solution Contentsolution Content

HP Jetdirect and Embedded Jetdirect Print Servers - Embedded Web Server (V.36.xx)

HP Jetdirect print servers contain an embedded Web server that can be accessed from a compatible Web browser over an intranet. The embedded Web server provides access to configuration and management pages for the HP Jetdirect print server and the attached network device, such as a printer or multifunction peripheral (MFP) device.
Tabs across the upper portion of your browser window provide access to device and networking pages. The tabs and functions displayed will vary depending on the capabilities of the device and the HP Jetdirect print server firmware version.
For a description of the device pages, see the embedded Web server documentation supplied with your printer or MFP device.
The Networking tab is displayed and controlled by the Jetdirect print server.
A typical Networking tab served by the HP Jetdirect print server is illustrated below.
Figure : HP Jetdirect Networking Tab
For network parameter descriptions, see Networking Tab

Requirements

Compatible Web Browsers

To access the embedded Web server, you must use a compatible Web browser. In general, the embedded Web server can be used with Web browsers that support HTML 4.01 and cascading style sheets.
Hewlett-Packard tests a number of current and older browsers using a variety of systems. In general, we recommend using the following browsers:
  • Microsoft Internet Explorer 5.0 or greater
  • Netscape Navigator 6.0 or greater
  • Mozilla Firefox 1.x or greater

Browser Exceptions

Due to known problems experienced during testing, we recommend that you do not use the following browsers:
  • Netscape Navigator 6.2.x with SSL

Supported HP Web Jetadmin Version

HP Web Jetadmin is a browser-based, enterprise management tool for network devices. It is available from HP online support at the following URL:
To make use of improved security features, HP Web Jetadmin version 8.0 or greater is recommended for operation with the HP Jetdirect embedded Web server. Using HP Web Jetadmin, you can enable the IPv4/IPv6 SNMP v3 agent and seamlessly create an SNMP v3 account on the print server.
note:
HP Web Jetadmin 8.0 does not support SNMP configuration over IPv6 protocols. However, Jetdirect MIB configuration objects (such as IPv6 and IPsec objects) may be viewed over IPv4.
Currently, browser support between HP Web Jetadmin and the embedded Web server may differ. For supported browsers with HP Web Jetadmin, visit http://www.hp.com/go/webjetadmin.

Viewing the Embedded Web Server

Before you can use the embedded Web server, the HP Jetdirect print server must be configured with an IP address.
Using IPv6 protocols, IPv6 addresses are typically configured automatically on the print server, although manual configuration is available.
Using IPv4 protocols, there are many ways to configure an IPv4 address on the print server. For example, you can automatically configure IP parameters over the network using BOOTP (Bootstrap Protocol) or DHCP (Dynamic Host Configuration Protocol) each time the print server is turned on. Or, you can manually configure IP parameters using the printer's control panel (for selected printers), Telnet, the “arp” and “ping” commands, HP Web Jetadmin or other management software.
When powered on, an HP Jetdirect print server that is unable to retrieve a valid IP address from the network will automatically assign itself either a legacy default IPv4 address 192.0.0.192 or a link-local address in the range 169.254.1.0 to 169.254.254.255. The IP address configured on your print server can be determined by inspecting the Jetdirect configuration page for the print server.
If the legacy default IPv4 address 192.0.0.192 has been assigned, you must temporarily set up your computer with the same IP network number or establish a route to the print server before you can gain access to the embedded Web server.
To access the embedded Web server, perform the following steps:
  1. Run a supported Web browser.
  2. Enter the IP address or fully qualified domain name (FQDN) of the print server as the URL.
    note:
    For browsers that support direct IPv6 address entries, an IPv6 address is typically enclosed in brackets ([ ]). See your system documentation.
    If you do not know the FQDN for the device (for example, printer1.support.hp.com), enter the host name (in this example, printer1). Your system may be able to resolve an IP address for the device.
    Figure : Entering an IP Address or Fully Qualified Domain Name
  3. If prompted with security alerts, click Yes to proceed.
    By factory default, HP Jetdirect print servers and printers/MFPs with IPsec support are configured as a secure site, using an X.509v3-compliant certificate installed on the print server for identification. Encrypted browser communications through HTTPS (secure HTTP) is required for initial access.
    Although not recommended, you can use your Internet Options menu to configure your browser to ignore security warnings if the print server is configured to operate through HTTPS. See Mgmt. Protocols.
  4. An embedded Web server page will be displayed. The initial page displayed is typically served by the printer/MFP device.

Operating Notes

  • If you enter or change a configuration parameter value, click Apply to enable your change, or click Cancel to erase your change.
  • Changes to the IP address will close the connection to the embedded Web server. To re-establish a connection, use the new IP address.
      caution:
    Changes to the IP address on the HP Jetdirect print server may result in printing failures for clients that have been configured to print to this printer using the previous IP address.
  • Novell NetWare networks: On the Network Settings page, use the IPX/SPX tab to configure Novell Directory Services (NDS) Queue Server mode parameters. Note that the embedded Web server cannot create NDS objects (print server, printer, and print queue objects) on the Novell server. To create these objects, use a Novell NetWare utility, such as NWAdmin, or configure the IPX/SPX stack for NDS through HP utilities, such as HP Web Jetadmin.

HP Jetdirect Home Tab

The Home tab will display the HP Jetdirect home page if a Web server in the attached device cannot be accessed or does not exist. The HP Jetdirect home page displays a generic printer graphic to represent the attached device. The HP Jetdirect print server's product model, firmware version, and network addresses are displayed along with any device information that can be retrieved. The following table provides a summary of the items displayed on the HP Jetdirect home page.
note:
The information displayed depends on the Jetdirect print server and device. Value-featured print servers provide limited information.
HP Jetdirect Home Page Items
Item
Description
Home tab
Displays the Jetdirect Home page. This tab will not appear if Web pages served by the attached device can be accessed.
Networking tab
Provides access to network configuration, security, and diagnostic parameters. For more information, see Networking Tab
Device Info
Identifies the device (such as the model name of the printer or multifunction all-in-one device) connected to the network through the HP Jetdirect print server.
Other information that can be retrieved from the device are also displayed (such as Page Count, or Control Panel status). The information will vary depending on the features of the attached device.
Select Language
Appears if the HP Jetdirect Web pages support multiple languages. Supported languages may also be selected through language preference settings in your browser.
To display supported non-English languages, the use of cookies must be enabled in your browser settings.
Host Name
Specifies the IP host name assigned to the device and stored on the HP Jetdirect print server. The default host name is NPIxxxxxx, where xxxxxx are the last six digits of the LAN hardware (MAC) address. See TCP/IP on the Networking Tab
System Up Time
The length of time since either the HP Jetdirect print server or the network device was last powered off/on.
System Contact
A text string (stored on the HP Jetdirect print server) for the name of a person to contact for this device. See TCP/IP on the Networking Tab.
System Location
A text string (stored on the HP Jetdirect print server) that identifies the physical location of this device. See the Networking TCP/IP configuration pages.
HP Jetdirect product
The product number of the HP Jetdirect print server (for example HP J7982E).
Firmware Version
The version of the operating instructions installed on the HP Jetdirect print server.
IP Address
The Internet Protocol address configured on the HP Jetdirect print server.
Hardware Address
The LAN hardware (or MAC, Media Access Control) address of the HP Jetdirect print server. This unique address is assigned by Hewlett-Packard, but can be locally administered.
LAA
A Locally Administered Address (LAA) that replaces the LAN Hardware (MAC) address. The LAA may be configured under local control by a network administrator. By default, the LAA is the factory-assigned LAN Hardware address.
Admin Password
Specifies whether or not an administrator password has been set. This password may also be configured through a Telnet session with the HP Jetdirect print server, or from HP Web Jetadmin.
Because passwords are synchronized with selected printers, the password may have also been set through printer security Web pages.
Use the Admin Password page to set or clear administrator passwords.
If an administrator password has been set, you will be prompted for a User Name and Password to access network parameters. For more information, see the Admin. Accountsection in this guide.

