802.11b (Wireless Ethernet)

(For HP Jetdirect wireless print servers only). The 802.11b tab provides access to wireless network parameters to configure a wireless connection to the network. Configure each wireless parameter on this page, or run the wireless configuration wizard that will guide you through the configuration while bypassing unnecessary settings. To run the wizard, click the Use Wizard button.

When running the wizard and choosing to exit, be sure to use the Cancel button. If you do not exit properly, an Operation Failed message may be displayed and you will need to wait about two minutes before re-entering the pages.

To reset the print server with factory-default wireless settings, click Reset to defaults .

The table below describes the 802.11b wireless configuration parameters.

802.11b Item	Description
Ad Hoc (peer-to-peer)	Ad Hoc (peer-to-peer) mode is a wireless communication topology in which the wireless devices on a network communicate directly with each other. Access Points that are used to route communications are not used. Using standards terminology, an Ad Hoc network is an IBSS (Independent Basic Service Set). On Apple Macintosh wireless networks, Ad Hoc mode is called Computer-to-Computer mode. Ad Hoc is the factory-default mode of a Jetdirect wireless print server. For initial communications with the print server, a wireless computer must be configured to match the print server’s factory-default wireless network settings.
Channel	(Ad Hoc mode only) If the print server is unable to associate with a user-specified network, the channel selection specifies the radio frequency that the print server will use to broadcast its availability. You can select channel 10 (default) or 11. This channel may not be the one actually used on a network; when the print server successfully associates with a network, it will adapt its channel to the one used by the network.
Infrastructure	Infrastructure mode is a wireless communication topology in which communications to and from each wireless network device goes through an Access Point. An Access Point is a device that receives and forwards wireless communications to other network devices, similar to a router, gateway or repeater. Access Points are typically used to connect wireless devices to a company’s cabled network. Using standards terminology, a simple Infrastructure network is sometimes called a BSS (Basic Service Set). On Apple Macintosh wireless networks, Infrastructure mode is called AirPort Network mode.
Network Name	Network Name is used to specify the name of a wireless network. It is also called the Service Set Identifier (SSID). The factory-default network name/SSID is hpsetup, which you will need to change to match the network name of the network. A large Infrastructure network that may use multiple Access Points is sometimes called an Extended Service Set (ESS), which may be identified by a single SSID.
Open System	(No authentication) Use this authentication selection if the wireless network does not require device authentication or security to access the network. Open System networks may still use encryption keys for data privacy.
Shared Key	(Requires a WEP key) Select this authentication method if each device on the wireless network must be configured with a common encryption key for network access and data privacy. The print server supports IEEE 802.11 Wired Equivalent Privacy (WEP) keys for encrypted communications. If you select Shared Key authentication, you must configure a WEP key. The print server supports configuration of up to four WEP keys.
EAP/802.1x	(Infrastructure mode only). Select EAP/802.1x to use IEEE 802.1x Extensible Authentication Protocol (EAP) for advanced authentication. EAP/802.1x is used with an authentication server, such as a Remote Authentication Dial In User Service (RADIUS, RFC 2138) server for network access. If EAP/802.1x is selected, you will need to configure additional parameters depending on the specific EAP protocols used on the network.
Enable Protocols	(Infrastructure mode only) Enable or disable the EAP protocols supported by the print server. LEAP : Lightweight Extensible Authentication Protocol (LEAP) is a Cisco Systems, Inc. proprietary protocol. LEAP requires an EAP user name and EAP password. Dynamic encryption keys are also used. PEAP : Protected Extensible Authentication Protocol (PEAP) uses digital certificates for network server authentication and passwords for client authentication. PEAP requires an EAP user name, EAP password, and Certificate Authority (CA) certificate. Dynamic encryption keys are also used. MD5 : EAP using Message Digest Algorithm 5 (MD5, RFC 1321) uses a password protected by the MD5 encryption algorithm. For MD5, enter an EAP user name and EAP password. Static encryption keys are also used. TLS : EAP using Transport Layer Security (TLS, RFC 2716) uses X.509-compliant digital certificates for both client and network server authentication. TLS requires an EAP user name, Jetdirect certificate, and CA certificate. Dynamic encryption keys are also used. TTLS: EAP using Tunneled Transport Layer Security (TTLS) is an EAP-TLS extension that also uses X.509-compliant digital certificates. TTLS requires an EAP user name, EAP password and CA certificate. Dynamic encryption keys are also used.
User Name	Specify an EAP/802.1x user name (up to 128 characters maximum) for this device. The default user name is the default host name of the print server, NPIxxxxxx, where xxxxxx are the last six digits of the LAN hardware (MAC) address.
Password Confirm Password	Specify an EAP/802.1x password (up to 128 characters maximum) for this device. Enter the password again in the Confirm Password field to validate the entry.
Server ID	(For EAP-TLS, EAP-TTLS protocols only) Specify the Server ID validation string that identifies and validates the authentication server. The Server ID string is specified on the digital certificate issued by a trusted Certificate Authority (CA) for the authentication server. The entry may be a partial string unless the Require Exact Match checkbox is enabled.
Require Exact Match	(For EAP-TLS, EAP-TTLS protocols only) Enable (check) or disable (clear) whether the Server ID string entry must match exactly the string received from the authentication server during 802.1x EAP authentication.
Jetdirect Certificate	(For EAP-TLS protocol only) An X.509-compliant digital certificate that validates the Jetdirect print server identity must be installed. In general, a Jetdirect certificate may be self-signed or provided by an independent trusted source, such as a Certificate Authority. By factory default, a self-signed Jetdirect certificate is preinstalled. While self-signed certificates are sometimes permitted, they do not provide true client validation. Therefore, for EAP authentication methods that require a Jetdirect certificate, a trusted third party or Certificate Authority should provide it. To update an existing certificate, or to install a new certificate, click Configure . Installing a new certificate will overwrite the existing certificate. If you request a certificate from an independent Certificate Authority, you will not be able to complete the EAP/802.1x configuration until the digital certificate has been received and installed.
CA Certificate	(For PEAP, EAP-TLS, EAP-TTLS protocols only) To validate the authentication server’s identity, a CA (or Root) certificate must be installed on the print server. It must be the certificate used to sign the authentication server’s certificate. To configure or install a CA certificate, click Configure .
Encryption Strength	Specify encryption strength to be used during communications with the authentication server. You may select Low , Medium , or High encryption strength. For the encryption strength selected, ciphers are displayed that identify the weakest cipher allowed.
Reauthenticate	Enable (check) or disable (clear) this checkbox to control authentication when you click Apply on this page, assuming valid configuration entries have been made. This parameter does not apply to security or wireless configuration wizards. Changes to wireless parameters through a wizard will always cause the print server to reauthenticate. If disabled (default), the print server will not attempt reauthentication unless configuration changes cause the print server to disconnect and reconnect to the network. If enabled, the print server will always try to reauthenticate using the configuration values set.
Disabled (No encryption)	Select this if the wireless network does not use encryption keys for network access or communications.
Static (WEP)	Select this if the wireless network uses static Wired Equivalent Protocol (WEP) keys for basic access control and data privacy. Each wireless device on the network must be configured to use the same key. The print server supports WEP keys for 40/64-bit and 104/128-bit encryption. Encrypt transmit data using: This allows you to select the current active key. The print server can store up to four WEP keys using four key positions (Key 1, 2, 3, 4), but there can be only a single active key for the network at a time. Key 1 is the default active key. When you enter WEP keys, be sure to enter them in the same key positions (or fields) that match other devices on the network. Different key positions will have different encryption and decryption results and will result in communication failures. Input keys in: This allows you to select whether you will use alphanumeric characters or hexadecimal digits to specify WEP keys. Select Alphanumeric to enter the WEP keys using the specified alphanumeric ASCII (8-bit) characters 0 - 9, a - z, A - Z. Alphanumeric character entry is case-sensitive. Using a lowercase character will yield a different encryption key than an uppercase character. Select Hexadecimal to enter the WEP keys using hexadecimal (4-bit) digits 0 - 9, a - f or A - F. Hexadecimal entry is not case-sensitive. Using a lowercase or uppercase character yields the same encryption key. When entering encryption keys, all keys entered must be of the same length, either 40/64-bit or 104/128-bit encryption. For 40/64-bit encryption, enter 5 alphanumeric characters or 10 hexadecimal digits. For 104/128-bit encryption, enter 13 alphanumeric characters or 26 hexadecimal digits. In both cases, 24 “initialization vector�? bits are automatically added. NOTE: HP Jetdirect wireless print servers do not support the use of a passphrase. A passphrase is a user-specified word or phrase that, when entered on supported 802.11b network cards and Access Points, is automatically converted into a WEP key. To configure an HP Jetdirect wireless print server, you must convert the Passphrase into the actual ASCII or hexadecimal WEP key to enter it.
Dynamic	(For LEAP, PEAP, TLS, TTLS protocols only) Dynamic encryption protocols are under the control of the authentication server and must also be supported by the Access Point. If an applicable 802.1x EAP authentication protocol has been configured, select the available dynamic encryption protocols that the Access Point may use for unicast (point-to-point) communications. WEP : Dynamic Wired Equivalent Privacy (WEP) encryption is supported by all HP Jetdirect wireless print servers. For a dynamic encryption protocol, the Access Point may use a static broadcast key to communicate with wireless devices simultaneously. Enable or disable the use of a static broadcast key on the print server to match the Access Point configuration.

