindery or bindery emulation, leave this field blank.
3. Type a name for the context. The default entry for this field is Xerox_DS_Context. If you are using
bindery or bindery emulation, leave this field blank.
4. Click Apply to save the new settings or Undo to retain the previous settings.
5. Click Default All to reset settings to default values.
26 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
IP
Internet Protocol (IP) is a protocol within the Internet Protocol Suite that manages the transmission of
messages from computer to computer.
Enabling TCP/IP
1. At the printer control panel, press the Machine Status button, then touch the Tools tab.
2. Touch Network Settings > TCP/IP Settings.
3. Touch TCPIP Enablement.
4. Touch Enable for IPv4 or IPv6, then touch Save.
Note: By default, TCP/IP is enabled. If you disable TCP/IP, enable it at the printer control panel before
you access CentreWare Internet Services.
Configuring TCP/IP Settings at the Control Panel
Manually Configuring the Network Address
1. At the printer control panel, press the Machine Status button, then touch the Tools tab.
2. Touch Network Settings > TCP/IP Settings.
3. Touch Dynamic Addressing.
4. Touch Disabled, then touch Save.
5. Touch IP Address/Host Name.
6. Touch the field under IPv4 Address, then type the static IP address using the touch screen keypad.
7. Touch the field under Host Name, then type the host name.
8. Touch Save, then touch Close.
9. Touch Subnet and Gateway.
10. Touch Subnet Mask, then type the subnet mask address using the touch screen keypad.
11. Touch Save.
12. Touch IP Gateway, type the gateway address using the touch screen keypad, then touch Save.
Configuring Dynamic Address Settings
1. At the printer control panel, press the Machine Status button, then touch the Tools tab.
2. Touch Network Settings > TCP/IP Settings.
3. Touch Dynamic Addressing.
4. Touch DHCP or BOOTP, then touch Save.
WorkCentre 7500 Series Multifunction Printer 27
System Administrator Guide
Network Configuration
Configuring DNS/DDNS Settings at the Control Panel
Domain Name System (DNS) and Dynamic Domain Name System (DDNS) are systems that map host
names to IP addresses.
1. At the printer control panel, press the Machine Status button, then touch the Tools tab.
2. Touch Network Settings > TCP/IP Settings.
3. Touch DNS Configuration.
Note: If DHCP is enabled, your company DHCP server can provide the following information.
4. Touch Domain Name, touch the field under Domain Name, type the domain name using the touch
screen keypad, then touch Save.
5. Touch DNS Servers.
a. Touch Primary DNS Server, then type the server address using the touch screen keypad.
b. Touch Alternate DNS Server #1, then type the server address using the touch screen keypad.
c. Touch Alternate DNS Server #2, then type the server address using the touch screen keypad.
d. Touch Save, then touch Close to exit the DNS Servers screen.
6. Touch Dynamic DNS Registration, and touch Enable under IPv4 or IPv6 if necessary.
Configuring IP Settings in CentreWare Internet Services
If your printer has a valid network address, you can configure TCP/IP settings in CentreWare Internet
Services.
Configuring IPv4
You can use IPv4 or IPv6 in addition to or in place of the other.
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click IP (Internet Protocol) > IPv4.
3. Under Protocol, select Enabled to enable the protocol.
CAUTION: If both IPv4 and IPv6 are disabled, you cannot access CentreWare Internet Services. To
access IPv4 and IPv6 settings in CentreWare Internet Services, enable TCP/IP at the printer control
panel. If you disable TCP/IP or change the IP address, any dependent protocols are disabled and the
4. Under IP Address Resolution select an option from the drop-down list. Depending on the option you
network controller restarts.
select, some or all of the fields can be disabled.
STATIC: This option disables dynamic addressing and allows you to type a static IP address.
Type the Machine IP Address, Subnet Mask, and Gateway Address.
BOOTP: This option allows your DHCP server to assign an IP address to the printer. Dynamic
DNS Registration is enabled.
DHCP: This option allows your DHCP server to assign an IP address to the printer. Dynamic DNS
Registration is enabled.
28 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
5. Select Enabled under Release Registration to send a release request to the DHCP and DNS servers. If
the servers grant the request, the current IP address and any dynamic DNS name are released when
the printer is turned off.
6. Under Zero-Configuration Networking, select Enabled under Self Assigned Address. This option
instructs the printer to assign itself an address if a DHCP server does not provide one.
7. Click Apply to save the new settings or Undo to retain the previous settings.
8. Click Default All to reset settings to default values. This option also disables FIPS 140 mode.
Configuring Settings for IPv6
IPv6 hosts can automatically configure themselves when connected to a routed IPv6 network using the
Internet Control Message Protocol Version 6 (ICMPv6). ICMPv6 performs error reporting for IP along with
other diagnostic functions. When first connected to a network, a host sends a link-local multicast router
solicitation request for configuration parameters. If suitably configured, routers respond to this request
with a router advertisement packet containing network-layer configuration parameters.
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click IP > IPv6.
3. Under Protocol, select Enabled to enable the protocol.
CAUTION: If both IPv4 and IPv6 are disabled, you cannot access CentreWare Internet Services. To
access IPv4 and IPv6 settings in CentreWare Internet Services, enable TCP/IP at the printer control
panel. If you disable TCP/IP or change the IP address, any dependent protocols are disabled and the
4. Under Stateless Addresses, enable Use Router Supplied Prefixes to allow the router to assign
5. Under Default Dynamic Host Configuration Protocol (DHCP) Settings, select how DHCP operates for
6. Select Release DHCPv6 Address at Power Down to release the current DCHP-assigned address and
7. Select Enable Manual Address to specify an address manually. Select a Router Prefix from the
8. Select Prefer IPv6 Address over IPv4 to use an IPv6 address before using an IPv4 address.
9. Click Apply to save the new settings or Undo to retain the previous settings.
10. Click Default All to reset settings to default values.
network controller restarts.
address prefixes.
IPv6. Options are:
Use DHCP as directed by a router
Always enable DHCP for address assignment and other configuration data
Always enable DHCP for other configuration data only
Never use DHCP
any DNS name when the printer is turned off.
menu, or type a new router prefix and click Add.
DNS
Domain Name System (DNS) and Dynamic Domain Name System (DDNS) are systems that map host
names to IP addresses.
WorkCentre 7500 Series Multifunction Printer 29
System Administrator Guide
Network Configuration
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click IP (Internet Protocol) > DNS.
3. Under Host Name, type a unique name for your printer. If the host name successfully registers to the
DNS server, the host name appears under Verified Host Name. The default host name is XRX_xxx,
where xxx is the MAC address of the printer.
Note: If no host name, or a different host name appears under Verified Host Name, the host name
did not successfully register to the DNS server. Ensure that your network supports direct client DNS
name registration, or configure your DHCP server to perform updates on behalf of the DHCP clients.
Configure your DNS server to allow dynamic updates.
4. Under Domain Name, type the name of the domain to which the printer is connected.
If the domain name successfully registers to the DNS server, the domain name appears under
Verified Domain Name.
30 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
Note: If no domain name, or a different domain name appears, the domain name did not
successfully register to the DNS server. Ensure that your network supports direct client DNS name
registration, or configure your DHCP server to perform updates on behalf of the DHCP clients.
Configure your DNS server to allow dynamic updates.
5. Select Enabled under Dynamic DNS Registration of IPv4 Address, or Dynamic DNS Registration of
IPv6 Address, if desired. This option allows your DDNS server to register the host name of the printer
automatically. If you change the host name in CentreWare Internet Services, the registered host
name is updated on your DDNS server. Clear the Enabled check box if your network does not support
dynamic name addressing. Manage host names in the DNS server manually.
6. Under Remove this Device's IPv4 DNS Registration, select Enabled if necessary. This option allows
the printer to send a release request to the DHCP and DNS servers. If the servers grant the request,
the current IP address and any dynamic DNS name are released when the printer is turned off.
7. Under Remove this Device's IPv6 DNS Registration at power down, select Enabled if necessary. This
option allows the printer to release the current DCHP-assigned address and any DNS name when the
printer is turned off.
8. To allow users to see and connect to the printer using Bonjour, under Multicast DNS Registration,
select Enabled.
9. If you have a DHCP server, and the printer recognizes your DNS server, the address appears under
DNS Server Addresses. If you want to use other DNS servers, type the IPv4 or IPv6 server address
under Additional DNS Server Addresses.
10. Under DNS Connection Timeout, type the time in seconds that the printer waits if it fails to connect
to a DNS server. After the timeout period, the printer attempts to connect to any additional DNS
servers.
11. If you have a DHCP server, recognized search domain names appear in a list under Domain Name
Search List.The list of domain names allows the DNS server to recognize unqualified host names. If
you want the printer to search for other domain names, type the domain names under Additional
Search Domains.
12. Under Append Device Domain, select Enabled to add the domain of the printer to the Domain
Name Search List.
13. Under Append Parent Domains, select Enabled to add the parent domains of the printer to the
Domain Name Search List.
14. Click Apply.
WorkCentre 7500 Series Multifunction Printer 31
System Administrator Guide
Network Configuration
SLP
Printers use Service Location Protocol (SLP) to announce and look up services on a local network without
prior configuration. When SLP is enabled, the printer becomes a Service Agent (SA) and announces its
services to User Agents (UA) on the network using SLP.
Directory Agents (DA) are components that cache services. They are used in larger networks to reduce the
amount of traffic. DAs are optional. If a DA is present, then User Agents (UAs) and System Agents (SAs)
are required to use it instead of communicating directly with the printer.
Configuring SLP
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click SLP.
3. Under Protocol, select Enabled.
4. Under Directory Agent, type the IP address for the Directory Agent (DA), if one is used. This entry is
optional.
5. If you use scopes to group services, type in the Scope 1, 2, and 3 names. Printers cannot see services
that are in different scopes. Under Message Type, select Multicast to route multicast packets
between subnets, or select Broadcast not to route packets between subnets.
6. Select the Multicast Radius value between 0–255. This value defines how many routers the multicast
packet can cross. The default value is 255.
7. Select a value for Maximum Transmission Unit (MTU) size between 484–32768 bytes. The default
value is 1400 bytes.
Note: The maximum MTU for IP over Ethernet is 1500 bytes.
8. Click Apply to save the new settings or Undo to retain the previous settings.
9. Click Default All to reset settings to default values.
32 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
FTP
File Transport Protocol (FTP) is a standard network protocol used to pass and manipulate files over a
TCP/IP network. Several services running on your printer, including Network Scanning, Saved Jobs Backup,
and Software upgrade can use FTP as a filing service.
Note: In Active mode, data transfers over a fixed, known port from a connection made from the
server. In Passive mode, data transfers over a random port number specified by the FTP server from a
connection made from the printer.
Setting FTP Mode
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click FTP.
3. Under Mode, select the FTP operational mode to use when FTP is the selected protocol for network
filing. Options are Passive or Active.
WorkCentre 7500 Series Multifunction Printer 33
System Administrator Guide
Network Configuration
SNMP
Simple Network Management Protocol (SNMP) is a set of network protocols designed to allow you to
manage and monitor devices on your network.
You can use the SNMP configuration pages in CentreWare Internet Services to:
Enable or disable Authentication Failure Generic Traps.
Enable SNMPv3 to create an encrypted channel for secure printer management.
Assign privacy, authentication protocols, and keys to Administrative and key user accounts.
Assign read and write access to User accounts.
Limit SNMP access to the printer using hosts.
Enabling SNMP
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click SNMP.
3. Select Enable SNMP v1/v2c Protocols to enable the protocol.
4. Select Enable SMNP v3 Protocols to enable the protocol.
5. Under Authentication Failure Generic Traps, select Enable to prompt the printer to generate a trap
for every SNMP request processed with an invalid community name.
6. Click Apply to save the new settings or Undo to retain the previous settings.
Note: Click Apply after enabling the protocols and before navigating to any other pages to ensure
that your settings are saved.
Configuring SNMPv1/v2c
SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. SNMPv1 operates over
protocols such as User Datagram Protocol (UDP), IP, and Novell Internet Packet Exchange (IPX).
SNMPv2c includes improvements in performance, confidentiality, and manager-to-manager
communications over SNMPv1, however it uses the simple-community based security scheme of SNMPv1.
34 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click SNMP.
3. Under SNMP Properties, click Edit SNMPv1/v2c Properties.
4. Type a name up to 256 characters for the GET Community Name or use the default value of public.
GET returns the password for the SNMP GET requests to the printer. Applications obtaining
information from the printer using SNMP, such as CentreWare Internet Services, use this password.
5. Type a name up to 256 characters for the SET Community Name or use the default value of private.
SET returns the password for the SNMP SET requests to the printer. Applications that set information
on the printer using SNMP use this password.