Device Tabs

In place of the Home tab, various device tabs may appear if the attached network device also contains a supported embedded Web server. Device tabs provide access to embedded Web pages served by the device. For information on Device tab features, see the embedded Web server guide for the device. This guide is supplied with HP LaserJet printers/MFPs that support an embedded Web server.

Networking Tab

The Networking tab provides access to HP Jetdirect network configuration parameters and status. At the top of the page, the printer/MFP model, host name, and IP address are displayed. These items are persistent on all network configuration pages. The menu items in the left margin provide access to configuration and status pages, and are listed below.
note:
The information displayed depends on the Jetdirect print server and device. Value-featured print servers provide limited information and capabilities.

Sending Product Information to HP

The first time that you access the Networking tab in the embedded Web server, you will be prompted to allow the sending of product information to HP using the Internet. Product identification and usage data collected by HP will be used to improve product features and services. Personal data is not collected in accordance with HP privacy policies. See the Hewlett-Packard Online Privacy Statement at http://www.hp.com.
If you choose to decline by pressing No, a log entry to record this choice may be sent to HP. To prevent HP from making a log entry that data collection was refused, do one of the following:
  • Disable access to the Internet before pressing No.
    You can disable Internet access on your browser, for example, by disabling the Web Proxy server. After pressing No, simply re-enable Internet access.
  • Use Telnet (IPv4) to disable this functionality before pressing No.
    1. Telnet to the IP address of the Jetdirect print server.
    2. If prompted for a user name and password, enter “Admin” for the user name. Then enter the password assigned to the print server.
    3. Enter the following Telnet command “phone-home-config: 0
    4. To exit and save your settings, enter the command “quit”. The Telnet program will ask if you wish to save this information. Be sure to type “Y” for Yes.
  • Use an SNMP management utility or an SNMP command line utility to disable this functionality before pressing No. The object identifier (OID) is .1.3.6.1.4.1.11.2.4.3.7.31.0 and needs to be set to zero (0).
You can choose to enable or disable this feature at any time using the Privacy Settings page under the Networking tab.

TCP/IP Settings

The TCP/IP Settings menu provides access to the following tabs:

Summary

This tab provides a summary of the TCP/IP configuration. Items on this page are listed below.
TCP/IP Summary tab
Item
Description
Host Name
Specifies the IP host name assigned to the device and stored on the HP Jetdirect print server.
To configure a host name, see the Network Identification tab.
IPv4 Status
Indicates the status of the IPv4 protocol. IPv4 cannot be disabled from the embedded Web server in this release.
Fully Qualified Domain Name (IPv4/IPv6)
The fully qualified domain name (FQDN) consists of the device's host name and domain name. Unless the network administrator segments domains into separate IPv4 and IPv6 hosts, the FQDN can be used on either IPv4 or IPv6 networks simultaneously.
IPv4 Address
Identifies the IPv4 address, subnet mask and default gateway for the print server.
Config By
Specifies how the IPv4 parameters were configured: DHCP, BOOTP, Manual, or Auto IP.
DHCP Lease Time
If DHCP is used for configuration, the duration of the DHCP IP address lease (in seconds) for the print server will be displayed.
IPv6 Status
Indicates the status of the IPv6 protocol. IPv6 can be enabled or disabled through the embedded Web server.
Fully Qualified Domain Name (IPv6 only)
The fully qualified domain name (FQDN) consists of the device's host name and domain name. Depending on the network architecture, it can be the same as, or different from, the printer's IPv4 FQDN. If assigned, it applies to the IPv6 network only.
IPv6 Address list
IPv6 addresses configured on the print server are listed. For each address, the following items are specified:
  • Prefix length: identifies the number of bits that comprise the fixed portion of the address. Typically, it is 64 and identifies network/subnet portion of the address.
  • Config By: identifies how the address was configured, such as auto-configuration through link-local addressing, by a Router, by a DHCP(v6) server, or configured manually.
  • Valid Lifetime: The length of time (lifetime) that the address can be used, after which the address becomes invalid. This value is determined during the auto-configuration process.
  • Preferred Lifetime: The length of time (lifetime) that the address can be used without limitation, but after which the address is deprecated — its use is discouraged. The preferred lifetime is a subset of the valid lifetime. This value is determined during the auto-configuration process.
Default Route Information
If a router advertises itself to the print server as a default router on the local link, its IPv6 address and the length of time that it may be used are displayed.

Network Identification

This tab provides TCP/IP network identification. Items on this page are listed below.
TCP/IP Network Identification tab
Item
Description
Host Name
Specifies a readable IP name (the SNMP SysName object) for the network device. The name must start with a letter and can end in a letter or number, up to 32 ASCII characters. The default name is NPIxxxxxx, where xxxxxx are the last six digits of the LAN hardware (MAC) address.
note:
Names, such as host names, must begin with a letter and can contain only letters, numbers, periods (for domain names only), or hyphens. The underline character (_) is not allowed.
Domain Name (IPv4/IPv6)
Domain Name (IPv6 only)
Specifies the name of the Domain Name System (DNS) domain that the HP Jetdirect print server resides in (for example, support.hp.com). It does not include the host name; it is not the Fully Qualified Domain Name (such as printer1.support.hp.com).
The IPv4 and IPv6 domain names may be the same or different depending on the network. For example, a separate IPv6 domain name may be assigned on networks where segmentation of IPv4 and IPv6 hosts is desirable. If an IPv6 Domain Name is assigned, it applies to the IPv6 network only.
DNS (IPv4)
DNS (IPv6)
Use the fields provided to configure the print server with primary and secondary Domain Name System (DNS) servers on your IPv4 or IPv6 networks.
Primary: Specify the IP address of the primary DNS (Domain Name System) server.
Secondary: Specify the IP address of a secondary DNS server to use if the primary DNS server is unavailable.
DNS Suffixes
A Fully Qualified Domain Name (FQDN) consists of a domain name appended to a host name, and is used (for example, by DNS servers) to resolve an IP address associated with a device.
The DNS suffix list is a list of domain names for the printer. If user-friendly host names are used, a DNS suffix list may be created and stored on the print server to assist in resolving the printer's host name with its IP address.
To add an entry to the suffix list, enter a domain name (text string) in the field next to the Add button, then click Add. To delete an entry from the list, select the entry and click Delete.
DNS suffix entries may consist of up to 256 alphanumeric characters and periods. The DNS suffix list may contain up to 32 entries.
WINS (IPv4 only)
Use the fields provided to configure the print server with preferred and alternate Windows Internet Naming Service (WINS) server on your IPv4 network. Like DNS, WINS provides IP address and name resolution services for network computers and devices.
Preferred (Primary): Specify the IP address of the preferred WINS server.
Alternate (Secondary): Specify the IP address to be used for WINS if the preferred WINS Server is unavailable.
Bonjour
Use this section to specify the Bonjour Service Name (formerly listed as Multicast Domain Name System, or mDNS, Service Name), or to identify the assigned Bonjour Domain Name.
  • Bonjour Service Name: This name is persistent and is used to resolve a particular device or service if socket information (such as the IP address) changes from session to session.
    The default service name is the printer model along with the last six digits of the LAN Hardware (MAC) address. To change the name assigned to this device or service, enter an alphanumeric string of up to 64 ASCII characters.
  • Bonjour Domain Name: (Read-only parameter) Specifies the Bonjour domain name assigned to the device, in the form <host name>.local. If a host name has not been assigned, the default host name NPIxxxxxx is used, where xxxxxx are the last 6 digits of the LAN hardware (MAC) address.