TCP/IP

This tab allows you to configure TCP/IP parameters, which are described below.

TCP/IP Item	Description
IP Configuration Method	Select the method by which the HP Jetdirect print server will receive its IP configuration parameters: BOOTP (default), DHCP , or Manua l. When using BOOTP or DHCP, a BOOTP or DHCP server each time the print server is powered on will automatically configure IP parameters. By selecting Manual , basic IP parameters can be manually entered using this Web page or other manual tools (for example, Telnet or the printer’s control panel).
Host Name	Specifies a readable IP name (the SNMP SysName object) for the network device. The name may contain up to 32 ASCII characters. The default host name is NPIxxxxxx, where xxxxxx are the last six digits of the print server’s LAN hardware (MAC) address.
IP Address	Use this field to manually assign the Internet Protocol (IP) address on the HP Jetdirect print server. The IP address is a four-byte (32-bit) address in the form n.n.n.n, where n is a number from 0 to 255. An IP address uniquely identifies a node on a TCP/IP network. Duplicate IP addresses on a TCP/IP network are not allowed. The factory default address is 192.0.0.192. If you change this address, the browser will lose the connection to the print server. To reconnect, browse to the new IP address.
Subnet Mask	If subnetting is used, use this field to manually assign a subnet mask. A subnet mask is a 32-bit number that, when applied to an IP address, determines which bits specify the network and subnet, and which bits uniquely specify the node.
Default Gateway	Specify the IP address of a router or computer that will be used to connect to other networks or subnetworks. If none exist, use the IP address of the computer or the IP address of the print server.
Domain Name	Specifies the name of the Domain Name System (DNS) domain that the HP Jetdirect print server resides in (for example, support.hp.com). It does not include the host name--it is not the Fully Qualified Domain Name (such as printer1.support.hp.com).
Primary WINS Server	Specifies the IP address of the primary Windows Internet Naming Service (WINS) server. The WINS server provides IP address and name resolution services for network computers and devices.
Secondary WINS Server	Specifies the IP Address to be used for WINS if the Primary WINS server is unavailable.
Syslog Server	Specifies the IP address of a host computer that has been configured to receive syslog messages from the HP Jetdirect print server. If a Syslog server is not specified, syslog messages are not sent.
Syslog Maximum Messages	Specifies the maximum number of syslog messages that can be sent by the HP Jetdirect print server on a per-minute basis. This setting allows administrators to control the log file size. The default is 10 per minute. If the value is set to 0, no maximum number is defined.
Syslog Priority	Controls the filtering of syslog messages that are sent to the syslog server. The filter range is 0 to 8, with 0 being the most specific and 8 being the most general. Only messages that are lower than the filter level specified (that is, higher in priority) are reported. The default value is 8, which reports all syslog messages. A value of 0 effectively disables syslog reporting.
Idle Timeout	Specifies the number of seconds that an idle connection is allowed to remain open. Up to 3600 seconds can be set. 270 is the default value. If set to 0, the timeout is disabled and TCP/IP connections will remain open until closed by the other node (such as a workstation) on the network.
TTL/SLP	Specifies the IP Multicast Time To Live (TTL) discovery setting for Service Location Protocol (SLP) packets. The default value is 4 hops (the number of routers from the local network). The range is 1-15. If set to -1, the IP multicast capability is disabled.
System Contact	Identifies a person who is assigned to administer or service this device. This field may include a phone number or similar information. When configured, this parameter will be displayed on the HP Jetdirect Home page.
System Location	Specifies the physical location of the device or related information. Only printable ASCII characters are allowed, up to 64 characters. When configured, this parameter will be displayed on the HP Jetdirect Home page.
LPD Banner Page	Specifies whether to enable or disable printing of an LPD banner page for print jobs. For HP Jetdirect external print servers that provide multiple ports, each port can be configured individually. For internal print servers, only a single port is available (Port 1).