CAUTION: Changes made to the GET or SET community names for this printer require corresponding
changes to GET or SET community names applications using SNMP.
6. Type a name up to 256 characters for the default TRAP Community Name or use the default value
of SNMP_TRAP.
Note: Use the Default TRAP Community Name to specify the default community name for all traps
generated by this printer. Individual Trap Community Names specified for each trap destination
address can override the community name. Each Trap Community Name must be unique.
7. Click Save to apply the new settings or Undo to retain the previous settings.
Click Cancel to return to the previous page.
Configuring SNMPv3
SNMPv3 is the current standard version of SNMP defined by the Internet Engineering Task Force (IETF).
It provides three important security features:
Message integrity to ensure that a packet has not been tampered with in transit
Authentication to verify that the message is from a valid source
Encryption of packets to prevent unauthorized access
Before you begin:
Ensure that Secure HTTP (SSL) is enabled.
Ensure that a certificate is installed on the printer.
WorkCentre 7500 Series Multifunction Printer 35
System Administrator Guide
Network Configuration
Editing SNMPv3 Properties
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click SNMP.
3. Under SNMP Properties, click Edit SNMP v3 Properties.
4. Under Administrator Account, select Account Enabled to create the administrator account.
5. Type and confirm the Authentication Password. The Authentication Password is used to generate a
key used for authentication.
6. Type and confirm the Privacy Password. The Privacy Password is used for encryption of SNMPv3
data. The passphrase used to encrypt the data must match the passphrase on the Server.
Note: The passwords must be at least 8 characters in length and can include any characters except
control characters.
7. Select the checkbox to save new password.
8. Under Print Drivers/Remote Clients Account, click Account Enabled. To reset the default password,
click Reset. This account allows Xerox
9. Click Save to apply the new settings or Undo to retain the previous settings.
10. Click Cancel to return to the previous page.
®
clients and drivers limited access to objects on the printer.
Configuring SNMP Advanced Settings
You can add, edit, or delete IP and IPX addresses for Network Management workstations that receive
traps from the printer.
Configuring SNMP Advanced Settings
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click SNMP.
3. Click Advanced Settings.
4. To add an IP trap destination address, under Trap Destination Addresses, click Add IP Address.
5. To add an IPX trap destination address, under Trap Destination Addresses, click Add IPX Address.
6. To edit an address, next to the address click Edit.
7. To delete an address, select the check box next to the address and click Delete.
Adding or Editing an IP Trap Destination Address
1. On the Advanced Settings page, click Add IPX Address, or select an existing address and click Edit.
2. Type the IP address of the host running the SNMP manager that receives traps.
3. Type the UDP Port Number. The default is 162 for traps.
4. Select the SNMP version based on what the system receiving traps supports.
5. Select the type of traps that the SNMP manager receives under Traps to be Received.
6. Click Save to apply the new settings or Undo to retain the previous settings.
7. Click Cancel to return to the previous page.
36 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
Adding or Editing an IPX Trap Destination Address
1. On the Advanced Settings page, click Add IP Address, or select an existing address and click Edit.
2. Type the 8-digit hexadecimal number that identifies the IPX External Network host configured to
receive the trap.
3. Type the 48-bit Physical MAC Address of the computer running the SMNP manager application
receiving the trap.
4. Type the IPX Socket Number of the computer running the SNMP manager application configured to
receive the packets. The default IPX Socket Number is 9010.
5. Select the SNMP Version.
6. Select the type of traps that the SNMP manager receives under Traps to be Received.
7. Click Save to apply the new settings or Undo to retain the previous settings.
8. Click Cancel to return to the previous page.
WorkCentre 7500 Series Multifunction Printer 37
System Administrator Guide
Network Configuration
SSDP
Simple Service Discovery Protocol (SSDP) provides processes to allow network clients with little or no static
configuration to discover network services. SSDP provides multicast discovery, server-based notification,
and discovery routing options.
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click SSDP.
3. Under Protocol, select Enabled.
4. Under Cache Control, type a value between 1–43200 minutes. The default value is 1440 minutes.
5. Under Time to Live, type a number between 1–60 router hops for discovery advertisement. The
default number of hops is 4.
6. Click Apply to save the new settings or Undo to retain the previous settings.
Click Default All to reset settings to default values.
38 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
Microsoft Networking
When running WINS, the printer registers its IP address and NetBIOS Host Name with a WINS server.
WINS allows the printer to communicate using host name only. Using Microsoft Networking removes
significant overhead for systems administrators.
Configuring Microsoft Networking
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click Microsoft Networking.
3. Under Protocol, select Enabled to enable the protocol.
4. Type the name of the workgroup in the Workgroup field.
5. Type the host name used to provide shared access and authenticate interprocess communication in
the SMB Host Name field.
6. If desired, type a descriptive comment in the SMB Host Name Comment field.
7. Type the name of the share in the Share Name field.
8. If desired, type a descriptive comment in the Share Name Comment field.
9. Type the maximum number of connections allowed, between 10–30, in Maximum Connections.
10. Type the desired number of seconds, between 1–32767, until the connection times out.
Configuring WINS
1. Under Server Information, select Enabled to enable the protocol.
2. Type the IP Address for your primary server.
3. If desired, type an IP Address for a secondary server.
Note: If DHCP is configured, WINS IP Addresses are overridden.
4. Click Apply to save the new settings or Undo to retain the previous settings.
WorkCentre 7500 Series Multifunction Printer 39
System Administrator Guide
Network Configuration
LPR/LPD
1. The Line Printer Daemon (LPD) and Line Printer Remote (LPR) protocols provide printer spooling and
network print server functionality for UNIX-based systems, such as HP-UX, Linux, and Macintosh.In
CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click LPR/LPD.
3. Under Protocol, select Enable.
4. Type an LPR/LPD Port Number or use the default port number of 515.
5. Under Advanced Settings, select Enabled to allow PDL Switching. This option allows the printer to
process a single print job that contains two or more printer languages. An example is a PostScript
print job with a PCL header.
6. Select Enabled to enable PDL banner page attributes override LPR control file attributes for job
name and owner. This feature allows you to replace the standard information displayed on a banner
page with the user name and job name from the print job.
7. Select the desired option from the Place temporary hold on which jobs drop-down menu. Options
include:
None (Use printer's default banner sheet job name if data file 1st): The printer does not wait
to receive the job control information. This selection can cause banner page information to print
incorrectly.
Only those with data file received 1st: The printer holds the job if the data file for the job is
received first. This option ensures that the printer waits to receive the control file information to
print banner page details correctly.
All (consistent with older implementations): This option puts all jobs on hold. All data is
received before a job begins printing. This setting can cause jobs to print slowly but results in
accurate banner page information.
8. Click Apply to save the new settings or Undo to retain the previous settings.
40 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
Raw TCP/IP Printing
Raw TCP/IP is used to open a TCP socket-level connection over Port 9100, and stream a print-ready file to
the printer input buffer. It then closes the connection either after sensing an End Of Job character in the
PDL or after expiration of a preset timeout value. Port 9100 does not require an LPR request from the
computer or the use of an LPD running on the printer. Raw TCP/IP printing is selected in Windows as the
Standard TCP/IP port.
Configuring Raw TCP/IP Settings
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click Raw TCP/IP Printing.
3. Select Enabled to enable the protocol.
4. Ensure that the TCP Port Number is set to 9100 for Port 1. If you want to emulate HP JetDirect EX
Plus 3, set Port 2 to 9101 and Port 3 to 9102.
5. Select Enabled for bidirectional communication.
6. Set the Maximum Connections per port between 1–32 for each port. The default port value is 32.
7. Set the End of Job Timeout to the desired number of seconds between 0–1800 before the job is
processed with an End of Job character. The default time is 300 seconds.
8. Select Enabled for PDL Switching to allow the printer to switch automatically between multiple
supported PDLs within a single job. PDL switching is normally disabled.
9. Click Apply to save the new settings or Undo to retain the previous settings.
Click Default All to reset settings to default values.
Note: Enable TCP/IP before enabling Raw TCP/IP printing.
Configuring Raw TCP/IP Advanced Settings
Use this page to set additional Raw TCP/IP Printing options for Ports 1, 2, and 3.
To configure Advanced Settings:
1. Under Connections, set the following:
Set the Maximum Connections per port between 1–32. The default port value is 32.
To allow concurrent jobs to process for each port connection, type a number between 0–500
jobs in each port. Type 0 to allow unlimited concurrent jobs.
To limit the number of jobs that are active for each port connection, type a number between
0–32768. Type 0 to allow unlimited number of active jobs.
2. Under Job Boundary Determination:
Type the End of Job Timeout between 0–1800 seconds to specify the amount of time to pass
before a job processes with an End of Job character. The default time is 300 seconds. Type 0 to
disable end of job detection by timeout.
WorkCentre 7500 Series Multifunction Printer 41
System Administrator Guide
Network Configuration
3. Under Backchannel Data:
Enable Backchannel Data Transmission to Client, then, enable Out of Order Backchannel
Data to allow data from several jobs to be interspersed.
Note: Out of Order Backchannel Data is only available when Backchannel Data Transmission to
Client is enabled.
4. Under Banner Page Printing:
To restrict banner pages to print for specific jobs only, select the job types from the Banner Page
Enabled drop-down menu. Options are First Job Only, No Jobs, or All Jobs.
To enable banner pages to print before each PDL document within a single job, select Enabled
for Banner Page for Each Document of Job.
To restrict banner pages to print for jobs that specifically request them through PJL, select
Enabled for Banner Page for Job Containing only PJL Commands.
5. Miscellaneous
To allow the printer to switch between multiple PDLs within a single job, select Enabled for
Language (PDL) Switching within PJL Job.
To force parsing of job data, select Enabled for Job Data Parsing Override.
Note: Job data is not parsed when bidirectional communication and PDL switching are disabled.
6. Click Apply to save the new settings or Undo to retain the previous settings.
Click Default All to reset settings to default values.
42 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
SMB Filing
You can specify Kerberos authentication options for features that file images to an SMB-shared network
location.
Configuring Kerberos Authentication Options for SMB
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Under With Kerberos Tickets, for Workflow Scanning, Server Fax, and Scan to Home features, select
an option:
Always File with Kerberos Ticket: The printer only attempts to use Kerberos authentication to
the SMB shared network location. Configure Network Authentication or Smart Card
Authentication using a Kerberos server.
Prefer Filing with Kerberos Ticket: The printer authenticates to the SMB shared network
location with a Kerberos ticket if available. If a Kerberos ticket is not available, or Kerberos
authentication fails, the printer attempts to authenticate using other methods, such as NT, or
NTLM.
Do Not File with Kerberos Ticket: The printer attempts to authenticate to the SMB shared
network location using other methods, such as NT, or NTLM. Do not select this option when
Smart Card authentication is enabled. If you select this option when Smart Card authentication
is enabled, SMB file transmission fails, and an error message appears on the touch screen.
3. Under WIthout Kerberos Tickets, features that use SMB, but cannot use Kerberos authentication are
listed. Click the link under the feature name to navigate to the configuration page for that feature.
Disable these features or configure them to use a protocol other than SMB for FIPS 140 compliance.
4. Click Apply.
WorkCentre 7500 Series Multifunction Printer 43
System Administrator Guide
Network Configuration
SMTP Server
Simple Mail Transfer Protocol (SMTP) is an Internet standard used to transmit email across IP networks.
Your printer uses SMTP to transmit scanned images and Internet Fax jobs through email.
Configuring SMTP Settings
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click SMTP (Email).
3. Under Required Information, select the desired method to locate an SMTP server.
Select Use DNS to identify SMTP Server to allow DNS automatically to find an SMTP server on
the network.
Select Specify SMTP Server manually to map to a specific SMTP server.
Note: If you select Use DNS to identify SMTP Server, ensure that DNS is configured for either IPv4 or
IPv6 before you define the SMTP server.
4. Select the address type. Options include IPv4, IPv6, or Host Name.
5. Type the appropriately formatted address and port number. The default port number is 25.
6. Type the email address assigned to the printer by the SMTP server in the multifunction device Email
Address field.
7. Click Apply to save the new settings or Undo to retain the previous settings.
Configuring SMTP Settings Optional Information
1. To define a maximum message size for messages with attachments, type a value between
512–20480 KB in the Maximum Message Size field. The default size is 10240 KB.
2. To improve transmission speed, set messages to fragment between 2–500 times. The default value
for Number of Fragments is 1.
3. To set a maximum job size, type a value between 512–2000000 KB in the Total Job Size field.
4. If you selected more than 1 fragment in Number of Fragments, you can select how the email jobs
are split for Email Job Splitting Boundary. Select:
Page Boundary to instruct mail client not to reassemble the job on receipt.
Automatic Boundary to instruct the mail client to reassemble the job on receipt.