TCP/IP(v4)

The TCP/IP(v4) tab allows you to configure basic IPv4 settings on the print server. For additional parameters, see the Advanced tab.
TCP/IP(v4) tab
Item
Description
IP Configuration Method
Selects the method that the HP Jetdirect print server will use for its IP configuration parameters: BOOTP (default), DHCP, Manual, or Auto IP.
For BOOTP or DHCP, the IP parameters will be automatically configured by a BOOTP or DHCP server each time the print server is powered on.
If you select Manual, then basic IP parameters can be manually entered using this Web page, or using other available tools.
If you select Auto IP, then a unique link-local address 169.254.x.x will be assigned.
IP Address
Use this field to manually assign the Internet Protocol address on the HP Jetdirect print server. The IP address is a four byte (32-bit) address in dotted decimal format “n.n.n.n”, where ‘n’ is a number from 0 to 255.
An IP address uniquely identifies a node on a TCP/IP network. Duplicate IP addresses on a TCP/IP network are not allowed.
Subnet Mask
If subnetting is used, use this field to manually assign a subnet mask. A subnet mask is a 32-bit number that, when applied to an IP address, determines which bits specify the network and subnet, and which bits uniquely specify the node. It is entered in dotted decimal format “n.n.n.n”, where ‘n’ is a number from 0 to 255.
Default Gateway
Identifies the IP address of a router or computer that is used to connect to other networks or subnetworks. It is entered in dotted decimal format “n.n.n.n”, where ‘n’ is a number from 0 to 255.

TCP/IP(v6)

Use the TCP/IP(v6) tab to enable IPv6 operation, view IPv6 auto-configuration addresses, or manually configure IPv6 addresses. For additional parameters that can be configured, see the Advanced tab.
TCP/IP(v6) tab
Item
Description
IPv6 Enable
Enter a check mark in this checkbox to enable IPv6 operation. Clear this checkbox to disable IPv6.
Link-Local Address
(Read only parameter) This item specifies the print server's IPv6 link-local address and prefix length. Like other IPv6 hosts, the print server configures this address automatically. The link-local address allows the print server to communicate with other IPv6 hosts on the local link without routers.
Stateless Addresses
(Read only parameters) The stateless addresses (and prefix lengths) configured on the print server are listed. Stateless addresses are assigned under the control of a router.
DHCPv6 Addresses
This section allows you to configure the DHCPv6 policy that the print server uses for stateful addresses, assigned by a DHCPv6 server.
To set the DHCPv6 policy, select one of the following:
  • Perform DHCPv6 only when requested by a router: Allow the router to control stateful addressing.
  • Perform DHCPv6 when stateless configuration is unsuccessful: Attempt to use DHCPv6 if stateless addressing by a router fails.
  • Always perform DHCPv6 on startup: The print server should always attempt DHCPv6 for configuration each time it is powered on.
If DHCPv6 is used for stateful addressing, the addresses (and associated prefixes) configured on the print server will be listed.
Manual Address
Use this section to manually configure an IPv6 address on the print server, and to enable or disable the address.
Check the Enable checkbox to enable an IPv6 address that has been manually configured. Clear this checkbox to disable the address, which is the default setting.
Use the Address and Prefix length fields to enter an IPv6 address and its prefix length. If IPv6 address prefixes (for example, supplied by a router) have been stored on the print server, you can select a prefix from the Prefix field, and then click Add to copy the prefix into the Address field. Then enter the remainder of the address.

Config Precedence

This page is used to specify the order of precedence of the print server configuration methods. For example, if a network administrator wants to ensure that IPv4 parameters configured by a TFTP server cannot be overwritten by a manual configuration method (such as the printer control panel, Telnet, or embedded Web server), the administrator can use this page to indicate that TFTP takes precedence over manual configuration.
The factory-default precedence order is indicated below.
TCP/IP Config Precedence tab
Item
Description
Configuration Methods
Specifies the precedence of the configuration methods used to configure the print server. The default precedence is indicated below, where manual configuration has the highest priority.
Manual: Configuration through tools such as the printer control panel, Telnet, embedded Web server, installation and management software.
TFTP: Configuration through a TFTP file from a TFTP server, typically identified during a BootP/DHCP configuration.
DHCP/Bootp: Configuration from a BootP or DHCPv4 server.
DHCPv6: Configuration from a DHCPv6 server.
Default: Factory default configuration.
To change the order of the list, select an entry and use the up or down arrows to move it.
Reset to default scheme
This button resets the precedence table to the default sequence described above.
Reinitialize Now
This button saves the new precedence table, clears the configuration method to its factory-default setting, and restarts the IP stack.
Clear Previous Values and Reinitialize Now
This button saves the new precedence table, clears the configuration method to its factory-default setting, clears current TCP/IP parameter settings, and restarts the IP stack.
Apply
Cancel
The Apply button saves changes to the Configuration Methods precedence table. Depending on the changes made, you may need to turn the print server Off/On to implement the change.
The Cancel button cancels your changes to the precedence table.
  caution:
The Cancel button will not reverse changes made by the Reinitialize Now or Clear Previous Values and Reinitialize Now buttons.
Example: To set all parameters configured through DHCP to be “Read-only”, and to allow manual configuration only of parameters that are not configured through DHCP, proceed as follows:
  1. Power on the print server so that it obtains its DHCP configuration.
  2. Change the precedence table to the following:
    BOOTP/DHCPv4
    DHCPv6
    TFTP
    Manual
    Default
  3. Press Clear Previous Values and Reinitialize Now.

Advanced

This tab provides configuration of additional TCP/IP parameters described below.
TCP/IP Advanced tab
Item
Description
Idle Timeout
(IPv4 or IPv6) Specifies the number of seconds that an idle connection is allowed to remain open. Up to 3600 seconds can be set. 270 is the default value. If set to 0, the timeout is disabled and TCP/IP connections will remain open until closed by the device at the other end of the network (for example, a workstation).
LPD Banner Page
(IPv4 or IPv6) Specifies whether to enable or disable printing of an LPD banner page for print jobs. For currently supported print servers, only a single port is available (Port 1).
System Contact
(IPv4 or IPv6) Identifies a person who is assigned to administer or service this device. This field may include a phone number or similar information.
When configured, this parameter will be displayed on the Protocol Info page, and the HP Jetdirect Home tab if available.
System Location
(IPv4 or IPv6) Specifies the physical location of the device or related information. Only printable ASCII characters are allowed, up to 64 characters.
When configured, this parameter will be displayed on the Protocol Info page, and the HP Jetdirect Home tab if available.
Proxy Server
(For printers/MFPs that support this feature)
(IPv4 only) Specifies the proxy server to be used by embedded applications in your printer/MFP. A proxy server is typically used by network clients for Internet access. It caches Web pages, and provides a degree of Internet security, for those clients.
To specify a proxy server, enter its IP address or fully-qualified domain name. The name can be up to 64 characters.
For some networks, you may need to contact your Independent Service Provider (ISP) for the proxy server address.
Proxy Server Port
(For printers/MFPs that support this feature)
(IPv4 only) Enter the port number used by the proxy server for client support. The port number identifies the port reserved for proxy activity on your network, and can be a value from 0 to 65535.
Proxy Server User Name
(For printers/MFPs that support this feature)
(IPv4 only) If a user account on the proxy server has been set up, enter the name of the user account.
Proxy Server Password
(For printers/MFPs that support this feature)
(IPv4 only) If a user account on the proxy server has been set up, enter the password of the user account.
Proxy Server Exception List
(For printers/MFPs that support this feature)
(IPv4 only) Enter Web addresses, host names, or domain names that do not need to be accessed through the proxy server. Use semicolons (;) to separate entries.
Default IP
(IPv4 only) Specifies the IP address to use when the print server is unable to obtain an IP address from the network during a forced TCP/IP reconfiguration (for example, when manually configured to use BOOTP/DHCP).
LEGACY DEFAULT_IP: sets the legacy default IP address 192.0.0.192.
AUTO_IP: sets a link-local IP address 169.254.x.x.
The initial setting is determined by the IP address obtained when first powered on.
Send DHCP requests if IP address is Auto IP (169.254.x.x) or Legacy Default IP
(IPv4 only) A checkbox is used to specify whether DHCP requests will be periodically transmitted when a legacy default IP address 192.0.0.192 or link-local IP address 169.254.x.x has been automatically assigned.
Clear the checkbox to disable DHCP requests.
Check the checkbox (default) to enable DHCP requests.
Use Stateless DHCPv4 When Manually Configured
(IPv4 only) A checkbox is used to allow additional IPv4 parameters to be automatically configured from a DHCPv4 server even when the print server is statically configured (such as a manually configure IP address, subnet mask and default gateway).
Clear the checkbox to disable stateless DHCPv4 configuration.
Check the checkbox (default) to enable stateless DHCPv4 configuration.
TTL/SLP
(IPv4 only) Specifies the IP multicast Time To Live (TTL) discovery setting for Service Location Protocol (SLP) packets. The default value is 4 hops (the number of routers from the local network). The range is 1–15. If set to −1, multicast capability is disabled.
For print servers configured for Auto IP (link-local) addresses, this field will be ignored. TTL on outbound packets will always be set to 255 and limited to the link-local network.
Syslog Server
(IPv4 only) Specifies the IP address of a host computer that is configured to receive syslog messages from the HP Jetdirect print server. If a Syslog Server is not specified, syslog messages are disabled.
Syslog Maximum Messages
(IPv4 only) Specifies the maximum number of syslog messages that can be sent by the HP Jetdirect print server on a per-minute basis. This setting allows administrators to control the log file size. The default is 10 per minute. If set to zero, no maximum number is defined.
Syslog Priority
(IPv4 only) Controls the filtering of syslog messages that are sent to the syslog server. The filter range is 0 to 7, with 0 being the most specific and 7 being the most general. Only messages that are lower than the filter level specified (that is, higher in priority) are reported. The default value is 7 which reports all syslog messages. A value of 8 disables syslog reporting.