IPX/SPX

This tab allows you to configure IPX/SPX parameters on the HP Jetdirect print server for operation on a Novell NetWare or IPX/SPX-compatible network (such as a Microsoft network).

If using Direct Mode or peer-to-peer printing over IPX/SPX on a Microsoft network, IPX/SPX must be enabled.

The embedded Web server may be used to select Queue Server Mode parameters for a Novell Directory Services (NDS) environment.

However, the embedded Web server may not be used to create NDS objects (print server, printer, and print queue objects) on a Novell NetWare server.

To create these objects, use a Novell utility such as NWAdmin, or use the HP Install Network Printer Wizard or HP Web Jetadmin.

The configurable IPX/SPX parameters are described in the table below.

IPX/SPX Item	Description
IPX/SPX Enable	Enables or disables the IPX/SPX protocols on the HP Jetdirect print server. If the checkbox is empty, IPX/SPX is disabled. Do not disable IPX/SPX in a Microsoft network IPX/SPX Direct Mode or peer-to-peer printing environment.
IPX/SPX Frame Type	Specify the Novell NetWare frame type to be used by the HP Jetdirect print server. After a frame type has been configured, all others will be counted and discarded. AUTO (default) senses all frame types and configures the first one detected. EN_8023 limits the frame type to IPX over IEEE 802.3 frames. EN_II limits the frame type to IPX over Ethernet frames (not supported for 802.11b wireless products). EN_8022 limits the frame type to IPX over IEEE 802.2 with IEEE 802.3 frames. EN_SNAP limits the frame type to IPX over SNAP with IEEE 802.3 frames. TR_8022 (Token Ring only) limits the frame type to IPX over IEEE 802.2 LLC with IEEE 802.5 frames. TR_SNAP (Token Ring only) limits the frame type to IPX over SNAP with IEEE 802.5 frames.
SAP Interval	Specifies the time interval (in seconds) that the HP Jetdirect print server waits to send Service Advertising Protocol (SAP) messages, which are broadcast to advertise its service capabilities on a Novell NetWare network. To disable SAP messages, set the value to 0.
Print Server Name	Specify the NDS printer name for the HP Jetdirect print server (alphanumeric characters only). The default name is NPIxxxxxx, where xxxxxx are the last six digits of the HP Jetdirect print server's LAN hardware (MAC) address.
NDS Tree Name	Specify the name of the NDS tree for this device. The NDS tree name refers to the name of the organizational tree used by the NDS network. To disable NDS support, leave this field blank.
NDS Context	The NDS context refers to the NDS container or organizational unit that contains the print server object. Print queue and device objects can be located anywhere within the NDS tree, but the HP Jetdirect print server must be configured with the fully qualified print server object name. For example, if the print server object is found in the container "marketing.mytown.lj", the print server context name is: OU=marketing. OU=mytown. O=lj" (where OU is an Organization Unit container and O is an Organization container within the NDS tree). The Jetdirect print server will also accept the following name: marketing.mytown.lj The Embedded Web Server cannot create NDS objects. To create objects, use a Novell NetWare tool, such as NWAdmin. To disable NDS support, leave this field blank.
Job Poll Interval	Specifies the time interval (seconds) that the HP Jetdirect print server will wait to check for print jobs in a print queue.
PJL Configuration	For Printer Job Language (PJL) parameters, enable (check) or disable (clear) the parameters provided: Banner Page : To print separator pages between LPD print jobs. End of Job Notification : If received from the printer, an end-of-job message will be forwarded to a client application. Toner Low Notification : If received from the printer, the HP Jetdirect print server will forward a toner low message to a client application.

AppleTalk

The table below describes the available settings on the AppleTalk tab.

AppleTalk Item	Description
AppleTalk Enable	Enable (check) or disable (clear) the AppleTalk protocol on the print server.
AppleTalk Name	Specify the name of the printer on the AppleTalk network. If you enter a name that is already assigned on the network, a number that indicates it is a duplicate will follow the AppletTalk name on the Jetdirect configuration page for this print server.
Print Type	These fields identify the type of printer being advertised on the network. Up to two types can be displayed (for example, HP LaserJet and LaserWriter).
Zone	Update or select an available AppleTalk network zone for the printer. By default, the zone currently selected will be displayed. If there are no zones, an asterisk (*) will be displayed.

DLC/LLC

Using the checkbox provided, enable (check) or disable (clear) the DLC/LLC protocols on the HP Jetdirect print server.