44 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
5. Under Login Credentials for the multifunction device, select System. This option instructs the printer
to authenticate itself using the Login Name and Password configured on this page. Select None to
instruct the printer not to provide authentication credentials to the SMTP server.
6. If you select System, type the Login Name and Password used to access the server.
7. Enable Select to save new password to update the password for an existing Login Name.
8. If authentication is enabled, and Tools and Feature Access is configured to require users to log in
before accessing email, select Authenticated User under Login Credentials for the Walkup User. You
can also allow this field to default to the same setting that you selected for sending automated
emails.
9. Click Apply to save the new settings or Undo to retain the previous settings.
WorkCentre 7500 Series Multifunction Printer 45
System Administrator Guide
Network Configuration
LDAP
This section includes:
Configuring LDAP Servers ................................................................................................................................................. 46
Configuring LDAP Server Optional Information ..................................................................................................... 46
Configuring LDAP Contexts ............................................................................................................................................. 47
Configuring LDAP User Mappings ................................................................................................................................ 48
Configuring LDAP Authorization Access .................................................................................................................... 48
Configuring LDAP Custom Filters .................................................................................................................................. 50
Lightweight Directory Access Protocol (LDAP) is a protocol used to process queries and updates to an
LDAP information directory, on an external server. LDAP can also be used for network authentication and
authorization. LDAP directories are heavily optimized for read performance. Use this page to define how
the printer retrieves user information from an LDAP directory.
The LDAP Server page displays the current LDAP servers configured for your printer. You can configure a
maximum of nine LDAP servers for your printer.
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click LDAP.
3. To add a new LDAP server, click Add New.
4. To edit an LDAP server, click Edit next to the server you want to edit.
5. To copy an LDAP Server configuration, click Copy From.
6. To delete all LDAP servers configured, click Delete All.
Configuring LDAP Servers
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click LDAP.
3. To add a new server, click Add New Server. To edit existing LDAP server settings, select the server
and click Edit.
4. Under Server Information, select the preferred address type. Options are IPv4, IPv6, or Host Name.
5. Type a Friendly Name for the LDAP Server.
6. Type the appropriately formatted address and port number. The default port number is 389.
7. Select the LDAP server type from the LDAP Server menu.
Configuring LDAP Server Optional Information
1. Type the search directory root path in the Search Directory Root field using Base DN format.
For more detail on Base DN formatting, refer to the RFC 2849 - LDAP Data Interchange Format
(LDIF) Technical Specification on the IETF website.
46 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
2. Specify the login credentials required to access the LDAP directory. Options are:
None: The server does not require the printer to provide a user name or password.
Authenticated User: The printer uses the user name and password of the authenticated user to
access the server.
System: The printer uses the information provided in the Login Name and Password fields to
access the server.
3. If needed, type the Login Name and Password after you select the Login Credential type.
4. Retype the password and select Save Password, if needed.
5. If SSL is desired, select Enable SSL under SSL.
a. Select Validate Repository SSL Certificate to allow the printer to validate certificates.
b. Under Trusted SSL Certificates, select the certificate you want to use.
c. To view the selected certificate details, or save the certificate to your computer, click View/Save.
Note: If the LDAP Server has encryption enabled, a certificate issued from the LDAP server certificate
authority must be installed on the printer.
6. Under Maximum Number of Search Results, type a number between 5–100 for the maximum
number of addresses returned that match search criteria. The default number is 25. You can also
type the LDAP server maximum.
7. Under Search Timeout, select Use LDAP Server Timeout to allow the printer use the LDAP server
current settings. To specify a time, select Wait, and type the number of seconds between 5–100 that
the printer waits before timing out. The default is 30 seconds.
Note: If you are having trouble retrieving results from your LDAP server, use the Wait option.
8. If your primary LDAP server is connected to additional servers, select LDAP Referrals to include those
LDAP servers in your searches.
9. Under the Perform Query on heading, select:
Surname and Given Name Fields to instruct the printer to query the configured surname and
given name fields.
Mapped Name Field to instruct the printer to query the configured name field. allows you to
specify how the name fields are mapped. After you apply this setting, click User Mappings to
define the field mapping.
10. Click Apply to save the new settings or Undo to retain the previous settings.
Configuring LDAP Contexts
Contexts are a defined starting points in an LDAP database from which the search function begins
searching. Contexts are used with the Authentication feature. You can configure the printer
automatically to add an authentication context to the Login Name provided by the user.
Note: Contexts are only used if you configure LDAP server settings and select NDS as the server type.
WorkCentre 7500 Series Multifunction Printer 47
System Administrator Guide
Network Configuration
Configuring Contexts for LDAP
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click LDAP.
3. Click Contexts at the top of the LDAP Server page.
4. Type details in the Default Login Context field.
5. Click Apply to save the new settings or Undo to retain the previous settings.
Configuring LDAP User Mappings
LDAP servers display different results depending on how they implement mappings. Use this page to map
LDAP fields to fields on your printer. Editing current map settings allows you to fine-tune server search
results.
Defining User Mappings
1. Click User Mappings at the top of the LDAP Server page.
2. Under Search, type the user name you want to search for in the Enter Name field, then click Search.
If a match occurs, the user information displays.
3. Click the drop-down menu under Imported Heading to remap fields as needed. The schema on the
LDAP server defines the headings.
Note: Internet Fax users must ensure that the Internet Fax field is not set to No Mappings Available
in the drop-down menu. This setting prevents the Network Address Book from displaying on the
Internet Fax screen on the printer control panel. If your LDAP server does not contain a unique
Internet Fax address field, it can be set to match the heading for email address.
Configuring LDAP Authorization Access
If you have specified Remote Authorization as the authentication type, you can use LDAP user groups to
control access to printer services and features. Access group names are defined in the LDAP server. For
example, the LDAP server can contain a group of users called Admin. You can configure the Admin group
on the printer so that only members of this group have administrator access to the printer. When a user
belonging to the group Admin logs in to the printer, the printer performs an LDAP directory look-up to
verify the user. Once authenticated, the user is allowed administrative rights to the printer.
Note: User groups can only be configured for the first LDAP server in the list. All other servers use the
same Authorization Access settings.
Configuring User Roles Access
You can assign users to specific roles groups to allow them types of access.
48 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
1. Click Authorization Access at the top of the LDAP Server page.
2. On the Authorization Access page, click the User Roles tab.
3. In the System Administrator Access field, type the name of an LDAP server group to use to grant
system administrator access to the printer.
4. In the Accounting Administrator Access field, type the name of the LDAP server group to use to grant
accounting administrator access to the printer.
5. Click Apply.
6. To verify if a user has access to either role, type the user name in the Enter User Name field, then
click Test.
If the pathway is locked and if the user is a member of the LDAP group, the group appears next to
the user name. If the user is not a member of the group, No Access appears.
7. When completed, click Close.
Configuring Device Access
1. Click Authorization Access at the top of the LDAP Server page.
2. On the Authorization Access page, click the Device Access tab.
3. In the Services Pathway field, type the name of an LDAP server group to use to allow access to
printer services and features.
4. Repeat the process for Job Status Pathway and Machine Status Pathway.
5. Click Apply.
6. To verify if a user has access to either role, type the user name in the Enter User Name field, then
click Test.
If the pathway is locked and if the user is a member of the LDAP group, the group appears next to
the user name. If the user is not a member of the group, No Access appears.
7. Click Close.
Note: Device or Service Access setup requires that Authentication is configured and Tools and
Feature Access are configured to require users to log in before accessing services.
Configuring Services Access
You can specify access to the services of the printer under Service Access. Type the names of the LDAP
groups for any of the services listed.
WorkCentre 7500 Series Multifunction Printer 49
System Administrator Guide
Network Configuration
1. Click Authorization Access at the top of the LDAP Server page.
2. On the Authorization Access page, click the Service Access tab.
3. Under Access Group, type the names of the LDAP groups allowed access to each of the individual
printer services.
4. Click Apply.
5. To verify if a user has access to either role, type the user name in the Enter User Name field, then
click Test.
6. If the pathway is locked and if the user is a member of the LDAP group, the group appears next to
the user name. If the user is not a member of the group, No Access appears.
7. When completed, click Close.
Note: Device or Service Access setup requires that Authentication is configured and Tools and
Feature Access are configured to require users to log in before accessing services.
Configuring Feature Access
You can set access rights to selected features on your printer using the Feature Access tab.
1. Click Authorization Access at the top of the LDAP Server page.
2. Click the Feature Access tab.
3. For each on the printer, type the name of the LDAP group allowed to access the feature.
4. Click Apply.
5. To verify if a user has access to either role, type the user name in the Enter User Name field, then
click Test.
If the pathway is locked and if the user is a member of the LDAP group, the group appears next to
the user name. If the user is not a member of the group, No Access appears.
6. When completed, click Close.
Note: Device or Service Access setup requires that Authentication is configured and Tools and
Feature Access are configured to require users to log in before accessing services.
Configuring LDAP Custom Filters
You can edit Custom Filters so that text strings typed at the control panel are changed to match the
format required by the LDAP server.
There are three types of filters that you can customize:
LDAP Authentication Filter: Add text to the beginning of a User ID, or the Login Name configured
as the System Login Name for the Server.
Email Address Book Filter: Customize the standard filter that is used when a user types a name to
search in the Network Address Book.
User ID Query Filter: Customize the standard filter that the printer uses when searching for the
name of the logged in user. For example, when Remote Authorization is configured, and a user logs
in at the control panel, the printer searches the authorization server using this filter. The standard
filter looks in the field mapped as the Login Name field. If you are using an ADS LDAP server, this
50 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
field is typically sAMAccountName. Do not use wildcard characters if you want a search for a specific
person to return an exact match.
Configuring Custom Filters
1. Click Custom Filters at the top of the LDAP Server page.
2. To configure an LDAP Authentication filter, under LDAP Authentication, select Prepend Domain
Name. This setting prepends the base DN to a user Relative Distinguished Name (RDN) when
authenticating the user. Use the Common Name (CN) attribute to specify USERID in the base DN.
Notes:
If Authenticated User is selected for Login Credentials to Access LDAP Server, some
UNIX/Linux LDAP servers can require setting the Prepend Domain Name attribute.
For more detail on Base DN formatting, refer to the RFC 2849 - LDAP Data Interchange Format
3. To configure an LDAP Authentication filter, under Email Address Book Filter, select Enable Custom
Filter.
4. Type the LDAP search string or filter that you want to apply in the field. The filter defines a series of
conditions that the LDAP search must fulfill to return the desired information. For example, to find
people only, type (ObjectClass=Person)&(cn=LDAP*).
5. To configure an LDAP Authentication filter, under User ID Query Filter, select Enable Custom Filter.
6. Type the LDAP search string or filter that you want to apply, where LDAP represents the string
provided for the query. The filter defines a series of conditions that the LDAP search must fulfill to
return the desired information. For example, to find the user with an sAMAccountName of Bob, type
(objectClass=user) (sAMAccountName=Bob).
7. Click Apply to save the new settings or Undo to retain the previous settings.
(LDIF) Technical Specification on the IETF website.
WorkCentre 7500 Series Multifunction Printer 51
System Administrator Guide
Network Configuration
HTTP
Hypertext Transfer Protocol (HTTP) is a request-response standard protocol between clients and servers.
Clients that make HTTP requests are called User Agents (UAs). Servers that respond to these requests for
resources, such as HTML pages, are called Origin Servers. There can be any number of intermediaries, such
as tunnels, proxies, or gateways between User Agents and Origin Servers.
Enabling HTTP at the Control Panel
1. At the printer control panel, press the Machine Status button, then touch the Tools tab.
2. Touch Network Settings > Advanced Settings.
3. Touch Continue.
4. Touch HTTP Settings.
5. Touch Enable, then touch Save.
Configuring HTTP Settings in CentreWare Internet Services
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click HTTP.
3. Under Configuration, select Enabled to enable the protocol.
4. Change the HTTP Port Number if needed. The default is 80.
5. In Keep Alive Timeout, type the time between 1–60 seconds that the printer waits for a response
from a connected user before terminating the connection. The default time is 15 seconds.
Note: Increasing the Keep Alive Timeout can cause connections to slow down.
6. To encrypt HTTP communication using SSL, under Secure HTTPS, select Enabled. When SSL is
enabled, all Web pages contain https:// in the URL.
a. From the Choose Device Certificate menu, select the Device Certificate to use for SSL.
b. To view the selected certificate details, or save the certificate to your computer, click View/Save.
®
c. If you are using the Default Xerox
Trusted CA Certificate in your Web browser. Installing the Generic Xerox
ensures that your browser trusts the printer. To download the certificate, click Download the
Generic Xerox Trusted CA Certificate.