Network Settings

The Network Settings pages allow you to set or change configuration parameters for IPX/SPX, AppleTalk, DLC/LLC, and SNMP protocols. To assign a parameter setting, enter the desired value and click Apply.
note:
The features displayed depend on the print server. Value-featured print servers provide limited protocol support.

IPX/SPX

The IPX/SPX tab allows you to configure IPX/SPX (Internet Packet Exchange/Sequenced Packet Exchange) parameters on the HP Jetdirect print server. IPX/SPX protocols are used for operation on a Novell NetWare or IPX/SPX-compatible network (such as a Microsoft network). See the IPX/SPX table below for a description of items on this page.
  caution:
If you are using direct-mode printing over IPX/SPX on a Microsoft network, do not disable IPX/SPX.
For a Novell NetWare network:
  • The embedded Web server may be used to select Queue Server Mode parameters in a Novell Directory Services (NDS) environment.
  • You cannot create the NDS print server, printer, and queue objects using the embedded Web server. To create these objects, use other available tools or utilities.
IPX/SPX Tab Settings
Item
Description
IPX/SPX Enable
Enables or disables the IPX/SPX protocols on the HP Jetdirect print server. If the checkbox is empty, IPX/SPX is disabled.
IPX/SPX Frame Type
Specify the IPX/SPX frame type to be used by the HP Jetdirect print server on your network. After a frame type has been configured, all others will be counted and discarded.
  • All Frame Types (Auto): senses all frame types and configures the first one detected (default).
  • Ethernet 802.3 (EN_8023): limits the frame type to IPX over IEEE 802.3 frames.
  • Ethernet II (EN_II): limits the frame type to IPX over Ethernet frames.
  • Ethernet 802.2 (EN_8022): limits the frame type to IPX over IEEE 802.2 with IEEE 802.3 frames.
  • Ethernet SNAP (EN_SNAP): limits the frame type to IPX over SNAP with IEEE 802.3 frames.
SAP Interval
Specifies the time interval (in seconds) that the HP Jetdirect print server waits to send Service Advertising Protocol (SAP) messages, which are broadcast to advertise its service capabilities on a Novell NetWare network. To disable SAP messages, use the value “0”. 60 is the default value.
Print Server Name
Specify a NetWare printer name for the HP Jetdirect print server (alphanumeric characters only). The default name is NPIxxxxxx, where xxxxxx are the last six digits of the HP Jetdirect print server's LAN hardware (MAC) address.
NDS Tree Name
Specify the name of the NDS tree for this device. The NDS (Novell Directory Services) tree name refers to the name of the organizational tree used by your network. To disable NDS support, leave this field blank.
NDS Context
The print server's NDS context refers to the NDS container or organizational unit that contains the print server object. Print queue and device objects can be located anywhere within the NDS tree, but the HP Jetdirect print server must be configured with the fully-qualified print server object name.
For example, if the print server object is found in the container “marketing.mytown.lj”, the fully qualified print server context name (CN) is:
“OU=marketing.OU=mytown.O=lj”
(where OU is an Organization Unit container and O is an Organization container within the NDS tree). The print server will also accept “marketing.mytown.lj”.
To disable NDS support, leave this field blank.
note:
NDS objects cannot be created by the embedded Web server.
Job Poll Interval
Specifies the time interval (seconds) that the HP Jetdirect print server will wait to check for print jobs in a print queue.
PJL Configuration
For Printer Job Language (PJL) parameters, enable (check) or disable (clear) the parameters provided:
  • Banner Page (for printing separator pages between print jobs)
  • End-Of-Job Notification (if received from the printer, an end-of-job message will be forwarded to a client application)
  • Toner Low Notification (if received from the printer, the HP Jetdirect print server will forward a “toner low” message to a client application)

AppleTalk

The AppleTalk tab allows you to configure selected AppleTalk settings on the HP Jetdirect print server. See the AppleTalk table below for a description of items on this page.
note:
The AppleTalk parameters displayed include the AppleTalk printer types that are advertised on the network.
The HP Jetdirect print server supports AppleTalk Phase 2 only.
AppleTalk Tab Settings
Item
Description
AppleTalk Enable checkbox
Enable (check) or disable (clear) the AppleTalk protocol on the print server. If AppleTalk is enabled, AppleTalk parameters stored on the print server are displayed.
note:
HP Jetdirect 635n print servers: except for TCP/IP, network protocols are disabled by factory default.
AppleTalk Name
Specify the name of the printer on the AppleTalk network. If you enter a name that is already assigned on your network, the AppleTalk name specified on the Jetdirect configuration page will be followed by a number to indicate that it is a duplicate.
Type
Identify the type of printer being advertised on the network. Up to two types can be displayed (for example, HP LaserJet and LaserWriter).
Zone
Select an available AppleTalk network zone for the printer. By default, the zone currently selected will be displayed.
Click the Refresh selected zone Info button to refresh the list of available zones.

DLC/LLC

Using the checkbox provided, you can enable (check) or disable (clear) the DLC/LLC (Data Link Control/Logical Link Control) protocols on the HP Jetdirect print server. If the checkbox is clear, DLC/LLC protocols are disabled.
note:
HP Jetdirect 635n print servers: except for TCP/IP, network protocols are disabled by factory default.

SNMP

You can specify or change the SNMP (Simple Network Management Protocol) parameters provided. See the SNMP table below for a description of items on this page.
  caution:
If you use HP Web Jetadmin to manage your devices, you should use HP Web Jetadmin to seamlessly configure SNMP v3 and other security settings on the print server.
Using the embedded Web server to create the SNMP v3 account will erase any existing SNMP v3 accounts. In addition, the SNMP v3 account information will need to be implemented on the SNMP management application. For more information, see SNMP v3.
SNMP Tab Settings
Item
Description
Enable SNMPv1/v2 read-write access
This option enables the SNMP v1/v2c agents on the print server. Custom community names can be configured to control management access to the print server.
An SNMP Set Community Name is a password to be able to configure (or “write”) SNMP information on the HP Jetdirect print server.
An SNMP Get Community Name is a password to retrieve (or “read”) SNMP information on the HP Jetdirect print server.
An incoming SNMP SetRequest or GetRequest command must contain the appropriate Set or Get community name before the print server will respond.
A community name must be ASCII characters and can be up to 255 characters long.
To restrict access, the default Get community name “public” can be disabled by checking the checkbox provided.
note:
If “public” is disabled, some port monitors or discovery utilities may not operate properly.
Enable SNMPv1/v2 read-only access
This option enables the SNMP v1/v2c agents on the print server, but limits access to read-only. Write-access is disabled. The default Get community name “public” is automatically enabled.
Disable SNMPv1/v2
This option disables the SNMP v1/v2c agents on the print server, which is recommended for secure environments. If SNMP v1/v2c is disabled, some port monitors or discovery utilities may not operate properly.
Enable SNMPv3
(Full-featured HP Jetdirect print servers only) This option enables (check) or disables (clear) the SNMP v3 agent on the print server.
When enabled, an SNMP v3 account must be created on the print server, and the account information must be implemented on the SNMP v3 management application. You may create an account by providing the following information:
User Name: the SNMP v3 account user name.
Authentication Key: a 16-byte hexadecimal value for authenticating the SNMP packet contents using the Message Digest Algorithm 5 (MD5, RFC 1321).
Privacy Key: a 16-byte hexadecimal value for encrypting the data portion of the SNMP packet using the Data Encryption Standard (DES) algorithm.
Context Name: the view context in which this user can access SNMP objects. It is always “Jetdirect”.