SNMP

Use this tab to specify or change Simple Network Management Protocol (SNMP) parameters.

If you use HP Web Jetadmin (version 7.0 or later) to manage your devices, you should use HP Web Jetadmin to seamlessly configure SNMPv3 and other security settings on the print server.

Using the embedded Web server to create the SNMPv3 account will erase any existing SNMPv3 accounts. In addition, the SNMPv3 account information will need to be implemented on the SNMP management application.

The table below describes the SNMP parameters.

SNMP Item	Description
Enable SNMPv1/v2 read-write access	This option enables the SNMPv1/v2c agents on the print server. Custom community names can be configured to control management access to the print server. An SNMP Set Community Name is a password to configure (or write) SNMP information on the HP Jetdirect print server. An SNMP Get Community Name is a password to retrieve (or read) SNMP information on the HP Jetdirect print server. An incoming SNMP SetRequest or GetRequest command must contain the appropriate Set or Get community name before the print server will respond. A community name must be ASCII characters and can be up to 255 characters long. The default Get community name is “public�?, which can be disabled to restrict access. If the use of “public�? is disabled, some port monitors or discovery utilities may not operate properly.
Enable SNMPv1/v2 read-only access	This option enables the SNMPv1/v2c agents on the print server, but limits access to read-only. Write-access is disabled. The default Get community name “public�? is automatically enabled.
Disable SNMPv1/v2	This option disables the SNMPv1/v2c agents on the print server, which is recommended for secure environments. If SNMPv1/v2c is disabled, some port monitors or discovery utilities may not operate properly.
Enable SNMPv3	(Full-featured HP Jetdirect print servers only) This option enables (check) or disables (clear) the SNMPv3 agent on the print server. When enabled, an SNMPv3 account must be created on the print server, and the account information must be implemented on the SNMPv3 management application. You can use the embedded Web server to create an account by providing the following information: User Name : the SNMPv3 account user name. Authentication Key: a 16-byte hexadecimal value for authenticating the SNMP packet contents using the MD5 algorithm. Privacy Key : a 16-byte hexadecimal value for encrypting the data portion of the SNMP packet using the DES algorithm. Context Name: the view context in which this user can access SNMP objects. It is always specified as Jetdirect.

Misc. Settings Tab

The table below describes advanced protocols and settings on the Misc. Setting s tab.

Misc. Settings Item	Description
SLP Config	Enable or disable the Service Location Protocol (SLP), used by selected client application software to automatically discover and identify the HP Jetdirect print server. SLP also requires that Multicast IPv4 be enabled.
Telnet Config	Enable or disable access to HP Jetdirect configuration parameters using Telnet.
mDNS	Enable or disable the Multicast Domain Name System (mDNS) protocol that allows the print server and device to be automatically discovered on a network that does not contain a DNS server. mDNS also requires that Multicast IPv4 be enabled.
Multicast IPv4	Enable or disable the IP (version 4) Multicast protocol that allows the print server and device to be automatically discovered by a client utility that is using Service Location Protocol (SLP) or mDNS for device discovery.
9100 Printing	Enable or disable port 9100 services. Port 9100 is an HP-proprietary raw TCP/IP port on the HP Jetdirect print server and is the default port for printing. It is accessed by HP software (for example, the HP Standard Port Monitor).
FTP Printing	Enable or disable File Transfer Protocol (FTP) services available on the HP Jetdirect print server for printing.
LPD Printing	Enable or disable the Line Printer Daemon (LPD) services on the HP Jetdirect print server. LPD on the HP Jetdirect print server provides line printer spooling services for TCP/IP systems.
IPP Printing	Enable or disable the Internet Printing Protocol (IPP) on the HP Jetdirect print server. If the printer is properly connected and accessible, IPP allows printing to this device over the Internet (or intranet). A properly configured IPP client system is required.
Link settings	(For wired 10/100TX networks only) Set the network link speed (10 or 100 Mbps) and communication mode (full- or half-duplex) for HP Jetdirect 10/100TX print servers. The available settings are listed below. CAUTION : If the link setting is changed, network communications with the print server (and network device) may be lost. AUTO: (Default) The print server uses autonegotiation to match the network’s link speed and communication mode. If autonegotiation fails, 100TXHALF or 10TXHALF is set depending on the link speed of the hub/switch. 10TXFULL: 10 Mbps, full-duplex operation 10TXHALF: 10 Mbps, half-duplex operation 100TXFULL: 100 Mbps, full-duplex operation 100TXHALF: 100 Mbps, half-duplex operation
DNS Server	Specify the IP address of a Domain Name System (DNS) server on the network.
Email (SMTP) Server	Specify the IP address of the preferred outgoing e-mail Simple Mail Transport Protocol (SMTP) server, for use with supported Scan devices.
Locally Administered Address	Token Ring only. Specify the LAA to be used on a Token Ring network.
Scan Idle Timeout	Specifies the number of seconds that an idle connection for scanning is allowed to remain open. The maximum is 3600, and the default is 300. If set to 0, the timeout is disabled and the connection will remain open until closed by the network system accessing the device.
Syslog Facility	Specify the encoded source facility of a message (for example, to identify the source of selected messages during troubleshooting). By default, the HP Jetdirect print server uses LPR as the source facility code, but local user values of local0 through local7 can be used to isolate individual or groups of print servers.
On fatal error	(HP Jetdirect external print servers only) Specifies the print server’s behavior when it detects a fatal error during operation with the attached device. Halt (default): The print server’s networking operation is suspended. User intervention will be required. Reboot : The print server will re-initialize, similar to a powercycle.
Error page type	(For supported HP Jetdirect external print servers only) On a fatal error, specifies the type of diagnostic page that will automatically print. Basic (default): A Default Diagnostic Page will print. It consists of a single page, in user-readable form, containing an error summary. Full : Up to five pages of full diagnostic information will be printed. These pages will contain detailed status of the print server at the time the error was detected. None : A diagnostic page will not be printed.
Dynamic Raw Port Setting	Allows additional ports to be specified for printing to TCP port 9100. Valid ports are 3000 to 9000, which are application-dependent.
MDNS Settings	Specifies the mDNS Service Name and the mDNS Domain Name. MDNS Service Name is the device name or model detected by the print server, followed by the unique LAN Hardware (MAC) address of the print server. MDNS Domain Name is a unique name associated with the IP address. By default, the name assigned is NPIxxxxxx.local, where xxxxxx are the last six digits of the LAN Hardware (MAC) address of the print server.
Enable MFP and AIO software support	(For supported HP Jetdirect LIO and external print servers only) Enable or disable the print server's support of the full-function scanning facility installed on the computers (the client software from the MFP's CD) for an HP multifunction (MFP or all-in-one) device. Disabling this causes the print server to disallow all functions other than printing over the network. (Support for basic scanning using the print server’s Web Scan facility is separate; see Enable Web Scan.)
Enable Web Scan	(For supported HP Jetdirect LIO and external print servers only) Enable or disable use of the basic scanning facility provided by the print server's embedded Web server Scan page. Availability of this facility is separate from support of the client’s full-function scanning software.
Enable Scan-to-email	(For supported HP Jetdirect LIO and external print servers only) Enable or disable use of the scanning-to-email facility. When this parameter is enabled, scanning-to-email is available, in addition to displaying and downloading scanned files. The email facility is accessible for users only when the mail server is specified. See the Email (SMTP) Server (for outgoing mail) parameter.