7. If necessary, change the Secure HTTP Port Number. The default is 443.
8. Click Apply to save the new settings or Undo to retain the previous settings.
9. Click Default All to reset settings to default values.
Device Certificate, you can install the Generic Xerox®
®
Trusted CA Certificate
HTTP Web Services
This page provides a list of all available Web services on your printer and displays their configuration
status.
52 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
Services are grouped into the following categories:
Device Discovery
Print Services
Scan Services
Job Management
Security
Remote System Management
Selecting Web Services for HTTP
1. To enable or disable individual services, select the check box next to one or more services. To enable
or disable all services at one time, click Enable All or Disable All.
2. If additional settings are required for a selected service, the status column indicates the required
update and a Settings button appears. Click Settings to configure the service.
3. Click Apply to save the new settings or Undo to retain the previous settings.
HTTP Advanced Settings
The Advanced Web Services page displays all services currently enabled on the printer and their port
numbers.
To remove all login restrictions for web services on the printer, under Web Services IP Lockout, click Clear
Lockout.
WorkCentre 7500 Series Multifunction Printer 53
System Administrator Guide
Network Configuration
POP3
Post Office Protocol, version 3 (POP3) is a protocol that allows email clients to retrieve email from remote
servers over TCP/IP on network port 110. This printer uses POP3 for the Internet Fax and email features to
retrieve fax jobs over email. POP3 is not compatible with IPv6.
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click POP3 Setup.
3. Under Server Information, select either IPv4 or Host Name for the address type.
4. Under POP3 Server, type the appropriately formatted address and port number. The default port
number is 110.
5. Type the Login Name assigned to the printer used to log in to the POP3 server.
6. Type then retype an alphanumeric Password.
7. Enable Select to save new password.
8. Under POP3 Settings, select Enable receipt of Email via POP3.
9. Type a Polling Interval value between 1–60 minutes. The default value is 15 minutes.
10. Click Apply to save the new settings or Undo to retain the previous settings.
54 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
Proxy Server
A proxy server acts as a go-between for clients seeking services and servers that provide them. The proxy
server filters client requests and if the requests meet the proxy server filtering rules, it grants the request
and allows the connection.
A proxy server has two main purposes:
To keep any devices behind it anonymous for security purposes.
To cache content from resources, such as Web pages from a Web server, to increase resource
Configuring the Proxy Server
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click Proxy Server.
3. Under HTTP Proxy Server, select Enabled.
4. Select the Proxy Server address type. Options are IPv4 Address, IPv6 Address, or Host Name.
5. Type the appropriately formatted address and port number. The default port number is 8080.
6. Click Apply to save the new settings or Undo to retain the previous settings.
access time.
WorkCentre 7500 Series Multifunction Printer 55
System Administrator Guide
Network Configuration
NTP
The Network Time Protocol (NTP) synchronizes the internal clocks of computers over a network
connection at system startup and every subsequent 24-hour period thereafter. If your printer uses DHCP
and an NTP server, or if a DHCP server provides Greenwich Mean Time (GMT) offset, these settings are
ignored.
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click NTP.
3. Under Network Time Protocol, select Enabled to enable the protocol.
4. Select the address type. Options are IPv4 Address or Host Name.
5. Type the appropriately formatted address and port numbers for IP Address: Port and Alternate IP
Address: Port. The default port number is 123.
6. Click Apply to save the new settings or Undo to retain the previous settings.
Note: Restart your printer for the new settings to take effect.
56 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Network Configuration
WSD
Web Services for Devices (WSD) is technology from Microsoft that provides a standard method for
discovering and using network connected devices. It is supported in Windows Vista and Windows Server
2008 operating systems. WSD is one of several supported communication protocols.
Enabling WSD
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click WSD.
3. Under WSD Services, select Enabled.
WorkCentre 7500 Series Multifunction Printer 57
System Administrator Guide
Network Configuration
Sleep Mode Network Settings
You can allow the printer to poll Novell print queues and broadcast Service Advertising Protocol (SAP)
during sleep mode.
Configuring Sleep Mode Settings
1. In CentreWare Internet Services, click Properties > General Setup.
2. Click Sleep Mode Settings.
3. To allow the printer to poll Novell print queues, select Resume Network Controller Briefly to Poll
Novell Print Queues During Sleep Mode.
4. Type the time in seconds to define the interval the printer uses to come out of Sleep Mode.
5. To allow the printer to broadcast SAP during sleep mode, select Resume Network Controller Briefly
to Broadcast Service Advertising Protocol (SAP) During Sleep Mode.
6. Type the time in seconds to define the interval the printer uses to come out of Sleep Mode.
7. Click Apply to save the new settings or Undo to retain the previous settings.
See also:
NetWare on page 25.
Sleep Mode Network Settings Advanced
You can allow the printer to respond to four types of broadcast packets during sleep mode.
Notes:
Some printers do not support this function.
If the printer is using an IPv6 Link-Local address, enabling the IPv6 ND multicast filter brings
Configuring Advanced Sleep Mode Settings
1. In CentreWare Internet Services, click Properties > General Setup.
2. Click Sleep Mode Settings > Advanced Settings.
3. In the Packet Priority list, click the Increase Priority and Decrease Priority buttons to prioritize the
packet types.
4. Click Apply to save the priority list.
The printer processes the list and displays the top four packet types if the corresponding protocols
have been enabled. Packet types that do not have the corresponding protocol enabled are skipped.
5. Click Return to return to the Sleep Mode Settings page.
the printer out of sleep mode.
58 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
This chapter includes:
Setting Up Access Rights .................................................................................................................................................. 60
Secure HTTP (SSL) ................................................................................................................................................................ 75
FIPS 140-2 ............................................................................................................................................................................... 76
Stored Data Encryption ..................................................................................................................................................... 78
IP Filtering ............................................................................................................................................................................... 79
Audit Log ................................................................................................................................................................................. 81
IPsec .......................................................................................................................................................................................... 83
Security Certificates ............................................................................................................................................................ 88
802.1X ....................................................................................................................................................................................... 92
System Timeout .................................................................................................................................................................... 95
Overwriting Image Data ................................................................................................................................................... 96
PostScript Passwords .......................................................................................................................................................... 98
USB Port Security ................................................................................................................................................................. 99
4
See also:
WorkCentre 7500 Series Multifunction Printer 59
System Administrator Guide
www.xerox.com/security
Security
Setting Up Access Rights
This section includes:
Local Authentication .......................................................................................................................................................... 61
User Permissions ................................................................................................................................................................... 63
Network Authentication .................................................................................................................................................... 67
Network Authorization ...................................................................................................................................................... 69
Authentication Using a Card Reader System .......................................................................................................... 70
You can control access to services and features by setting up authentication and authorization.
Personalization allows the printer to retrieve user information to customize features.
Authentication
Authentication is the process of confirming the identity of a user. When authentication is enabled, the
printer compares the information that a user provides to another source of information, such as an LDAP
directory. Users can be authenticated when accessing the control panel or when accessing CentreWare
Internet Services.
There are several ways to authenticate a user:
Local: When local authentication is configured, users log in at the control panel. The printer
compares the user credentials to the information stored in the User Information Database. Use this
authentication method if you have a limited number of users, or do not have access to an
authentication server.
Network: When network authentication is configured, users log in at the control panel. The printer
compares the user credentials to the information stored on an authentication server.
The printer can use one of the following protocols to communicate with your authentication server:
Kerberos (Solaris)
Kerberos (Windows 2000/2003)
NDS
SMB (Windows 2000/2003)
LDAP
Card Reader:
When Xerox
identification card at the control panel. The printer compares the user credentials to the
information stored on the Xerox
and install the Xerox Secure Access Unified ID System
®
Secure Access authentication is configured, users swipe a pre-programmed
®
Secure Access server. To use Xerox® Secure Access, purchase
®
.
When Smart Card authentication is configured, users swipe a pre-programmed identification
card at the control panel. Purchase and install a Smart Card reading system before configuring
Smart Card authentication.
Authorization
60 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Authorization is the process of defining the features that users are allowed to access. For example, you
can configure the printer to allow a user to copy, scan, and fax, but not email.
There are two types of authorization:
Local: User login information is stored on the printer in the User Information Database.
Network: User login information is stored externally in a network database, such as an LDAP
directory.
Personalization
Personalization is the process of customizing services for a specific user. The printer searches an LDAP
directory for the home directory and email address of a user when using Scan to Home, or Email Scanning
features.
Local Authentication
When local authentication is configured, users log in at the control panel. The printer compares the user
credentials to the information stored in the User Information Database. Use this authentication method
if you have a limited number of users, or do not have access to an authentication server.
Setting up Local Authentication
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click Edit.
3. Under Authentication method on the machine's touch interface, select User Name / Password
Validated Locally on the Xerox Machine.
4. Under Authorization information is stored, select Locally on the Xerox Machine (Internal
Database).
5. Enable personalization if you want to allow the printer to retrieve user information, such as email
address or home directory, from an LDAP server. Select the check box next to Automatically retrieve
the following information for the authenticated user from LDAP.
Note: LDAP settings must be configured to use personalization.
6. Click Save to apply the new settings or Undo to retain the previous settings.
Click Cancel to return to the previous page.
User Information
The User Information Database stores user credential information for Local Authentication.
WorkCentre 7500 Series Multifunction Printer 61
System Administrator Guide
Security
Adding User Information to the Local Database
1. In CentreWare Internet Services, click Properties > Security > User Information Database.
2. Click Setup.
3. Click Add New User.
4. Type the User Name and Friendly Name of the user. Type a Password then retype the Password to
verify.
Note: If the authentication method is not set to Local Authentication, the Password field is not
editable.
5. Select a User Role:
System Administrator: Users in this role are allowed to access all services and settings.
Accounting Administrator: Users in this role are allowed to access accounting settings and
other services and settings that are locked.
Non-Authenticated User: Users who are not authenticated can only access features as
specified in the Non-Authenticated User role.
If you have created any user roles, they also appear in the list.
6. Click Save to apply the new settings or Cancel to return to the previous screen.
Editing User Information
1. On the User Information Database page, click Edit next to a user name to edit information about
the user.
2. Update the user information.
3. Click Save.
Specifying Password Requirements
1. In CentreWare Internet Services, click Properties > Security > User Information Database.
2. Click Password Settings.
3. Specify the password Minimum Length and Maximum Length.
4. Select rules as desired:
Cannot contain Friendly Name
Cannot contain User Name
Must contain at least 1 number
5. Click Apply to save the new settings or Undo to retain the previous settings.
Note: New password rules do not affect existing passwords.
Specifying Job Override Policies
Use Job Override Policies to specify what happens when a user without appropriate print permissions
sends a color or 1-sided print job to the printer.
62 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click Job Override Policies.
3. Under Color Printing, select Print Job in Black & White, or Delete Job. If an unauthorized user sends
a color job, the job prints in black and white, or is deleted.
4. Under 1-Sided Printing, select Print Job 2-Sided, or Delete Job. If an unauthorized user sends a
1-sided job, the job prints 2-sided, or is deleted.
Controlling Access to Tools and Features
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click Tools & Feature Access.
3. Under Presets, select:
Standard Access to restrict access to the Tools tab at the control panel.
Open Access to allow all users, including non-authenticated users, to access all tools and
features in CentreWare Internet Services and at the control panel.
Custom Access to lock, unlock, or hide tools and features for all users.
4. If you selected Custom Access, select Locked or Unlocked.
5. Select Hidden to hide a service icon from the touch screen of the printer until an authorized user logs
in.
6. Click Apply to save the new settings or Undo to retain the previous settings.
User Permissions
Print permissions are rules that allow you to control printing times and methods for a group of users. You
can:
Restrict color printing, requiring users to print in black and white.
Restrict 1-sided printing, requiring users to print 2-sided.
Restrict a Job Type, such as Secure Print.
Restrict access to specific paper trays.
Specify the software applications from which users are allowed to print.
Restrict printing, color printing, and 1-sided printing from specific software applications.
Note: Users can see a list of restricted print methods in the print driver. If a user attempts to print at a
restricted time or using a restricted method, the printer does not process the job. The printer sends a
message to the user informing them why the job did not print.
User Roles
A role is a set of permissions associated with a group of users. To edit permissions for a group of users,
you edit permissions for a role. There are two types of roles:
Non-Authenticated Users Role: The Non-Authenticated Users role applies to any user who accesses
the printer, but does not provide authentication credentials. This role also applies to anyone who
WorkCentre 7500 Series Multifunction Printer 63
System Administrator Guide
Security
sends a job that is not associated with a user name or Job Owner. Examples are a job sent using LPR,
or a job sent from a mainframe application.
Authenticated Users Role: All roles that you create apply to authenticated users only. You can
assign users from the User Information Database to the role, or you can create a role that applies to
all authenticated users.
Editing the Role for Non-Authenticated Users
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click User Permissions.