Other Settings

This item provides access to a variety of management and printing configuration options. The following tabs are provided:
  • Misc. Settings: for enabling miscellaneous advanced protocols and functions
  • Firmware Upgrade: to update your HP Jetdirect print server with new features and enhancements
  • LPD Queues: for setting up print queues used in printing under LPD (line printer daemon) printing services
  • USB Settings: (external print servers only) to configure Universal Serial Bus connection parameters
  • Support Info: to set up the Support link located under Other Links in the left margin
  • Refresh Rate: to set the time interval (in seconds) for embedded Web diagnostic page updates

Misc. Settings

The Misc. Settings (Miscellaneous Settings) parameters allow you to set a variety of advanced protocols and features, as described below..
Miscellaneous Settings
Item
Description
SLP Config
Enable or disable SLP (Service Location Protocol), used by selected client application software to automatically discover and identify the HP Jetdirect print server.
If SLP will use multicast protocols, Multicast IPv4 must be enabled.
Telnet Config
Enable or disable access to HP Jetdirect configuration parameters using Telnet.
Bonjour
Enable or disable Bonjour services (formerly listed as Multicast Domain Name System, or mDNS, services). Bonjour is typically used for IP address and name resolution (through UDP port 5353) where a conventional DNS server is not used.
For Bonjour operation, Multicast IPv4 must be enabled.
Multicast IPv4
Enable or disable the receipt and transmission of IP version 4 multicast packets by the print server. If this parameter is disabled, other protocols that use multicast protocols, such as Bonjour and SLP, may also be disabled without notification.
note:
If this parameter is disabled, other protocols that use multicast protocols, such as Bonjour and SLP, may also be disabled without notification.
9100 Config
Enable or disable port 9100 services. Port 9100 is an HP-proprietary raw TCP/IP port on the HP Jetdirect print server and is the default port for printing. It is accessed by HP software (for example, the HP Standard Port).
FTP Printing
Enable or disable File Transfer Protocol services available on the HP Jetdirect print server for printing.
LPD Printing
Enable or disable the Line Printer Daemon services on the HP Jetdirect print server. LPD on the HP Jetdirect print server provides line printer spooling services for TCP/IP systems.
IPP Printing
Enable or disable the Internet Printing Protocol on the HP Jetdirect print server. If the printer is properly connected and accessible, IPP allows printing to this device over the Internet (or intranet). A properly configured IPP client system is also required.
HP XML Services
Enable or disable access by HP Web service applications to XML-based data on the HP Jetdirect print server.
Web Services Print
Enable or disable the Microsoft Web Services for Devices (WSD) Print services supported on the HP Jetdirect print server.
WS-Discovery
Enable or disable the Microsoft Web Services Dynamic Discovery (WS Discovery) protocols on the print server.
Link settings
(For wired 10/100/1000T Ethernet) Sets the print server's link speed (10, 100, 1000 Mbps) and communication mode (Full- or Half-Duplex). The available link-speed selections depend on the print server model. The selections that may be displayed are listed below.
  caution:
If you change the link setting, network communications with the print server and network device may be lost.
  • AUTO (default): The print server uses auto-negotiation to configure itself with the highest link speed and communication mode allowed. If auto-negotiation fails, either 100TX HALF or 10TX HALF is set depending on the detected link speed of the hub/switch port. (A 1000T half-duplex selection is not supported.)
  • 10T-Full: 10 Mbps, Full-duplex operation.
  • 10T-Half: 10 Mbps, half-duplex operation.
  • 100TX-Full: 100 Mbps, full-duplex operation.
  • 100TX-Half: 100 Mbps, half-duplex operation.
  • 100TX-AUTO: Limits auto-negotiation to a maximum link speed of 100 Mbps.
  • 1000T FULL: 1000 Mbps, full-duplex operation.
Locally Administered Address
Specifies a locally administered address (LAA) that replaces the factory-assigned LAN Hardware (MAC) address. If LAA is used, a user-specified string of exactly 12 hexadecimal digits must be entered.
For Ethernet print servers, the LAA address must start with hexadecimal X2, X6, XA, or XE, where X is any hexadecimal digit 0 through F.
The default address is the factory assigned address.
Syslog Facility
Specify the encoded source facility of a message (for example, to identify the source of selected messages during troubleshooting). By default, the HP Jetdirect print server uses LPR as the source facility code, but local user values of local0 through local7 can be used to isolate individual or groups of print servers.
HTTP Idle Timeout
Specifies the length of time after which an idle HTTP connection will be closed. The HTTP Idle Timeout applies to the time after an HTTP request or response has completed. The valid range is 5 to 60 seconds. The default value is 15.
If zero (0) is specified, this parameter is disabled, and the TCP/IP idle timeout value is used.
Fax Idle Timeout
Specifies the length of time after which an idle FAX connection will be closed. The timeout applies to the time after a FAX request or response has completed. The valid range is 0 to 300 seconds. The default value is 300.
On fatal error
(Supported external print servers only) Specify the print server's action when it detects a fatal error during operation with the attached device:
  • Halt (default): The print server's networking operation is suspended. User intervention will be required.
  • Reboot: The print server will restart, similar to when the print server is powered off/on.
Error page type
(Supported external print servers only) Specify the type of diagnostic page that will automatically print on a fatal error.
  • Basic (default): A Default Diagnostic Page will print. It is a single page containing an error summary in user-readable form.
  • Full: Up to five pages of full diagnostic information will be printed.; These pages will contain detailed status of the print server at the time the error was detected. HP support personnel may be required to interpret the pages.
  • None: A diagnostic page will not be printed.
Dynamic Raw Port Setting
Allows additional ports to be specified for printing to TCP port 9100. Valid ports are 3000 to 9000, which are application-dependent.
Disable listening on these ports
note:
If available, this item may be superseded or overridden by the IPsec/Firewall policy configuration, if Firewall or IPsec features are supported..
For security purposes, two fields allow you to disable services on the printer that use the network. In each field, you must specify the port numbers that are used for network communications with those services. Up to five ports may be specified in each field (for example, [5, 10, 40, 20, 50]). The valid range for port numbers is 1 through 65535.
Streams: In this field, enter port numbers of services that pass data streams. Data streams use Transport Control Protocol (TCP) to guarantee data delivery.
Datagrams: In this field, enter port numbers of services that pass datagrams. Datagrams, typically used for broadcast messages, use the User Datagram Protocol (UDP), a connectionless protocol where delivery and error recovery are not guaranteed.
Bonjour Highest Priority Service
Specifies the Bonjour highest priority service to use for printing. To set this parameter, choose one of the following printing options:
9100 Printing: Raw IP printing through HP-proprietary port 9100.
IPP Printing: Internet Printing Protocol printing.
LPD Printing (RAW): Default LPD raw queue printing.
LPD Printing (TEXT): Default LPD text queue printing.
LPD Printing (AUTO): Default LPD auto queue printing.
LPD Printing (BINPS): Default LPD binary PostScript queue printing.
LPD Printing (<user-defined>): Up to 5 user-specified LPD queues will be listed if they have been configured, where <user-defined> is the name of the user-specified LPD print queue.
The default selection will depend on the printer, typically 9100 Printing or LPD Printing (BINPS).