Firmware Upgrade

For print servers that support firmware upgrades, this page can upgrade the print server with new features.

The firmware upgrade file for the print server must be available on the computer from which you are browsing the Jetdirect embedded Web server. To identify and download the appropriate upgrade file to the computer, visit HP online support at:

http://www.hp.com/go/webJetadmin_firmware .

On that page, do the following:

1. Locate the print server model and the upgrade file.
2. Check the upgrade file version and verify that it is newer than the print server’s installed version. If it is, then download the file. If not, there is no need to upgrade.

To upgrade the print server using the embedded Web server:

1. Enter the path to the upgrade file or click Browse to locate it.
2. Then click Upgrade Firmware .

If you are upgrading from a version prior to X.24.XX, you must perform the upgrade again in order to view supported non-English languages. Otherwise, printing or other functions of the Jetdirect are not affected.

LPD queues

LPD (line printer daemon) print queues can be specified on the Jetdirect print server. To set LPD print queues, LPD printing must be enabled. See “Miscellaneous Settings�? below.

Ten different named print queues are available. Four of these are configured automatically and their parameters cannot be changed. The user can define the remaining six queues.

User-defined queues can be set up with character strings (such as job control commands) that are automatically added before or after the print job. Up to eight named strings can be defined, and each queue can be set up so that any of these named strings precedes the print data ("prepend string name") or follows the print data ("append string name").

To set up a user-defined print queue:

1. Assign the character strings and specify their values (for example, job control command entries)
2. Assign a print queue name, and enter the character strings as a prepend or append string for that print queue as appropriate.
3. Define the queue type (such as “raw�?).
4. Click Apply .
5. Set up the printer to use the queue, specifying the print queue when asked for a queue name.

The table below describes LPD queue parameters.

LPD Queues Item	Description
Queue Name	Name of the user-defined queue. This name can be up to 32 characters long, and can consist of any displayable ASCII characters. Up to six user-defined queues can be defined.
Prepend String Name	Name of the string to be added before the print data (or prepend). Type in a string name chosen from the table defined at the bottom of the browser window.
Append String Name	Name of the string to be added after the print data (or append). Type in a string name chosen from the table defined at the bottom of the browser window.
Queue Type	Processing instruction for the queue. Choose from these four queue types: RAW : No processing is performed. The line printer daemon treats the data in a raw queue as a print job that has already been formatted in PCL, PostScript, or HP-GL/2, and sends it to the printer without modification. (Note that any user-defined prepend or append string will be added to the job in the appropriate position.) TEXT : The line printer daemon treats data in text queues as unformatted or ASCII text, and sends commands to the printer for basic formatting (such as carriage returns). To use this queue type, the attached printer must support this feature. AUTO : Automatic processing is performed. The line printer daemon uses autosensing to determine whether the print data should be sent as raw or text. BINPS : Binary PostScript processing is performed. This instructs the PostScript driver to generate the print data using all possible byte values, from 0 to 255. (Most printers using LPR printing use the standard ASCII range, from 0 to 127.)
Default Queue Name	Name of the queue to be used if the queue specified for a print job is unknown. By default, the Default Queue Name is AUTO.
String Name	Name of a character string. Up to eight character strings can be defined for use in LPD queues; this parameter names the string, and the Value parameter defines the content of the string. Prepend and Append string names (specified in the table at the top of the browser window) must be chosen from the names specified here. The string name can be up to 32 characters long, and can consist of any displayable ASCII characters.
Value	The content of the string. The String Name parameter names the string; the Value parameter defines its content. When a string name is specified for a prepend or append string (in the table at the top of the browser window), the line printer daemon sends the value of that string to the printer before or after the print data (as appropriate). Character values can be anywhere in the extended ASCII range of 0 to 255 (hex 00 to FF). Specify a non-printing character using its hexadecimal value and entering a backslash followed by two hexadecimal characters. For example, to enter the escape character (hex 1B), type in \1B . If the string includes the backslash character itself, specify it as \5C . The maximum number of characters that can be typed into this field is 240. The characters in the field are checked for hexadecimal values, converted if necessary, and stored internally. The maximum number of characters stored internally in the string is 80; any characters that exceed this are discarded.

USB settings

(For HP Jetdirect external print servers only) If the HP Jetdirect print server provides a Universal Serial Bus (USB) connection to the network device (such as a USB printer), a USB tab will be displayed. The table below describes USB settings.