3. Click the Non-Authenticated Users tab.
4. Under Actions, click Edit.
5. On the Manage User Permissions page, under Actions, click Edit next to the print settings that you
want to restrict.
6. A page opens, allowing you to edit settings for one of the following print permission types:
Setting Black and White and Color Print Permissions
1. On the When Users Can Print page, select:
Always to allow printing at all times.
Monday - Friday from to allow printing on weekdays. Select when users are allowed to print
from the From Time and To Time menus.
Time of Day (Advanced) to allow printing on specific days during a specific time range. Select
the From Time and To Time, and click Add Time Range next to the day. Click the trash can icon
to delete.
Never to restrict printing at all times.
2. Select Make color printing more restrictive than black & white printing to specify permissions for
Color and Black & White printing independently.
3. Click Save.
Setting 1-Sided Print Permissions
1. On the 1-Sided Printing page, under Role State, select Not Allowed to require users to print 2-sided.
2. Click Save.
Setting Job Type Print Permissions
1. On the Job Types page, under Presets, select one of the following options:
Allow all Job Types allows users to print any job type.
Only Allow Secure Print ensures that users only send Secure Print jobs.
Custom allows you to select the job types that users are allowed to send.
2. If you selected Custom, under Role State, next to each job type, select Not Allowed to restrict users
from using the job type.
3. Click the Lock icon to lock all job types or click the Unlock icon to unlock all job types.
4. Click Save.
64 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Setting Paper Tray Print Permissions
1. On the Paper Trays page, under Role State, next to each tray, select Not Allowed to restrict users
from using the tray.
2. Click the Lock icon to lock all trays or click the Unlock icon to unlock all trays.
3. Click Save.
Setting Application Print Permissions
1. On the Applications page, click Add New Application.
2. Under Application List, select an application.
3. Under Role State, next to Printing, Color Printing, or 1-Sided Printing, select Not Allowed to restrict
users from using the printing method.
4. Click Save to apply the new settings or Cancel to return to the previous screen.
Managing the List of Applications
Application Manager allows you to associate Application IDs with an Application Group. Application
Group Names for common application types appear in the table at the bottom of the Application
Manager page. The associated Application IDs appear next to each of the Application Group Names. An
Application ID identifies the application from which the job was sent. To control print permissions for an
application, the Application ID of the application must be associated with an Application Group Name. If
you send a job from an application that is not in the default list, a new Application ID appears in the
Custom Application ID list.
1. On the Applications page, click Application Manager.
2. To associate a custom Application ID with an existing Application Group, under Actions, click Merge
With.
a. Under Merge With the Application Group, select an application from the menu.
b. Click Save.
3. To create a new Application Group, under Actions, click Make This A Group.
a. Under Application Group Name, type a name for the group.
b. Click Save.
4. To delete a custom Application ID, under Actions, click Delete.
5. To delete or disassociate a custom Application ID from an Application Group Name, under Actions,
click Manage next to an Application Group Name.
a. Click Un-Merge to disassociate the Application ID, or click Delete to delete the Application ID.
b. Click Close.
6. To create a custom Application ID, click Add Manually.
a. Under Application ID, type an Application ID.
b. Click Save.
7. Click Close to return to the Applications page.
Creating Authenticated User Roles
To edit permissions for a specific group of users, you must first create a role.
WorkCentre 7500 Series Multifunction Printer 65
System Administrator Guide
Security
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click User Permissions.
3. Click the Authenticated Users tab.
4. Click Make Your Own Permission Roles or Add New Role.
5. Type a name and description for the role.
6. Click View Quick Setup Options, and select from the following options:
Remove all color printing restrictions
Start editing role with no restrictions
If you do not select any of these options, Print permissions are set to Allowed.
7. Click Create. The Assign Users to Role page appears.
8. Configure permissions and assign users to the role, or click Save to edit the role later.
Editing an Authenticated User Role
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click User Permissions.
3. Click the Authenticated Users tab.
4. Under Actions, click Edit next to a role.
Note: You cannot edit permissions for the System Administrator or Accounting Administrator roles.
Users assigned to the System Administrator Role can access all features of the printer. Users assigned
to the Accounting Administrator Role can only access accounting features.
5. On the Manage User Permissions page, click Print.
6. Under Actions, click Edit next to the print settings that you want to restrict. For details, see Editing
the Role for Non-Authenticated Users on page 64.
Assigning Users to a Role
If you add user information to the User Information Database and create a role, you can assign users to
the role.
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click User Permissions.
3. Click the Authenticated Users tab.
4. Click Edit next to a role.
5. Under Methods, select one of the following options:
Select Individual Users: At the bottom of the page, select the users that you want to assign to
the role.
All Authenticated Users: All users are assigned to the role.
Exceptions: At the bottom of the page, select the users that you want to remove from the role.
All other users are assigned to the role.
6. Click Save.
66 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Troubleshooting Conflicting Permissions
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click Troubleshooting.
3. Click Permission Summary next to a user name to see a summary of permissions for that user.
Temporarily Disabling Print Permissions for all Users
1. On the Troubleshooting page, click Permission Enablement Options.
2. Click Disable Print Restrictions to disable print restrictions for all users.
3. Click Enable Print Restrictions to enable print restrictions.
Network Authentication
When network authentication is configured, users log in at the control panel. The printer compares the
user credentials to the information stored on an authentication server.
Setting up Network Authentication
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click Setup.
3. Click Edit.
4. Under Authentication method on the machine's touch interface, select User Name/Password
Validated Remotely on the Network.
5. Under Authorization information is stored, select Remotely on the Network.
6. Enable personalization if you want to allow the printer to retrieve user information, such as email
address or home directory, from an LDAP server. Select the check box next to Automatically retrieve
the following information for the authenticated user from LDAP.
Note: LDAP settings must be configured to use personalization.
7. Click Save to apply the new settings or Undo to retain the previous settings.
Click Cancel to return to the previous page.
WorkCentre 7500 Series Multifunction Printer 67
System Administrator Guide
Security
Configuring Authentication Server Settings for Kerberos (Solaris)
1. On the Xerox® Access Setup page, click Edit next to Authentication Servers.
2. Under Authentication Type, select Kerberos (Solaris).
3. Click Add New.
4. Under Server Information, in the Realm field, type the realm for your authentication server.
5. Select the desired address type. Options are IPv4 Address, IPv6 Address, or Host Name.
6. Type the appropriately formatted address and port numbers for both the primary and backup
addresses. The default port number is 88.
Note: A backup address is optional.
7. If you want to use an LDAP server for Network Authorization or Personalization:
a. Click Add LDAP Mapping.
b. Select the LDAP server from the list and click Add Mapping, or click Add New to add a new
LDAP server.
8. Click Save Server.
9. To specify server settings for an alternate authentication server, click Add New.
10. To copy the settings from another server, select a server from the list and click Copy From.
11. Click Edit to update the settings.
Configuring Authentication Server Settings for Kerberos (Windows 2000/2003)
1. On the Xerox® Access Setup page, click Edit next to Authentication Servers.
2. Under Authentication Type, select Kerberos (Windows 2000/2003).
3. Click Add New.
4. Under Server Information, in the Realm field, type the realm for your authentication server.
5. Select the desired address type. Options are IPv4 Address, IPv6 Address, or Host Name.
6. Type the appropriately formatted address and port numbers for both the primary and backup
addresses. The default port number is 88.
Note: A backup address is optional.
7. If you want to use an LDAP server for Network Authorization or Personalization:
a. Click Add LDAP Mapping.
b. Select the LDAP server from the list and click Add Mapping, or click Add New to add a new
LDAP server.I
8. Click Save Server.
9. To specify server settings for an alternate authentication server, click Add New.
10. To copy the settings from another server, select a server from the list and click Copy From.
11. Click Edit to update the settings.
Configuring Authentication Server Settings for NDS (Novell)
Before you begin:
68 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Enable and configure Netware settings. For details, see NetWare on page 25.
1. On the Xerox
®
Access Setup page, click Edit next to Authentication Servers.
2. Under Authentication Type, select NDS (Novell).
3. Click Add New.
4. Under Default Tree/Context, type the details in the Tree and Context fields.
5. Click Save Server.
6. To specify server settings for an alternate authentication server, click Add New.
7. To copy the settings from another server, select a server from the list and click Copy From.
8. Click Edit to update the settings.
Configuring Authentication Server Settings for SMB
1. On the Xerox® Access Setup page, click Edit next to Authentication Servers.
2. Under Authentication Type, select SMB (Windows NT 4) or SMB (Windows 2000/2003).
3. Click Add New.
4. Under Domain, type the domain name of your authentication server.
5. If you want to specify domain controller IP addresses or host names, select Optional Information.
Address options appear.
6. Select the address type. Options are IPv4 Address, or Host Name.
7. Type the appropriately formatted address and port number. The default port number is 137.
8. Click Save Server.
9. To specify server settings for an alternate authentication server, click Add New.
10. To copy the settings from another server, select a server from the list and click Copy From.
11. Click Edit to update the settings.
Configuring Authentication Server Settings for LDAP
1. On the Xerox® Access Setup page, click Edit next to Authentication Servers.
2. Under Authentication Type, select LDAP.
3. Click Add New.
4. Configure LDAP server settings and click Apply.
5. To configure LDAP settings for a previously added LDAP server, click Edit next to the LDAP server in
the list.
A book icon appears in the list next to the LDAP server that is used for Network Address Book queries.
6. To specify server settings for an alternate authentication server, click Add New.
7. To copy the settings from another server, select a server from the list and click Copy From.
8. Click Edit to update the settings.
Network Authorization
When Remotely on the Network is selected as the authorization method, the printer references an
authorization server for authorization information for the authenticated user.
WorkCentre 7500 Series Multifunction Printer 69
System Administrator Guide
Security
Configuring Network Authorization
When Remotely on the Network is selected as the authorization method, the printer references an
authorization server for authorization information for the authenticated user.
1. On the Xerox
2. Under Authorization Configuration, select SMB or LDAP.
3. If you select LDAP, click the link under Configuration to go to the configuration page for LDAP
Servers.
4. If you select SMB:
a. Under Configuration, type the Default Domain.
b. If you want to specify domain controller IP addresses or host names, select Optional
Information.
c. Select IPv4 or Host Name.
d. Type the appropriately formatted address and port number. The default port number is 137.
e. Under Login Credentials to Access SMB Server, select an option:
None: The server does not require the printer to provide a user name or password.
Authenticated User: The printer uses the user name and password of the authenticated
System: The printer uses the information provided in the Login Name and Password fields
f. If you select System, type the Login Name and Password used to access the server. Retype the
password to verify.
g. Enable Select to save new password to update the password for an existing Login Name.
5. Configure settings on the User Roles, Device Access, Service Access, and Feature Access tabs.
6. Click Apply to save the new settings or Undo to retain the previous settings.
®
Access Setup page, under Action, click Edit next to Authorization Server.
user to access the server.
to access the server.
For more information about the User Roles, Device Access, Service Access, and Feature Access tabs, see
Configuring LDAP Authorization Access on page 48.
Authentication Using a Card Reader System
When Xerox® Secure Access authentication is configured, users swipe a pre-programmed identification
card at the control panel. The printer compares the user credentials to the information stored on the
®
Xerox
Unified ID System
When Smart Card authentication is configured, users swipe a pre-programmed identification card at the
control panel. Purchase and install a Smart Card reading system before configuring Smart Card
authentication.
Before you begin:
Enable Secure HTTP (SSL). For details, see HTTP on page 52.
Enable the Authentication & Authorization Configuration Web Service. For details, see HTTP on page
Format and configure identification cards.
70 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Secure Access server. To use Xerox® Secure Access, purchase and install the Xerox Secure Access
®
.
52.
Security
Connect your card reader to the USB port.
®
If you are using Xerox
software and configure it with user accounts. Refer to the Xerox
documentation for help.
Secure Access, install the Xerox® Secure Access authentication server
®
Secure Access Unified ID System
Note: Accounts created on the Xerox® Secure Access server must match accounts stored in the printer
local database or in another network authentication server.
Setting Up Authentication for a Smart Card System
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click Setup.
3. Click Edit.
4. Under Authentication method on the machine's touch interface, select Smart Cards.
5. You can configure an alternate authentication method to allow users to access the printer without a
smart card. Under Alternate authentication method on the machine's touch interface, select
User Name / Password Validated Remotely on the Network.
6. Specify a method for the printer to authenticate users who access CentreWare Internet Services
from their computer. Under Authentication method on the machine's web user interface, select
User Name / Password Validated Locally on the Xerox Machine or User Name / Password
Validated Remotely on the Network.
7. Under Authorization information is used, select Locally on the Xerox Machine, or Remotely on the
Network.