Firmware Upgrade

For print servers that support firmware upgrades, this page allows you to upgrade the print server with new features.
The firmware upgrade file for the print server must be available on your system. To identify and retrieve the appropriate upgrade file, visit HP online support at:
On that page, do the following:
  1. Locate the print server model (or product number) and the upgrade file.
  2. Check the upgrade file version and verify that it is more recent than the print server's installed version. If it is, then download the file. If not, then you do not need to upgrade.
To upgrade the print server using the embedded Web server:
  1. Enter the path to the upgrade file or click Browse to locate it.
  2. Then click Upgrade Firmware.

LPD Queues

The LPD Queues page allows you to specify LPD (line printer daemon) print queues on the Jetdirect print server.
LPD printing must be enabled on the print server before you can set LPD queues. If LPD is disabled, go to the Misc. Settings tab to enable it.
If LPD printing is enabled, ten different named print queues are available. Four of these queues are configured automatically and their parameters cannot be changed. The remaining six queues can be defined by the user.
note:
Value-based print servers do not support user-defined LPD queues.
The six user-defined queues can be set up with character strings—such as job control commands—that are automatically added before or after the print job. You can define up to eight named strings, and you can set up each queue so that any of these named strings precedes the print data (“Prepend String Name”) or follows the print data (“Append String Name”).
LPD Queue Parameters for setting up LPD queues are described below.
LPD Queues Tab Settings
Item
Description
Queue Name
Name of the user-defined queue. This name can be up to 32 characters long, and can consist of any displayable ASCII characters. You can define up to six user-defined queues.
  caution:
Avoid the differentiation of queue names through the use of lower- and upper-case characters only. Otherwise, management of LPD queues by other tools (such as Telnet) may yield unpredictable results.
Prepend String Name
Enter the name of one or more strings to be added before (or prepended to) the print data. You specify string names and values in the table at the bottom of the page.
To prepend a long string, multiple string names may be concatenated, that is, entered and separated by a “+” character. For example, to prepend a long string that has been divided into two separate strings, enter:
<stringname1>+<stringname2>
where stringname1 and stringname2 are specified as two separate string names with different values.
Append String Name
Enter the name of one or more strings to be added after (or appended to) the print data. You specify string names and values in the table at the bottom of the page.
To append a long string, multiple string names may be concatenated, that is, entered and separated by a “+” character. For example, to append a long string that has been divided into two separate strings, enter:
<stringname1>+<stringname2>
where stringname1 and stringname2 are specified as two separate string names with different values.
Queue Type
Processing instruction for the queue. Choose from these four queue types:
  • RAW: No processing. The line printer daemon treats the data in a raw queue as a print job that has already been formatted in PCL, PostScript, or HP-GL/2, and sends it to the printer without modification. (Note that any user-defined Prepend or Append string will be added to the job in the appropriate position.)
  • TEXT: Carriage return added. The line printer daemon treats data in text queues as unformatted or ASCII text, and adds a carriage return to each line before sending it to the printer.
  • AUTO: (Automatic) The line printer daemon uses auto-sensing to determine whether the print data should be sent as raw or text.
  • BINPS: (Binary PostScript) This instructs the PostScript interpreter that the print job is to be interpreted as Binary PostScript data.
Default Queue Name
Name of the queue to be used if the queue specified for a print job is unknown. By default, the Default Queue Name is AUTO.
String Name
Name of a character string. You may define up to eight character strings for use in LPD queues; this parameter names the string, and the Value parameter defines the content of the string. Prepend and Append string names (specified in the table at the top of the browser window) must be chosen from the names specified here. The string name can be up to 32 characters long, and can consist of any ASCII characters that can be displayed.
Value
The content of the string. The String Name parameter names the string; the Value parameter defines its content. When a string name is specified for a prepend or append string (as defined in the table at the top of the browser window), the line printer daemon sends the value of that string to the printer before or after the print data (as appropriate).
Character values can be anywhere in the extended ASCII range of 0 to 255 (hex 00 to FF). You can specify a non-printing character using its hexadecimal value, by entering a backslash (\) followed by two hexadecimal characters. For example, to enter the escape character (hex 1B), type in \1B. If your string includes the backslash character itself, specify it as \5C. The maximum number of characters you can type into this field is 240. The characters in the field are checked for hexadecimal values, converted if necessary, and stored internally. The maximum number of characters stored internally in the string is 80; any characters that exceed this are discarded.
To set up a user-defined print queue, you first define the strings, assign them as prepend or append strings, and define the queue type. Once you have defined an LPD queue, you specify its use by setting up an LPD printer that uses that queue. For instance, if you set up string “a” with a value of “abc” and string “z” with a value of “xyz”, you can define print queue “az_queue” with a prepend string of “a”, an append string of “z”, and a queue type of “RAW”. Then, when you send a print job consisting of <formatted_text> through queue az_queue, the job sent to the printer is “abc<formatted_text>xyz”.
Instructions for setting up an LPD printer are different for different operating systems.
Example. If you had an LPD printer and wanted to reset it at the start of each print job, you could set up a user-defined print queue named “clear_printer” that issues a PCL reset command (Escape-E) at the beginning of each job. You could set this up as follows:
First, set up the print queue:
  1. Name a string: Type “reset_string” into the String Name field in row 1.
  2. Define the string's value: Type “\1BE” (Escape-E) into the Value field in row 1. (Alternatively, you could type “\1B\45”.)
  3. Name the queue: Type “clear_printer” into the Queue Name field in row 5.
  4. Set up the prepend string: Type “reset_string” into the Prepend String field in row 5.
  5. Leave the Append String field in row 5 blank.
  6. Set the queue type: Using the pull-down menu, set the Queue Type field in row 5 to “RAW”.
Then, set up the printer to use the queue, making sure to specify “clear_printer” when asked for a queue name. After that, any print jobs sent to the printer—either from the server or from a client computer that has set up that printer—will include a reset command at the beginning of the job.

USB Settings

If the HP Jetdirect external print server provides a USB connection to the network device (such as a USB printer), a link to USB configuration parameters will be displayed.
USB Settings Tab
Item
Description
USB Speed
(Read-only parameter, for USB 2.0 print servers only). Specifies the autonegotiated communication speed over the USB connection between the print server and the device.
  • Full Speed: 12 Mbits/sec as specified in the USB v2.0 specifications, compatible with USB v1.1 specifications.
  • Hi-Speed: 480 Mbits/sec for USB v2.0 devices only.
  • Disconnected: The USB port is not connected.
Preferred USB Communication Mode
Select the highest level of USB communication capabilities when the print server tries to establish a communication level with the printer. If you change the current setting, unplug and then reconnect the USB cable, or power the print server off/on, to activate it.
  • AUTO (default): The print server will automatically attempt to set the highest level available, starting with multiple interface (composite) USB devices, followed by IEEE 1284.4 and Multiple Logical Changes (MLC). If not successful, subsequent levels are attempted.
  • IEEE 1284.4: This level allows multiple channels of simultaneous print, scan, and status communication, but without composite USB support. If not successful, subsequent levels are attempted.
  • Multiple Logical Channels (MLC): The next level is MLC, an HP-proprietary protocol that allows multiple channels of simultaneous print, scan, and status communication.
  • Bidirectional: This level provides basic two-way printer communications. Print data is sent to the printing device, and status information is returned from the printing device.
  • Unidirectional: This is the lowest communication level and provides one-way printer communication from the print server to the printing device.
The communication level set by the print server is reported on the Jetdirect configuration page.
Status Page Language
Select the Page Description Language (PDL) for the Jetdirect configuration page data sent to the printer. Available options include PCL, ASCII, PostScript and HPGL2.
When set to AUTO (default), the print server automatically attempts to detect and select a language supported by the device. Typically, HP-PCL is selected if available.

Support Info

Use this page to configure links for Support assistance. You can designate a Support person and phone number of an administrator for this device, as well as URL addresses for Web-based product and technical support.

Refresh Rate

The refresh rate is the time period (in seconds) that the diagnostic pages will be automatically updated. The value ‘0’ disables the refresh rate.