USB Settings Item	Description
Desired Communication Mode	Sets the highest level of USB communication capabilities when the print server tries to establish a communication level with the printer. If you select a different setting, you must powercycle the print server to activate it. Automatic (default): This setting allows the print server to set the highest functional level available, starting with IEEE 1284.4. If setting this level is not successful, subsequent levels are attempted. IEEE 1284.4: The highest level attempted is IEEE 1284.4, a mode for printers and multifunction (all-in-one) devices that allows multiple channels of simultaneous print, scan, and status communication. Otherwise it attempts, in turn, one of the other modes, as listed below. MLC: Multiple Logical Channels (MLC) is the next lower level. MLC is an HP-proprietary protocol that allows multiple channels of simultaneous print, scan, and status communication. Bidirectional: This functional level provides basic two-way printer communication. Print data is sent to the printing device and status information is returned from the printing device. Unidirectional: This is the lowest level and provides one-way printer communication from the print server to the printing device. The USB mode being used is reported on the Jetdirect configuration page.
Status Page Language	Specifies the Page Description Language (PDL), the printer language of the data sent to the printer that is used to print the Jetdirect configuration page. PCL, ASCII, PostScript(R), and HPGL2 are available options.

Support Info

Use this page to configure links for Support assistance. Designate a Support person and phone number of an administrator for this device, as well as URL addresses for Web-based product and technical support.

Refresh rate

The refresh rate is the time period (in seconds) that the diagnostic pages will be automatically updated. The value 0 disables the refresh rate.

Status

The Status tab displays the current security configuration settings of the print server. The settings that will be displayed depend on the features supported by the print server.

Wizard

The Wizard tab allows you to run the HP Jetdirect Security Configuration Wizard. This wizard will guide you through the print server’s security settings needed for the network. The available security levels and settings depend on the print server model. For example, value-based products, such as HP Jetdirect models 175x and 200m, provide limited security features.

Click Start Wizard to run the wizard. This opens the Security Level page, where you first select a security level, either Basic Security , Enhanced Security , or Custom Security .

The configuration parameters presented by the wizard on subsequent screens will depend on the security level selection. For more information, see the table below.

If you use HP Web Jetadmin to manage your devices, you should not use this wizard. Instead, use HP Web Jetadmin to configure the network security settings to ensure they are properly set for the network.

If you improperly exit the wizard (for example, by failing to use the Cancel button), an Operation Failed screen may appear. If so, wait approximately two minutes before entering the wizard again.

Security Level	Description
Basic Security	This option requires an administrator account password to be configured. This password is shared with other management tools, such as Telnet and SNMP applications. However, some management tools, such as Telnet, use plain-text communications that can be easily monitored. The Administrator Account page is used to enter the administrator password. The administrator password will also be used as the SNMPv1/v2 Set Community Name for SNMP management applications. The Configuration Review page displays all the current settings that may affect security. Click Finish to set the basic security selections.
Enhanced Security (Recommended)	(Not available for 175x and 200m) This option adds to Basic Security by automatically disabling management protocols that do not use secure, encrypted communications (such as Telnet, FTP firmware updates, RCFG, SNMPv1/v2c). The Administrator Account page is used to enter the administrator password. SNMP Configuration pages are used to configure specific SNMP settings: Enable SNMPv3 : (Full-featured print servers only) Enable this option to create an SNMPv3 account. Creating an SNMPv3 account is not recommended if you manage devices using HP Web Jetadmin. Enable SNMPv1/v2 read-only access : Enable this option to allow support of current tools that rely on SNMPv1/v2 for device discovery and status. The Configuration Review page displays all the current settings that may affect security. Click Finish to set the enhanced security selection.
Custom Security	This option proceeds through all available security settings supported by the print server. For more information on specific parameters and selections, see the descriptions of the Authorization and Mgmt. Protocols menus in this document. The Administrator Account page is used to enter the administrator password. The Web Interface page (for full-featured print servers only) is used for Secure HTTP (HTTPS) configuration, including certificates and encryption levels. The Management Tools page allows configuration of management protocols that are not secure (such as RCFG, Telnet and FTP firmware updates). SNMP Configuration pages are used to configure specific SNMP settings: Enable SNMPv1/v2 : Enable this option to allow management software that use SNMPv1/v2. If selected the SNMPv1/v2 Configuration page is displayed to configure SNMP community names. Enable SNMPv3 : (Full-featured print servers only) Enable this option to create an SNMPv3 account. Creating an SNMPv3 account is not recommended if you manage devices using HP Web Jetadmin. For more information, see the description of the SNMP tab in the Network Settings section of this document. Use the Authorization page to set up an Access Control List, which controls host access to the device. Use the Print Protocols and Services page to enable or disable network printing, print services, and device discovery protocols that may affect security. The Configuration Review page displays all the current settings that may affect security. Click Finish to set the custom security selections.

Restore Defaults

This tab displays the factory-default security settings for the print server. Other configuration parameters are not affected (for example, the IP address). Click the Restore Defaults button to configure the print server with these factory-default security settings.

Admin. Account

Use this tab to set an administrator password for controlled access to Jetdirect configuration and status information. The administrator password is shared with other Jetdirect configuration tools, such as Telnet and HP Web Jetadmin. If a password is set and you attempt to access the networking configuration parameters, you will be prompted for a user name and this password before you are allowed access.

The administrator password may be cleared by a cold reset of the print server, which resets the print server to factory-default settings. Because the administrator password is a security setting, the Restore Defaults button on the Restore Defaults tab will also clear this password.

A checkbox allows you to synchronize HP Web Jetadmin and the SNMPv1/v2c Set Community Name. If you enable this feature (the checkbox is checked), the administrator password will also be used as the SNMP Set Community Name for SNMPv1/v2c management applications.

If you subsequently change the SNMP Set Community Name (for example, using the SNMP tab on the Network Settings page or from Web Jetadmin), the two settings will no longer be synchronized.