8. Click Save.
9. Type the Feature Enablement Key that is included in the Common Access Card Enablement Kit, and
click Next.
10. Click Next again. A list of configuration settings appears at the bottom of the Xerox
page.
11. Click Edit to configure any settings that are marked in red text as Required; Not Configured.
®
Access Setup
Configuring Domain Controller Settings
WorkCentre 7500 Series Multifunction Printer 71
System Administrator Guide
Security
1. On the Xerox® Access Setup page, under Action, click Edit next to Domain Controller(s). The domain
certificate on a smart card of a user must be validated on the domain controller server before they
can access the printer.
2. Click Add Domain Controller.
3. Under Domain Controller Type, select Windows Based Domain Controller if you are using one.
4. Type the domain controller server address information.
5. Click Save to apply the new settings or Cancel to return to the previous screen.
6. If you have added more that one domain controller server, you can prioritize the alternate servers.
Click Change Domain Priority.
a. On the Change Domain Priority page, select a domain controller in the list.
b. Click the Up Arrow or Down Arrow to change the search priority of the server.
c. Click Close.
7. To configure NTP settings, under Action, click Edit next to NTP. The domain controller time and the
time set on the printer must be synchronized. Xerox recommends that you enable NTP to ensure
time synchronization.
®
8. Click Close to return to the Xerox
Access Setup page.
Configuring OCSP Validation Server Settings
If you have an OCSP server, or an OCSP certificate validation service, you can configure the printer to
validate certificates installed on the domain controller.
®
1. On the Xerox
Access Setup page, under Action, click Edit next to Certificate Validation.
2. Select a validation method and click Next.
3. On the Required Settings page, type the URL of the OCSP server.
4. To ensure that the printer can communicate with the OCSP server and the domain controller,
configure your proxy server settings if necessary.
5. Click the appropriate link to install the root CA certificates for the OCSP server and your domain
controller.
6. Click Save to apply the new settings and return to the Xerox
Click Cancel to return to the Xerox
®
Access Setup page.
®
Access Setup page.
Setting the Inactive Time Limit
®
1. On the Xerox
Access Setup page, under Action, click Edit next to Smart Card Inactivity Timer.
2. Specify the maximum amount of time before a user is automatically logged out. Type the time in
minutes.
3. Click Save to apply the new settings and return to the Xerox
Click Cancel to return to the Xerox
®
Access Setup page.
®
Access Setup page.
Configuring Email Encryption and Signing Settings
®
1. On the Xerox
Access Setup page, under Action, click Edit next to Email Encryption/Signing.
2. To enable Email Encryption, under Email Encryption Enablement, select an option:
Always On; Not editable by user: Restrict users from turning Email Encryption on or off at the
control panel.
Editable by user: Allow users to turn Email Encryption on or off at the control panel.
72 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
3. If you select Editable by user, select the default setting for users at the control panel. Under Email
Encryption Default, select On or Off.
4. Under Encryption Algorithm, select one of the following encryption methods:
3DES
AES128
AES192
AES256
5. To enable Email Signing, under Email Signing Enablement, select an option:
Always On; Not editable by user: Restrict users from turning Email Signing on or off at the
control panel.
Editable by user: Allow users to turn Email Signing on or off at the control panel.
6. If you select Editable by user, specify the default setting for users at the control panel. Under Email
Signing Default, select On or Off.
7. Click Save to apply the new settings and return to the Xerox
Click Cancel to return to the Xerox
®
Access Setup page.
®
Access Setup page.
Displaying Your Company Logo on the Blocking Screen
You can customize the blocking screen to display your company logo. The blocking screen appears on the
printer touch screen when card reader authentication or an auxiliary accounting device is configured. The
screen displays a message when a user attempts to access a restricted feature, reminding users to swipe
an identification card to access the feature.
1. On the Xerox
®
Access Setup page, under Action, click Edit next to Import Customer Logo.
2. Click Browse or Choose File.
3. Select a .png file that is not larger than 300 x 200 pixels, and click Open.
4. Click Import.
5. Click Reboot Machine.
Setting Up Authentication for Xerox Secure Access
1. In CentreWare Internet Services, click Properties > Security > Authentication.
2. Click Setup.
3. Click Edit.
4. Under Authentication method on the machine's touch interface, select Xerox
Unified ID System.
5. Under Authentication method on the machine's web user interface, specify a method for the
printer to authenticate users who access CentreWare Internet Services from their computer.
If you select User Name / Password Validated locally on the Xerox Machine (Internal
Database), add user information to the User Information Database.
If you select User Name / Password Validated Remotely on the Network, configure a network
authentication server.
®
Secure Access
WorkCentre 7500 Series Multifunction Printer 73
System Administrator Guide
Security
6. Under Authorization, select Locally on the Xerox Machine (Internal Database), or Remotely on
the Network.
7. Click Save.
A list of configuration settings appears at the bottom of the page.
8. Under Action, click Edit next to Xerox
®
Secure Access Setup.
9. Configure the remote server. Refer to the instructions provided with your server hardware.
After the server is configured, it communicates with the printer and automatically completes the
configuration process.
10. To configure communication manually, personalize instructional windows, and review accounting
options, click Manually Configure.
®
11. Click Pending Remote Server Setup to return to the Xerox
Access Setup page.
In the table at the bottom of the page, click Edit to configure any settings that are marked in red
text as Required; Not Configured.
Manually Configuring Xerox® Secure Access Settings
If you are using Xerox® Secure Access for authentication, you can manually configure remote server
communication, personalize instructional windows, or review accounting options.
Before you begin:
Configure the Xerox
1. On the Xerox
®
Secure Access authentication server.
®
Access Setup page, click Edit next to Xerox® Secure Access Setup.
2. Click Manually Configure.
3. Under Server Communication, select the address type and port number. Options are IPv4 Address or
Host name.
4. Type the appropriately formatted address and port number. The default port number is 443.
5. In the Path field, type the HTTP path public/dce/xeroxvalidation/convauth.
6. Under Device Log In Methods, select an option:
®
Xerox
Xerox
Secure Access Device Only allows users to access the printer only using the card reader.
®
Secure Access Device + alternate on-screen authentication method allows users to
access the printer by logging in at the control panel.
7. When Network Accounting is configured, the printer can obtain user accounting information from
the Authentication server. Select Automatically apply Accounting Codes from the server to reduce
the number of screens that appear when a user logs in at the control panel.
If you want users to provide an accounting code at the control panel, select User must manually
enter accounting codes at the device.
8. Create login instructions for users by typing text in the fields under Device Instructional Blocking
Window.
a. In the Window Title field, type text that appears as a title at the top of the touch screen.
b. In the Instructional Text field, type instructions that appear below the title.
Note: If the Title and Prompt are configured on the Xerox® Partner authentication server, then any
instructional text that you type is ignored.
9. Click Save to apply the new settings or Undo to retain the previous settings.
74 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Secure HTTP (SSL)
You can establish an HTTP Secure(HTTPS) connection to the printer by encrypting data sent over HTTP
using SSL. You can also enable SSL encryption for the following features:
Configuring the printer in CentreWare Internet Services
Printing from CentreWare Internet Services
Printing using IPP
Managing scan templates
Workflow Scanning
Network accounting
Note: SSL encryption is protocol-independent. You can turn SSL on or off for each protocol or scan
destination as needed.
Before you begin:
Ensure DNS is enabled and configured.
Ensure that the date and time configured on the printer is correct. The time that is set on the printer
is used to set the start time for the Xerox
when you enable HTTP (SSL).
®
Device Certificate. A Xerox® Device Certificate is installed
Enabling HTTPS (SSL)
1. In CentreWare Internet Services, click Properties > Connectivity > Protocols.
2. Click HTTP.
3. Under Secure HTTP (SSL), select Enabled.
Note: When Secure HTTP is enabled, all pages in CentreWare Internet Services contain https:// in the
URL for the Web page.
WorkCentre 7500 Series Multifunction Printer 75
System Administrator Guide
Security
FIPS 140-2
You can enable the printer to check the current configuration to ensure that transmitted and stored data
is encrypted as specified in Government Standard FIPS 140-2 (Level 1). If FIPS 140-2 encryption is
required, all computers, serves, browser software, security certificates, and applications must comply with
the standard or operate in FIPS-compliant mode.
To allow the printer to use non-FIPS compliant protocols or features when FIPS 140 mode is enabled,
acknowledge the notification of non-compliance during the validation process.
Note: Enabling FIPS 140 Mode can prevent the printer from communicating with network devices
that communicate using protocols that do not use FIPS-compliant encryption algorithms.
When non-FIPS compliant protocols, such as SNMPv3 or NetWare, are enabled after FIPS mode is
enabled, a message appears indicating the protocols use non-FIPS compliant encryption algorithms.
When you enable FIPS-140 mode, the printer validates the current configuration by performing the
following checks:
Validates certificates for features where the printer is the server in the client-server relationship. An
SSL certificate for HTTPS is an example.
Validates certificates for features where the printer is the client in the client-server relationship. CA
certificates for LDAP, Xerox Extensible Interface Platform (EIP), and SMart eSolutions are examples.
Validates certificates that are installed on the printer, but not used. Certificates for HTTPS, LDAP, or
SNMPv3 are examples.
Checks features and protocols for non-compliant encryption algorithms. For example, NetWare and
SNMPv3 use encryption algorithms that are not FIPS-compliant.
When validation is complete, information and links appear in a table at the bottom of the page.
Click the appropriate link to disable a non-compliant feature, or protocol.
Click the appropriate link to replace any non-compliant certificates.
Click the appropriate link to acknowledge that you allow the printer to use non-compliant features
and protocols.
Enabling FIPS 140 Mode and Checking for Compliance
1. In CentreWare Internet Services, click Properties > Security > Encryption.
2. Click FIPS 140-2.
3. Click Enable.
4. Click Run Configuration Check and Apply.
A pass or fail message appears:
If the configuration check passes, click Reboot Machine to save and restart the printer.
If the configuration check fails, the reasons for the failed test list in a table at the bottom of the
page. For each reason, a link is provided. Click the appropriate link to disable the protocol,
replace the certificate, or allow the printer to use the non-compliant protocol.
76 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Note: When FIPS 140 Mode is enabled, only FIPS-compliant certificates can be installed on the
printer.
Security
WorkCentre 7500 Series Multifunction Printer 77
System Administrator Guide
Security
Stored Data Encryption
You can encrypt user data on the printer hard drive to prevent unauthorized access to data stored on the
drive.
Enabling Encryption of Stored Data
1. In CentreWare Internet Services, click Properties > Security > Encryption.
2. Click User Data Encryption.
3. Under User Data Encryption Enablement select Enabled.
4. Click Apply to save the new settings or Undo to retain the previous settings.
CAUTION: The printer restarts. This interrupts or deletes current jobs. Xerox
back up jobs and folders before enabling User Data Encryption.
®
recommends that you
78 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
IP Filtering
You can prevent unauthorized network access by creating an IP Filter to block or allow data sent from
particular IP addresses.
Creating an IP Filter Rule
1. In CentreWare Internet Services, click Properties > Security.
2. Click IP Filtering.
3. Click Add.
4. From the Protocol menu, select the protocol. Options include All, TCP, UDP, or ICMP.
5. From the Action menu, select how you want the filter to manage the incoming packet.
If you want the printer to reject the packet and send an ICMP message back to the source host,
select Reject.
If you want the printer to ignore the packet, select Drop.
6. To specify the order that actions are performed, select either End of List or Beginning of List from
the Move This Rule To menu. Actions are performed in the order defined in the rule list. To arrange
rule execution order, go to the IP Filtering page.
7. Type the Source IP Address.
8. Type a number between 0–32 for the Source IP Mask that uses this rule. The range of 0–32
corresponds to the 32-bit binary number comprising IP addresses. For example:
The number 8, represents a Class A address with a mask of 255.0.0.0.
The number 16 represents a Class B address with a mask of 255.255.0.0.
The number 24 represents a Class C address with a mask of 255.255.255.0.
9. If TCP or UDP is the selected Protocol type:
a. Type the Source Port if applicable. The Source Port is the originating port that the rule has been
created to manage. If the incoming packet does not originate from this port, the rule is ignored.
b. Type the Destination Port that the rule has been created to manage. If the incoming packet is
not sent to this port, the rule is ignored.
10. If ICMP is the selected Protocol type, select which ICMP Message type the rule is meant to manage.
11. Click Apply to save the new settings or Cancel to return to the previous screen.
12. Restart your printer for the new settings to take effect.
Editing an IP Filter Rule
1. In CentreWare Internet Services, click Properties > Security.
2. Click IP Filtering.
3. Click an IP filter rule.
4. Click Edit and edit the rule.
5. Click Apply.
WorkCentre 7500 Series Multifunction Printer 79
System Administrator Guide
Security
Arranging the Execution Order of IP Filter Rules
1. In CentreWare Internet Services, click Properties > Security.
2. Click IP Filtering.
3. Click an IP filter rule.
4. Under Move selected rule to position, select the position and click Move.
80 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Audit Log
The Audit Log feature records events that occur on the printer. You can then download the log as a
tab-delimited text file to review for potential problems or security issues.