Privacy Settings

On the Privacy Settings page, you can allow the embedded Web server to collect product identification and use information and then send the information to HP (Internet access is required). Product use information assists HP in improving product features and services. The default setting for this page will depend on the user's selection on initial access to the Networking tab.
To enable this feature, check the checkbox and click Apply.
To disable this feature, clear the checkbox and click Apply.

Select Language

This link appears if the HP Jetdirect Web pages support multiple languages. Supported languages may also be selected through language preference settings in your browser (see your browser's Help).
To display supported non-English languages, the use of cookies must be enabled in your browser settings.

Security: Settings

In the SECURITY section, the Settings menu provides access to the following tabs: Status (default), Wizard, Restore Defaults. The available settings depend on your particular print server model.

Status

The Status page displays the current security configuration settings of the print server. The settings that will be displayed depend on the features supported by the print server.

Wizard

note:
If you use HP Web Jetadmin to manage your devices, you should not use this wizard. Instead, use HP Web Jetadmin to configure your network security settings to ensure they are properly set for your network.
Select the Wizard tab to open the initial Wizard page. If prompted with security alerts, click Yes to proceed.
The Wizard page identifies the current security level that was last configured on the print server. If security settings have not been configured, the security level will be None. The security level will be Custom if security settings do not match those for Basic or Enhanced levels. For example, if HTTPS is required for access to the networking pages, and that is the only security setting configured, then the default setting will indicate Custom.
This page also allows you to run the HP Jetdirect Security Configuration Wizard to configure or change the current security level. This wizard will guide you through the print server's security configuration settings for your network. Click Start Wizard to run the wizard. This opens the Security Level page.
The optional configuration parameters presented by the wizard will depend on your choice of security level. For an overview, see the table below.
note:
If you improperly exit the wizard (for example, by failing to use the Cancel button), an Operation Failed screen may appear. If so, wait approximately two minutes before entering the wizard again.
Wizard Security Levels
Security Level
Description
Basic Security
This option requires that you configure an administrator password for configuration management. The administrator password is shared with other management tools, such as Telnet and SNMP applications. However, some management tools, such as Telnet, use plain-text communications and are not secure.
The Administrator Account page is used to enter the administrator password. The administrator password will also be used as the SNMP v1/v2 Set Community Name for SNMP management applications.
note:
To clear the administrator password, apply blank entries using Custom Security, or refer to the Admin. Account page accessed through the Authorization menu.
The Configuration Review page displays all the current settings that may affect security. Click Finish to set your basic security selections.
Enhanced Security (Recommended)
This option adds to Basic Security by automatically disabling management protocols that are do not use secure, encrypted communications (such as Telnet and FTP firmware updates, RCFG, SNMP v1/v2c). To change individual protocol settings, see Mgmt. Protocols.
The Administrator Account page is used to enter the administrator password.
note:
To clear the administrator password, apply blank entries using Custom Security, or refer to the Admin. Account page below.
SNMP Configuration pages are used to configure specific SNMP settings:
  • Enable SNMPv3: (Full-featured print servers only) Enable SNMP v3 and create an SNMP v3 account. Creating an SNMP v3 account is not recommended if you manage devices using HP Web Jetadmin. See SNMP.
  • Enable SNMPv1/v2 read-only access: Enable this option to allow support of current tools that rely on SNMP v1/v2 for device discovery and status.
The Configuration Review page displays all the current settings that may affect security. Click Finish to set your basic security selections.
Custom Security
This option allows you to manually set all available security settings supported by your print server. For more information on specific parameters and selections, see the information for the Mgmt. Protocols and Authorization menu pages.
The Administrator Account page is used to enter the administrator password.
note:
To clear the Administrator Password, enter blank entries, or refer to the Admin. Account page below.
The Web Mgmt. page is used for HTTPS (secure HTTP) configuration, including certificates and encryption levels.
The Management Tools page allows configuration of management protocols that are not secure (such as RCFG, Telnet and FTP firmware updates).
SNMP Configuration pages are used to configure specific SNMP settings:
  • Enable SNMPv1/v2: Enable this option to allow management software that use SNMP v1/v2. If selected the SNMPv1/v2 Configuration page is displayed to configure SNMP community names.
  • Enable SNMPv3: (Full-featured print servers only) Enable this option to create an SNMP v3 account. Creating an SNMP v3 account is not recommended if you manage devices using HP Web Jetadmin. See SNMP.
The Access Control page is used to set up an Access Control List, if desired to control host access to the device. This feature is available on selected full-featured print servers only.
The Print Protocols and Services page is used to enable or disable network printing, print services, and device discovery protocols that may affect security.
The Configuration Review page displays all the current settings that may affect security. Click Finish to set your basic security selections.

Restore Defaults

This page is used to restore the configuration parameters listed to factory default values. The parameters displayed depend on the features supported by the print server.
Only the configuration settings listed are restored to factory defaults, other configuration settings are not affected.

Authorization

The Authorization page provides tabs that allow you to control access to the device, as well as to device configuration and management features. In addition, you may configure certificates for client and server authentication.

Admin. Account

Use this page to set an administrator password for controlled access to Jetdirect configuration and status information. The administrator password is shared by Jetdirect configuration tools, such as the embedded Web server, Telnet, and HP Web Jetadmin. In addition, for selected printers, the password is shared with the printer (see Printer Password Synchronization below).
If a password is set and you attempt to access Jetdirect print server settings, you will be prompted for a user name and this password before you are allowed access.
note:
If you have logged into the print server using an administrator password, the administrator password may be cleared by applying blank entries, or by a cold reset of the print server to factory-default settings.
A checkbox allows you to synchronize HP Web Jetadmin and the SNMP v1/v2c Set Community Name. If you enable this feature (the checkbox is checked), the administrator password will also be used as the SNMP Set Community Name for SNMP v1/v2c management applications.
note:
If you subsequently change the SNMP Set Community Name (for example, using the SNMP tab on the Network Settings page or from Web Jetadmin), the two settings will no longer be synchronized.
Printer Password Synchronization
(EIO and embedded print servers only) Most printers provide password-protected access to printer configuration and status settings. The password is set through security Web pages provided by the printer. For these printers, the administrator password for the printer and the Jetdirect print server are synchronized so that the same password is used to access both printer and networking configuration pages. For printers that support password synchronization, the same password is used regardless of the embedded Web server page (printer security pages, or the Jetdirect Admin. Account page) in which the password was set.
If password synchronization is lost on these printers, recovery may require one of the following procedures:
  • Restore both the printer and the Jetdirect print server to factory-default states (for example, through a cold-reset), and then reconfigure your settings.
  • Manually set the same administrator password using both the printer security page and the Jetdirect Admin. Account page.

Certificates

This tab provides access to installation, configuration and management services for X.509v3 digital certificates. A digital certificate is an electronic message typically containing, among other things, a key (a short string used for encryption and decryption) and a digital signature. Certificates may be issued and signed by a trusted third party (commonly called a Certificate Authority, or CA), which may exist internal or external to the organization. Or certificates may be “self-signed”.
note:
While self-signed certificates are permitted and allow data encryption, they do not ensure valid authentication. A self-signed certificate is similar to validating your own identity.
The Certificates page provides the status of the certificates installed on the HP Jetdirect print server:
  • Jetdirect certificate. The Jetdirect certificate is used to validate the identity of the Jetdirect device to clients and to network authentication servers.
    By factory default, a self-signed Jetdirect certificate is pre-installed. This allows the embedded Web server to use HTTPS and appear as a secure site when accessed by a Web browser.
    Click View to view the contents of an installed Jetdirect certificate, or click Configure to update or install a new one. See Configuring Certificates.
    When installed, a Jetdirect certificate will be saved across a cold-reset, which is used to restore the print server to factory-default values.
  • CA Certificate. (Full-featured print servers only) A certificate from a trusted third party, or Certificate Authority (CA), is used to validate the identity of a network authentication server during 802.1X authentication methods that use EAP (Extensible Authentication Protocol). The authentication server's identity is validated when information on the CA certificate matches the information on a certificate received from the authentication server.
    A CA certificate for the print server is a certificate that was used to sign the authentication server's certificate. Therefore, the Certificate Authority for the authentication server's certificate must also be used for the CA certificate.
    Click View to view the contents of an installed Jetdirect certificate, or click Configure to update or install a new one. See Configuring Certificates.
    A CA certificate is not saved when the print server is reset to factory-default values.