Certificates

(Full-featured HP Jetdirect print servers only) This tab provides access to installation, configuration and management services for X.509 digital certificates. A digital certificate is an electronic message typically containing, among other things, a key (a short string used for encryption and decryption) and a digital signature.

Certificates may be issued and signed by a trusted third party (commonly called a Certificate Authority, or CA), which may exist internal or external to the organization. Or, certificates may be self-signed, which is similar to validating your own identity.

While self-signed certificates are permitted and allow data encryption, they do not ensure valid authentication.

The Certificates page provides the status of all certificates installed on the HP Jetdirect print server.

Jetdirect Certificate. The Jetdirect certificate is used to validate the identity of the Jetdirect device to clients and to network authentication servers.

• By factory default, a self-signed Jetdirect certificate is preinstalled. Using this certificate, the embedded Web server may be configured as a secure site using HTTPS. This certificate can be replaced with one issued by a trusted third party.
• Click View to view the contents of an installed Jetdirect certificate, or click Configure to update or install a new one.
• Once installed, a Jetdirect certificate will be saved across a cold-reset (a cold-reset is used to restore the print server to factory-default values).

CA Certificate. (Wireless print servers only) A certificate from a trusted third party, or Certificate Authority (CA), is used to validate the identity of a network authentication server. A CA certificate is required for selected EAP authentication protocols. The authentication server’s identity is validated when information on the CA certificate matches the information on a certificate received from the authentication server. Therefore, the CA certificate must be the certificate used to sign the authentication server’s certificate.

• Click View to view the contents of an installed CA certificate, or click Configure to update or install a new one.
• A CA certificate is not saved when the print server is reset to factory-default values.
• The maximum certificate size that can be installed on the HP Jetdirect print server is 3072 bytes.

Configuring Certificates. Click Configure and a certificate management wizard will help to update or to install a certificate. The screens displayed will depend on the type of certificate (Jetdirect or CA) and your entries. The table below provides a description of the screens and configuration parameters that may appear.

If you improperly exit the wizard (for example, if you use the browser’s Back button instead of using the wizard’s Cancel button), a page expiration message may appear. If so, wait approximately two minutes before entering the wizard again.

Wizard screens	Description
Certificate Options	Update Pre-Installed Certificate : Use this option to update the preinstalled, self-signed Jetdirect certificate. When updated, the preinstalled certificate is overwritten. To update the validity period, click Edit Settings . See the Certificate Validity screen description below. With self-signed certificates, the browser will identify the certificate as self-signed for each new Web session and may cause a security alert message. This message can be bypassed if the user adds it to the browser’s certificate store or disables browser alerts (not recommended). Self-signed certificates are not necessarily secure because the certificate owner is merely confirming his own identity instead of verification by a trusted third party. Certificates from a trusted third party are considered more secure. Create Certificate Request : Using this option, you are prompted for specific device and organizational information. See the Certificate Information screen description below. This option may be used, for example, when a wireless authentication protocol requires that a Jetdirect certificate issued by a trusted third party or Certificate Authority be installed. Install Certificate : This option is displayed if there is a pending Jetdirect certificate request to a trusted third party. When received, the certificate is installed using this option. During installation, this certificate overwrites the preinstalled certificate. See the Install Certificate screen descriptions below. Install CA Certificate : (Wireless print servers only) This option is displayed when you click Configure for a CA certificate. A CA certificate must be installed if selected EAP/802.1x protocols for authentication on a wireless network are required. See the Install CA Certificate screen descriptions below. Delete CA Certificate : (Wireless print servers only) This option is used to remove the CA certificate installed on the Jetdirect print server. This option appears when a CA certificate for EAP authentication has been installed. If the CA Certificate is deleted, EAP authentication will be disabled and network access will be denied. A CA Certificate will also be removed on a cold-reset of the print server, where factory-default settings are restored.
Certificate Validity	Use this screen to specify how long the Jetdirect self-signed certificate will be valid, starting with the current Coordinated Universal Time (UTC). UTC is a time scale maintained by the International Bureau of Weights and Measures. It adjusts for differences between Greenwich Mean Time and atomic time. It is set at 0 degrees longitude on the prime meridian. The Validity Start Date is calculated from the PC’s clock settings and cannot be reset. The Validity Period specifies the number of days (1 to 3650) that the certificate is valid, starting from the Validity Start Date. A valid entry (1 to 3650) is required. The default is 5 years.
Certificate Information	Use this page to enter information needed for a certificate request from a Certificate Authority. Common Name (Required): Specify the fully qualified domain name (for example, myprinter.mydepartment.mycompany.com ) or a valid IP address for the device. The Common Name will be used to uniquely identify the device. For HP Jetdirect wireless print servers using EAP authentication, some authentication servers may need to be configured with the Common Name as specified on the certificate. If not otherwise assigned, the default IP address of the Jetdirect print server is 192.0.0.192, which may not be valid for the network. You should not use this address to identify the device. Organization (Required): Specify the full legal name for your company. Organizational Unit (Optional): Specify the department, division, or other subgroup of your organization. Locality (city) (Required): Enter the city or locality in which your organization is located. State/Province (Required for all countries/regions): Enter the state/province in which your organization is located. The entry must contain at least three characters. Country/Region (Required): Enter a two-character ISO 3166 country/region code. For example, use "gb" for Great Britain or "us" for USA.
Install Certificate, or Install CA Certificate	Use the Install Certificate screen to install a Jetdirect certificate. Use the Install CA Certificate screen to install a trusted Certificate Authority (CA) certificate (Wireless print servers only). Enter the PEM/Base64 (Privacy Enhanced Mail) encoded certificate into the text box provided. If the certificate was received electronically (for example, through e-mail), you may copy and paste the information. To install a Jetdirect certificate using the Install Certificate option, a pending certificate request by the embedded Web server must exist. A Jetdirect or CA certificate size is limited to 3 KBytes.