Enabling Audit Log
Before you begin:
Ensure that Secure HTTP (SSL) is enabled.
1. In CentreWare Internet Services, click Properties > Security.
2. Click Audit Log.
3. Click Enabled under Enabling Audit Log on machine.
4. Click Apply.
Security
Saving an Audit Log
1. In CentreWare Internet Services, click Properties > Security.
2. Click Audit Log.
3. Click Save.
4. Right-click the Download Log link and save the compressed auditfile.txt.gz file to your computer.
5. Extract the Auditfile.txt text file, and open it in a spreadsheet application that can read a
tab-delimited text file.
Interpreting the Audit Log
The Audit Log is formatted into ten columns:
Index: Column 1 lists a unique value that identifies the event.
Date: Column 2 lists the date that the event happened in mm/dd/yy format.
Time: Column 3 lists the time that the event happened in hh:mm:ss format.
Event ID: Column 4 lists the type of event. The number corresponds to a unique description.
Event Description: Column 5 lists an abbreviated description of the type of event.
Notes:
One audit log entry is recorded for each network destination within a Workflow Scanning scan
job.
For Server Fax jobs, one audit log entry is recorded for each Server Fax job, regardless of the
number of destinations.
For LAN Fax jobs, one audit log entry is recorded for each LAN Fax job.
Other Event Details: Columns 6–10 list other information about the event, such as:
For Email jobs, one audit log entry is recorded for each SMTP recipient within the job.
WorkCentre 7500 Series Multifunction Printer 81
System Administrator Guide
Security
Identity: User Name, Job Name, Computer Name, Printer Name, Folder Name, or Accounting
Account ID display when Network Accounting is enabled.
Note: Authentication must be configured to record the user name in the Audit Log.
Completion Status
Image Overwrite Status: The status of overwrites completed on each job. Immediate Image
must be enabled.
See also:
Audit Log Event Identification Numbers on page 194
82 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
IPsec
Internet Protocol Security (IPsec) is a group of protocols used to secure Internet Protocol (IP)
communications by authenticating and encrypting each IP data packet. It allows you to control IP
communication by creating protocol groups, policies, and actions.
You can control IP communication on the printer for the following:
DHCP v4/v6 (TCP and UDP)
DNS (TCP and UDP)
FTP (TCP)
HTTP (Scan Out, TCP port 80)
HTTPS (Scan Out, TCP port 443)
HTTPS (Web Server, TCP port 443)
ICMP v4/v6
IPP (TCP port 631)
LPR Print (TCP port 515)
Port 9100 Print (TCP port 9100)
SMTP (TCP/UDP port 25)
SNMP (TCP/UDP port 161)
SNMP Traps (TCP/UDP port 162)
WS-Discovery (UDP port 3702)
Up to 10 additional services
Security
Enabling IPsec
Before you begin:
Ensure that Secure HTTP (SSL) is enabled.
1. In CentreWare Internet Services, click Properties > Security.
2. Click IPsec.
3. Under Enablement, select Enabled.
4. Click Apply to save the new settings or Undo to retain the previous settings.
Managing Actions
Use actions to more specifically manage how IPsec controls dependent protocols.
Creating a New Action
1. Click Actions at the top of the IPsec page.
2. Click Add New Action.
3. On the Step 1 of 2 page, under IP Action Details, type in the Name. This field is required.
4. In the Description field, type a description for the action, if desired.
5. Under Keying Method, select Manual Keying or Internet Key Exchange (IKE).
Note: Select Manual Keying if client devices are not configured for or do not support IKE.
6. If you selected IKE, under Pre-shared Key Passphrase, type the passphrase, then click Next.
WorkCentre 7500 Series Multifunction Printer 83
System Administrator Guide
Security
Configuring Manual Keying Settings
Manual Keying is used when client systems either do not support IKE or are not configured for IKE.
1. Under IPsec Mode, select Transport Mode or Tunnel Mode.
Note: Transport mode only encrypts the IP payload, whereas Tunnel mode encrypts the IP header
and the IP payload. Tunnel mode provides protection for an entire IP packet by treating it as an
Authentication Header (AH), or Encapsulating Security Payload (ESP).
2. If you selected Tunnel Mode, under Enable Security End Point Address, select the address type.
Options are Disabled, IPv4 Address, or IPv6 Address.
3. Under IPsec Security, select ESP, AH, or BOTH.
4. In the Security Parameter Index: IN field, type a 32-bit number larger than 256 that identifies the
inbound Security Association (SA).
5. In the Security Parameter Index: OUT field, type a 32-bit number larger than 256 that identifies the
outbound Security Association (SA).
6. Under Hash, select from the following:
SHA1
None
7. Under Enter Keys as, select ASCII format or Hexadecimal number.
8. Type a 20-character ASCII key, or 40-character Hexadecimal key for the following:
Hash Key: IN
Hash Key: OUT
9. If you selected ESP or BOTH for the IPsec Security type, select one or more of the following
Encryption types:
Note: If the IPsec Security type is set to AH, the Encryption type options do not appear.
AES
3DES
None
10. Type a 24-character ASCII key, or 48-character Hexadecimal key for the following:
Encryption Key: IN
Encryption Key: OUT
11. Click Save to apply the new settings or Undo to retain the previous settings.
Configuring Internet Key Exchange Settings
IKE is a keying protocol that allows automatic negotiation and authentication, anti-replay services, and
CA support. It can also change encryption keys during an IPsec session. IKE is used as part of virtual
private networking.
IKE Phase 1 authenticates the IPsec peers and sets up a secure channel between the peers to enable IKE
exchanges. IKE Phase 2 negotiates IPsec SAs to set up the IPsec tunnel.
84 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
1. Under IKE Phase 1, in the Key Lifetime field, type the length of time until the key expires in Seconds,
Minutes, or Hours. When a key reaches this lifetime, the SA is renegotiated and the key is
regenerated or refreshed.
2. Select the DH Group from the following options:
Group 2 provides a 1024-bit Modular Exponential (MODP) keying strength.
Group 14 provides a 2048-bit MODP keying strength.
3. Under IKE Phase 2, select the IPsec Mode. Options are Transport Mode or Tunnel Mode.
Note: Transport mode only encrypts the IP payload, whereas Tunnel mode encrypts the IP header
and the IP payload. Tunnel mode provides protection for an entire IP packet by treating it as an
Authentication Header (AH), or Encapsulating Security Payload (ESP).
4. If you selected Tunnel Mode, under Enable Security End Point Address, select the address type.
Options are Disabled, IPv4 Address, or IPv6 Address.
5. Under IPsec Security, select ESP, AH, or BOTH.
6. Type the Key Lifetime, and select Seconds, Minutes, or Hours.
7. Under Perfect Forward Secrecy (PFS), select None, Group 2, or Group 14.
Note: PFS is disabled by default. PFS allows faster IPsec setup, but is less secure.
8. Under Hash, select from the following:
SHA1
None
9. If you selected ESP or BOTH for the IPsec Security type, select one or more of the following
Encryption types:
Note: If the IPsec Security type is set to AH, the Encryption type options do not appear.
AES
3DES
Null
10. Click Save to apply the new settings or Undo to retain the previous settings.
Editing or Deleting an Action
To edit or delete an action, select the action from the list, then click Edit or Delete.
Managing Protocol Groups
Protocol Groups are logical groupings of selected protocols based on service type, service name, port
number, and device type. Create a Protocol Group to apply specific security policies for selected protocols.
WorkCentre 7500 Series Multifunction Printer 85
System Administrator Guide
Security
Creating a New Protocol Group
1. Click Protocol Groups at the top of the IPsec page.
2. Click Add New Protocol Group.
3. Type a Name and a Description for the group.
4. Under Service Name, select the protocols that you want to add to the group.
5. To control a service that is not listed, under Custom Protocols type a name for the service and select
the check box under Service Name.
6. To control a service that is not listed, under Custom Protocols type a name for the service and select
the check box under Service Name.
7. Select TCP or UDP from the Protocol list.
8. Type the port number, and specify if the printer is the server or client.
9. Click Save to apply the new settings or Undo to retain the previous settings. Click Cancel to return to
the previous page.
Editing or Deleting a Protocol Group
To edit or delete a protocol group, select the protocol group from the list, and click Edit or Delete.
Managing Host Groups
Host groups are groupings of computers, servers, or other devices that you want to control using security
policies.
Creating a New Host Group
1. Click Host Groups at the top of the IPsec page.
2. Click Add New Host Group.
3. Type a Name and a Description for the group.
4. Under Address List, select IPv4 or IPv6.
5. Select an Address Type. Options are Specific, All, or Subnet.
6. Type the appropriately formatted IP address.
7. To continue to add addresses to the group, click Add.
8. To delete addresses, next to any address, click Delete.
9. Click Save to apply the new settings or Undo to retain the previous settings.
Editing or Deleting a Host Group
To edit or delete a host group, select the host group from the list, and click Edit or Delete.
86 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Managing Security Policies
IPsec security policies are sets of conditions, configuration options, and security settings that enable two
systems to agree on how to secure traffic between them. You can have multiple policies active at the
same time, however, the scope and policy list order determines the overall policy behavior.
Defining a Security Policy
1. Click Security Policies at the top of the IPsec page.
2. Under Define Policy, select a Host Group from the menu.
3. Select a Protocol Group from the menu.
4. Select an Action from the menu.
5. Click Add Policy.
Prioritizing a Security Policy
To prioritize policies, under Saved Policies, select the policy you want to move, then click the Promote or
Demote buttons.
Editing or Deleting a Security Policy
To delete a policy, under Saved Policies, select the policy and click Delete.
WorkCentre 7500 Series Multifunction Printer 87
System Administrator Guide
Security
Security Certificates
A digital certificate is a file that contains data used to verify the identity of the client or server in a
network transaction. A certificate also contains a public key used to create and verify digital signatures.
One device proves its identity to another by presenting a certificate trusted by the other device. Or, the
device can present a certificate signed by a trusted third party and a digital signature proving its
ownership of the certificate.
A digital certificate includes the following data:
Information about the owner of the certificate
The certificate serial number and expiration date
The name and digital signature of the Certificate Authority (CA) that issued the certificate
A public key
A purpose defining how the certificate and public key can be used
There are three types of certificates:
Device Certificate: A certificate for which the printer has a private key, and the purpose specified in
the certificate allows it to be used to prove identity.
CA Certificate: A certificate with authority to sign other certificates.
Trusted Certificate: A self-signed certificate from another device that you want to trust.
To ensure that the printer can communicate with other devices over a secure trusted connection, both
devices must have certain certificates installed.
For protocols such as HTTPS, the printer is the server, and must prove its identity to the client Web
browser. For protocols such as 802.1X, the printer is the client, and must prove its identity to the
authentication server, typically a RADIUS server. For features that use these protocols, perform the
following two tasks:
Install a device certificate on the printer.
Note: When you enable HTTPS, a Xerox® Device Certificate is automatically created and installed on
the printer.
Install a copy of the CA certificate that was used to sign the device certificate of the printer on the
other device.
Protocols such as LDAP and IPsec require both devices to prove their identity to each other.
For features that use these protocols, perform the tasks listed under one of the following options:
Option 1
Install a device certificate on the printer.
Install a copy of the CA certificate that was used to sign the device certificate of the printer on the
other device.
Install a copy of the CA certificate that was used to sign the certificate of the other device on the
printer.
88 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Option 2
If the other device is using a self-signed certificate, install a copy of the trusted certificate of the other
device on the printer.
Installing a Digital Certificate
There are three ways to install a certificate on the printer:
Create and install a Xerox
Create a Xerox
public key used in SSL encryption. Install the Xerox
Generic Xerox
®
Device Certificate to allow the printer to generate a certificate, sign it, and create a
®
Trusted CA Certificate in the devices that the printer communicates with. Examples
of other devices are client Web browsers for HTTPS, or RADIUS authentication server for 802.1X.
Installing this certificate ensures that users can access the printer using CentreWare Internet
Services, and certificate warning messages do not appear.
Note: Creating a Xerox® Device Certificate is less secure than creating a certificate signed by a
trusted CA. If you do not have a server functioning as a Certificate Authority, install a Xerox
Certificate on the printer. Then install the Generic Xerox
Create a Certificate Signing Request (CSR) and install the CA-signed device certificate.
Create a CSR. Send the CSR to a CA or a local server functioning as a CA to sign the CSR and return
the certificate. Install the certificate on the printer. An example of a server functioning as a CA is
Windows Server 2008 running Certificate Services.
Install trusted CA and self-signed certificates.
Install the certificates of the root CA, and any intermediate CAs for your company. Install the
self-signed certificates from any other devices in your network.
®
Device Certificate.
®
Device Certificate on the printer, and install the
®
®
Trusted CA Certificate on the other devices.
Device
Creating and Installing a Xerox® Device Certificate
1. In CentreWare Internet Services, click Properties > Security.
2. Click Security Certificates.
3. Click the Xerox Device Certificate tab.
4. Select Create New Xerox Device Certificate.
5. Complete the form with the requested information.
6. Click Finish.
WorkCentre 7500 Series Multifunction Printer 89
System Administrator Guide
Security
Creating a Certificate Signing Request
1. In CentreWare Internet Services, click Properties > Security.
2. Click Security Certificates.
3. Click the CA-Signed Device Certificate(s) tab.
4. Select Create Certificate Signing Request (CSR).
5. Complete the form with your 2-Letter Country Code, State/Province Name, Locality Name,
Organization Name, Organization Unit, and Email Address.
6. Select Subject Alternative Name if applicable, and type the MS Universal Principal Name.
Note: The Subject Alternative Name is only required when using 802.1X EAP -TLS for Windows clients
or servers.
7. Click Finish.
Uploading a CA-Signed Device Certificate
1. In CentreWare Internet Services, click Properties > Security.
2. Click Security Certificates.
3. Click the CA-Signed Device Certificate(s) tab.
4. Select Install CA-signed Device Certificate.
5. Click Browse or Choose File, navigate to the signed certificate in .pem or PKCS#12 format, and click
Open or Choose.
6. Click Next.
7. If the certificate is password protected, type the password then retype it to verify.
8. Type a Friendly Name to help identify the certificate in the future.
9. Click Next.
Note: The signed certificate must match the CSR created by the printer.
Installing a Root Certificate
1. In CentreWare Internet Services, click Properties > Security.
2. Click Security Certificates.
3. Click the Root/Intermediate Trusted Certificate(s) tab.
4. Click Install external Root/Intermediate trusted certificates.
5. Click Browse or Choose File, navigate to the signed certificate .crt file, then click Open or Choose.
6. Click Next.
7. Type a Friendly Name to help identify the certificate in the future.
8. Click Next.
The digital certificate appears in the list of Installed certificates.
90 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Viewing, Saving, or Deleting a Certificate
1. On the Security Certificates page, click a certificate type tab.
2. To view or save a certificate, under Action, click View/Save.
Certificate details appear on the View/Save Device Certificate page.
a. To save the certificate file to your computer, at the bottom of the page, click Save Base-64
encoded (PEM).
b. Click Cancel to return to the Security Certificates page.
3. To delete a certificate, select the check box next to the certificate name and click Delete.
Note: You cannot delete the Default Xerox® Device Certificate.
4. Click Reset to Machine/Device Factory Defaults to delete all certificates except the Default Xerox®
Device Certificate.
Installing the Generic Xerox® Trusted CA Certificate
If the printer uses the Xerox® Device Certificate, and a user attempts to access the printer using
CentreWare Internet Services, an error message can appear on their Web browser. To ensure that error
messages do not appear, install the Generic Xerox
users.
1. In CentreWare Internet Services, click Properties > Security.
2. Click Security Certificates.
3. Click Download the Generic Xerox
4. Install the file in your Web browser certificate store location. For details, see your Web browser help.
®
Trusted CA Certificate, and save the file to your computer.
Note: You can also download the Generic Xerox® Trusted CA Certificate from the HTTP page at
Properties > Connectivity > Protocols > HTTP.
®
Trusted CA Certificate in the Web browsers for all
WorkCentre 7500 Series Multifunction Printer 91
System Administrator Guide
Security
802.1X
802.1X is an Institute for Electrical and Electronics Engineers (IEEE) standard that defines a method for
port-based network access control or authentication. In an 802.1X secured network, the printer must be
authenticated by a central authority, typically a RADIUS server, before it can access the physical network.
You can enable and configure the printer to be used in an 802.1X secured network from the printer
control panel or in CentreWare Internet Services.
Before you begin:
Ensure that your 802.1X authentication server and authentication switch are available on the
network.
Determine the supported authentication method.
Create a user name and password on your authentication server.
Note: This procedure causes the printer to restart and be unavailable over the network for several
minutes.
Enabling and Configuring 802.1X at the Control Panel
1. At the printer control panel, press the Machine Status button, then touch the Tools tab.
2. Touch Network Settings > Advanced Settings.
3. Touch Continue.
4. Touch 802.1X.
5. Touch Enable.
6. Touch Authentication Method and select the method used on your network. Options are:
EAP-MD5
EAP-MS-CHAPv2
PEAPv0/EAP-MS-CHAPv2
Note: When the printer is in FIPS 140 mode, EAP-TLS authentication is required.
7. Touch Username.
8. Type the user name required by your authentication switch and server using the touch screen
keyboard.
9. Touch Password, and type the password using the touch screen keyboard.
10. Touch Save, then touch Save again.
11. Touch Close.
92 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Enabling and Configuring 802.1X in CentreWare Internet Services
1. In CentreWare Internet Services, click Properties > Security.
2. Click 802.1X.
3. Under Protocol, select Enable 802.1X.
4. Under Authentication Method, select the method used on your network. Options are:
EAP-MD5
PEAPv0/EAP-MS-CHAPv2
EAP-MS-CHAPv2
EAP-TLS
Note: When the printer is in FIPS 140 mode, EAP-TLS authentication is required.
5. Under User Name (Device Name), type the user name required by your authentication switch and
server.
6. If you selected PEAPv0/EAP-MS-CHAPv2, EAP-MS-CHAPv2, or EAP-TLS as the Authentication
Method, you can require the printer to validate certificates used to encrypt 802.1X. Under Server
Validation, select the root certificate that you want to use to validate the authentication server.
Select No Validation if you do not want to validate a certificate.
Notes:
TLS authentication and server verification both require X.509 certificates. To use these
features, install the necessary certificates on the Security Certificates page before configuring
802.1X.
®
The Default Xerox
It can be used in FreeRADIUS server environments.
Device Certificate cannot be used with EAP-TLS in Windows environments.
7. To view or save a certificate, select the certificate from the menu and click View/Save.
Certificate details appear on the View/Save Device Certificate page.
a. To save the certificate file to your computer, at the bottom of the page, click Save Base-64
encoded (PEM).
b. Click Cancel to return to the previous page.
8. If you selected PEAPv0/EAP-MS-CHAPv2, EAP-MS-CHAPv2, or EAP-TLS as the Authentication
Method, you can allow the printer to encrypt 802.1X communication. Under Device Certificate (TLS)
- Authentication Certificate, select the certificate that you want to use.
9. To view or save a certificate, select the certificate from the menu and click View/Save.
Certificate details appear on the View/Save Device Certificate page.
WorkCentre 7500 Series Multifunction Printer 93
System Administrator Guide
Security
a. To save the certificate file to your computer, at the bottom of the page, click Save Base-64
encoded (PEM).
b. Click Cancel to return to the previous page.
10. Under User Name (Device Name), type the user name required by your authentication switch and
server.
11. Type the Password, then retype it to confirm.
12. To save the new password, select the check box next to Select to save new password. A password is
not required for EAP-TLS authentication.
13. Click Apply to save the new settings or Undo to retain the previous settings.
94 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
System Timeout
You can specify how long the printer waits to log out an inactive user at the control panel.
Setting System Timeout Values
1. In CentreWare Internet Services, click Properties > Security.
2. Click System Timeout.
3. Under Web System Timer, type the inactive time from 6–6000 minutes, that the printer waits before
it logs a user out of CentreWare Internet Services.
4. Under Touch User Interface System Timer, type the time that the printer waits before it logs a user
out of the touch screen. Type the time, from 0–60 minutes, and select the time in seconds.
5. Under Warning Screen, select Enabled to require the printer to display a warning message before it
logs a user out of the touch screen.
6. Click Apply to save the new settings or Undo to retain the previous settings.
WorkCentre 7500 Series Multifunction Printer 95
System Administrator Guide
Security
Overwriting Image Data
To ensure that image data on the printer hard drive cannot be accessed, you can delete and overwrite
image data. Image data is any in-process or temporary user data on the disk. Some examples include,
current jobs, queued jobs, temporary scan files, saved jobs, and folders. You can select Standard or Full On
Demand Image Overwrite.
Standard Image Overwrite
Standard Image Overwrite deletes all image data from the printer memory and hard drive, except:
Jobs and folders stored in the Reprint Saved Jobs feature
Jobs stored in the Scan to Mailbox feature
Fax Dial Directories
Fax Mailbox contents
Full Image Overwrite
Full Image Overwrite deletes all image data from the printer memory and hard drive, including:
Jobs and folders stored in the Reprint Saved Jobs feature
Jobs stored in the Scan to Mailbox feature
Fax Dial Directories
Fax Mailbox contents
Note: Not all options listed are supported on all printers. Some options apply only to specific printer
models or configurations.
Manually Deleting Image Data
1. In CentreWare Internet Services, click Properties > Security > On Demand Overwrite.
2. Click Manual.
3. Under Standard or Full, click Start.
4. Click OK to delete image data.
Note: Depending on how many files are being deleted, the printer can be offline for up to 60 minutes
during the deletion process.
96 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
Scheduling Routine Deletion of Image Data
1. In CentreWare Internet Services, click Properties > Security > On Demand Overwrite.
2. Click Scheduled.
3. To enable Scheduled On Demand Overwrite, under Frequency, select how often the printer deletes
data: Daily, Weekly, Monthly, or Disabled.
4. Under Time, type the time the printer deletes data.
5. If you selected Weekly or Monthly frequency, under Day of Week or Day of Month, select the day or
month that the printer deletes data.
6. Under Type, select Full or Standard.
CAUTION: If you select Full, the printer deletes all image data.
7. Click Apply to save the new settings or Undo to retain the previous settings.
Immediate Image Overwrite
Enable Immediate Image Overwrite to direct the printer to overwrite each job after it finishes processing.
Enabling Immediate Image Overwrite
1. At the printer control panel, press the Machine Status button, then touch the Tools tab.
2. Touch Security Settings > Image Overwrite Security.
3. Touch Immediate Overwrite.
4. Touch Enable.
WorkCentre 7500 Series Multifunction Printer 97
System Administrator Guide
Security
PostScript Passwords
The PostScript language includes commands that allow PostScript print jobs to change the printer
configuration. By default, PostScript jobs can use these commands, and a password is not required. To
ensure that unauthorized changes are not made, you can require PostScript jobs to include a password.
You can enable the following passwords:
Run Start Job: This password controls the execution of the Sys/Start file.
System Parameters Password: Use this password to control the execution of PostScript programs
that modify PostScript system parameters.
Start Job Password: The Start Job password, used with the Startjob and Exitserver operators,
restricts PostScript jobs from running unencapsulated to prevent them from changing default printer
settings.
For more information, see the CentreWare Internet Services Help.
1. Under StartupMode, select Enabled to enable the Run Start job password.
2. Under System Parameters Password, type a password.
3. Retype the password to verify.
4. Under Job Start Password, type a password.
5. Retype the password to verify.
6. Click Apply to save the new settings or Cancel to return to the previous screen.
Enabling or Creating PostScript Passwords
1. In CentreWare Internet Services, click Properties > Security.
2. Click PostScript
3. Under StartupMode, select Enabled to enable the Run Start job password.
4. Under System Parameters Password, type a password.
5. Retype the password to verify.
6. Under Job Start Password, type a password.
7. Retype the password to verify.
8. Click Apply to save the new settings or Cancel to return to the previous screen.
Passwords.
98 WorkCentre 7500 Series Multifunction Printer
System Administrator Guide
Security
USB Port Security
You can prevent unauthorized access to the printer through USB ports by disabling the ports. There are
three USB ports. One is in the front, and two are in the back of the printer.
Enabling or Disabling USB Ports
1. In CentreWare Internet Services, click Properties > Security.
2. Click USB Port Security.
3. Next to Front USB Port, select Enabled to enable the front USB port. Clear the check box to disable
the port.
4. Next to Rear USB Ports (Pair), select Enabled to enable the rear two USB ports. Clear the check box to
disable the ports.
5. Click Apply to save the new settings or Undo to retain the previous settings.
Notes:
If USB ports are disabled, you cannot use a USB card reader for authentication, update the
software, or print from a USB Flash Drive.
If your printer model has a cover for the USB port on the control panel, you can install or
remove the cover. Installation instructions and the necessary part are stored in the
compartment inside of Tray 1.
WorkCentre 7500 Series Multifunction Printer 99
System Administrator Guide
Loading...