Access Control

Use this tab to display the Access Control List (ACL) on the HP Jetdirect print server. An access control list (or host access list) specifies individual host systems, or networks of host systems, that will be allowed to access the print server and the attached network device. Up to 10 entries can be included on the list. If the list is empty (no hosts are listed), any supported system can access the print server.

The table below gives examples of host access list entries:

IP Address	Mask	Description
192.0.0.0	255.0.0.0	Allow all hosts with network number 192.
192.1.0.0	255.255.0.0	Allow all hosts on network 192, subnet 1.
192.168.1.2		Allow the host with IP address 192.168.1.2. In this case, the mask 255.255.255.255 is assumed and is not a required entry.

By default, hosts (computers) with HTTP connections (for example, via the embedded Web server or IPP, the Internet Printing Protocol) are allowed access to the print server regardless of access control list entries. To disable access by HTTP hosts, clear the checkbox at the bottom of the list.

• IP Address . Hosts (computers) are specified by their IP addresses or network number.
• Mask . If the network contains subnets, a numeric mask may be used to identify whether the IP address designates an individual host system or a group of host systems.
• To add an entry into the access control list, use the IP address and Mask fields to specify a host, and enable the Enable checkbox for that entry. Then click Apply .
• To delete an entry from the list, clear the Enable checkbox for that entry. Then click Apply .
• To clear the entire access control list, clear all Enable checkboxes, and click Apply .

Web Mgmt.

Use this tab to establish secure Web-based communications with the embedded Web server for device and networking management.

Secure, encrypted Web-based communication is provided through the Secure HTTP (HTTPS) protocol. If configured to require HTTPS, the embedded Web server routes HTTPS communications through port 443, the well-known port for HTTPS traffic. Although ports 80, 280, or 631 continue for Internet Printing Protocol (IPP) use, other non-secure communications (HTTP) are redirected to HTTPS. Redirection of the browser to use HTTPS may be transparent depending on the browser’s capabilities.

HP wireless print servers, by factory default, are configured to require HTTPS communications. However, wired print servers, by factory default, are configured to allow HTTPS or HTTP.

To support the use of HTTPS communications, a Jetdirect certificate must be installed. A factory-default, self-signed certificate is preinstalled for initial use. Click the Configure button to update the preinstalled certificate or to install a new one. For more information, see the description of the Certificates tab in the Authorization menu.

Encryption Strength : The encryption strength must be specified when using a Jetdirect certificate. You may select Low (default), Medium, or High encryption strength.

For each encryption strength, ciphers are specified to identify the weakest cipher allowed. Early browsers may only support 40-bit (Low) encryption levels.

Cipher suites support different levels of encryption strength. The cipher suites currently supported for encryption and decryption are DES (Data Encryption Standard, 56-bit), RC4 (40-bit or 128-bit), and 3DES (168-bit).

Enable (check) the Encrypt All Web Communication checkbox to require HTTPS communications. Disable (clear) the checkbox to allow both HTTPS and HTTP communications. Allowing both HTTPS and HTTP protocols to operate is not secure.

SNMP

Use this tab to enable or disable SNMPv1/v2c/v3 agents on the print server, depending on the print server model. Value-based print servers (such as HP Jetdirect models 175x, 200m) do not support an SNMPv3 agent. For a description of SNMP selections, refer to the SNMP table above in the Network Settings section of this document.

SNMPv3 . The HP Jetdirect print server includes an SNMPv3 (Simple Network Management Protocol, version 3) agent, for enhanced SNMP security. The SNMPv3 agent employs a User-based Security Model for SNMPv3 (RFC 2574), which features user-authentication and data privacy through encryption.

The SNMPv3 agent is enabled when an initial SNMPv3 account on the print server is created. Once the account is created, any SNMP management application, if properly configured, can access or disable the account.

If you use HP Web Jetadmin to manage your devices, you should use HP Web Jetadmin to configure SNMPv3 and other security settings for a seamless configuration of the print server. Using the embedded Web server to create the SNMPv3 account will erase any existing SNMPv3 accounts. In addition, the SNMPv3 account information will need to be implemented on the SNMP management application.

You may create the initial account by specifying the HMAC-MD5 authentication and CBC-DES data privacy encryption keys used by your SNMPv3 management application.

You should disable Telnet and ensure secure embedded Web communications through HTTPS only before creating the initial SNMPv3 account. This will help to prevent access or interception of account information over a connection that is not secure.

SNMPv1/v2c agents can coexist with the SNMPv3 agent. However, to fully secure SNMP access, you should disable SNMPv1/v2c.

Other

Use this tab to enable or disable various protocols supported by the print server for printing, print services, and management. See the table below.

Other Mgmt. Protocol Items	Description
Enable Print Protocols	Enable or disable network protocols supported by the print server: IPX/SPX, AppleTalk, DLC/LLC. For example, disable unused protocols to prevent printer access using those protocols. Because it uses TCP/IP, the embedded Web server does not allow disabling TCP/IP.
Enable Print Services	Enable or disable various print services supported by the print server: port 9100, LPD (Line Printer Daemon), IPP (Internet Printing Protocol), FTP (File Transfer Protocol). Disable unused print services to prevent access through those services.
Enable Device Discovery	Enable or disable device discovery protocols supported by the print server: Service Location Protocol (SLP), Multicast Domain Name System (mDNS), Multicast IPv4. If these protocols are enabled (checked), client system applications that use these protocols can provide automated device discovery and installation.
Enable Management Protocols	Enable or disable Telnet access and the use of FTP to upgrade firmware on the print server. Telnet and FTP are not secure protocols and device passwords may be intercepted. Enable or disable RCFG, a remote IPX configuration protocol used by older management tools to configure Novell NetWare parameters. Disabling RCFG does not affect direct mode printing using IPX/SPX. For security, disabling Telnet, FTP firmware upgrades and RCFG is recommended.