Configuring Certificates

When you click Configure, a certificate management wizard will help you update or install a certificate. The screens displayed will depend on the type of certificate (Jetdirect or CA) and your selections. The table below provides a description of the screens and configuration parameters that may appear.
note:
If you improperly exit Certificates configuration (for example, by failing to use the Cancel button), an Operation Failed screen may appear. If so, wait approximately two minutes before entering the wizard again.
Certificate Configuration Screens
Certificate Options screen. The options provided will depend on your print server model. Choose an option.
  • Update Pre-Installed Certificate. Use this option to update the pre-installed, self-signed certificate. When updated, the pre-installed certificate is overwritten. You may update the following item:
    Certificate Validity Period
    With self-signed certificates, the browser will identify the certificate as self-signed for each new Web session and may cause a security alert message. This message can be bypassed if the user adds it to their browser's certificate store or disables browser alerts (not recommended).
    Self-signed certificates are not necessarily secure because the certificate owner is merely confirming his own identity instead of verification by a trusted third party. Certificates from a trusted third party are considered more secure.
  • Create Certificate Request. Using this option, you are prompted for specific device and organizational information in the following screen:
    Certificate Information
    This option may be used, for example, when an authentication protocol requires that a Jetdirect certificate issued by a trusted third party or Certificate Authority be installed.
  • Install Certificate. This option is displayed only if there is a Jetdirect certificate request (to a trusted third party) pending. When received, the certificate is installed using this option. Once installed, this certificate overwrites the preinstalled certificate. Using this option, you are prompted for information in the following screen:
    Install Certificate
    The certificate to be installed must be associated with a previous certificate request generated by the embedded Web server.
  • Install CA Certificate. (Full-featured print servers only) This option is provided when you click Configure for a CA certificate, which must be installed for selected authentication protocols. Using this option, you are prompted for information in the following screen:
    Install Certificate
  • Import Certificate and Private Key. This option allows you to import a previously acquired and known certificate as the Jetdirect certificate. If you import a certificate, the currently installed certificate will be overwritten. Using this option, you are prompted by the following screen:
    Import Certificate and Private Key
  • Export Certificate and Private Key. This option allows you to export the Jetdirect certificate currently installed on the print server for use on other print servers. Using this option, you are prompted by the following screen:
    Export the Jetdirect certificate and private key
  • Delete CA Certificate. (Full-featured print servers only) This option is used to remove the CA certificate installed on the Jetdirect print server. This option appears when a CA certificate for EAP authentication has been installed.
      caution:
    If the CA Certificate is deleted, EAP authentication will be disabled and network access will be denied.
    The CA Certificate will also be removed on a cold-reset of the print server, where factory-default settings are restored.
Certificate Validity screen. Use this screen to specify how long the Jetdirect self-signed certificate will be valid.
  • This screen appears only when a self-signed certificate is pre-installed and you click Edit Settings to update the validity period. It specifies the current Coordinated Universal Time (UTC). UTC is a time scale maintained by the International Bureau of Weights and Measures. It adjusts for differences between Greenwich Mean Time and atomic time. It is set at 0 degrees longitude on the prime meridian.
    The Validity Start Date is calculated from the PC's clock settings.
    The Validity Period specifies the number of days (1 to 3650) that the certificate is valid, starting from the Validity Start Date. A valid entry (1 to 3650) is required. The default is 5 years.
Certificate Information screen. Use this page to enter information for requesting a certificate from a Certificate Authority.
  • Common Name. (Required) For HP Jetdirect print servers, specify the fully qualified domain name or a valid IP address for the device.
    Examples:
    Domain Name: myprinter.mydepartment.mycompany.com
    IP address: 192.168.2.116
    The Common Name will be used to uniquely identify the device. For HP Jetdirect print servers using EAP authentication, some authentication servers may need to be configured with the Common Name as specified on the certificate.
    If the default IP address 192.0.0.192 is configured on the Jetdirect print server, it will not likely be valid for your network. You should not use this default address to identify your device.
  • Organization. (Required) Specify the full legal name for your company.
  • Organizational Unit. (Optional) Specify your department, division, or other subgroup of your organization.
  • City/Locality. (Required) Enter the city or locality in which your organization is located.
  • State/Province. (Required for all countries/regions) Must contain at least three characters. (required)
  • Country/Region. Two-character ISO 3166 country/region code. For example, use “gb” Great Britain or “us” for USA (required).
Install Certificate or Install CA Certificate screens.
Use the Install Certificate screen to install a Jetdirect certificate. (The Install Certificate option will not be presented if there is no pending request).
Use the Install CA Certificate screen to install a trusted Certificate Authority (CA) certificate for use during EAP authentication. (Full-featured print servers only)
  • Install a PEM/Base64 (Privacy Enhanced Mail) encoded certificate.
    To install a certificate, specify the name and path of the file that contains the certificate. Or, click Browse to browse your system for the file.
    Click Finish to complete the installation.
    To install a certificate, it must be associated with a pending certificate request by the embedded Web server.
Import Certificate and Private Key screen. Use this screen to import a Jetdirect certificate and private key.
  • Import a Jetdirect certificate and private key. When imported, the existing certificate and private key will be overwritten.
    The file format must be PKCS#12 encoded (.pfx).
    To import a certificate and private key, specify the name and path of the file that contains the certificate and private key. Or, click Browse to browse your system for the file. Then enter the password that was used to encrypt the private key.
    Click Finish to complete the installation.
Export the Jetdirect certificate and private key screen. Use this screen to export the installed Jetdirect certificate and private key to a file.
  • To export a certificate and private key, enter a password that will be used to encrypt the private key. You must enter the password again to confirm it. Then click Save As to save the certificate and private key in a file on your system. The file format will be PKCS#12 encoded (.pfx).

Access Control

note:
If this feature is supported on the print server and device, it is limited to IPv4 networks. If the IPsec/Firewall feature is available, it is recommended for use in place of the Access Control List for improved security and performance.
Use this tab to display the Access Control List (ACL) on the HP Jetdirect print server. An access control list (or host access list) specifies individual host systems, or networks of host systems, that will be allowed to access the print server and the attached network device. Up to 10 entries can be included on the list. If the list is empty (no hosts are listed), any supported system can access the print server.
By default, hosts with HTTP connections (for example, through the embedded Web server or the Internet Printing Protocol) are allowed access to the print server regardless of access control list entries. To disable access by HTTP hosts, clear the Allow Web Server (HTTP) access checkbox at the bottom of the list.
  caution:
Use caution when using the access control list. You may lose your ability to communicate with the HP Jetdirect print server if your system is not properly specified in the list, or access through HTTP is disabled.
Host systems are specified by their IPv4 addresses or network number. If the network contains subnets, an address mask may be used to identify whether the IP address entry designates an individual host system or a group of host systems.
Examples. See the table of sample entries below:
IP Address
Mask
Description
192.0.0.0
255.0.0.0
Allow all hosts with network number 192.
192.1.0.0
255.1.0.0
Allow all hosts on network 192, subnet 1.
192.168.1.2
Allow the host with IP address 192.168.1.2. The mask 255.255.255.255 is assumed and is not required.
To add an entry into the access control list, use the IP Address and Mask fields to specify a host, and click (check) the Save checkbox for that entry. Then click Apply.
To delete an entry from the list, clear the Save checkbox for that entry. Then click Apply.
To clear the entire access control list, clear all Save checkboxes, and click Apply.

Mgmt. Protocols

This link provides access to management communications and other protocols that affect security.

Web Mgmt.

Use this tab to manage communications with the embedded Web server from Web browsers.
Secure, encrypted Web-based communication is provided through the Secure HTTP (HTTPS) protocol. If configured to require HTTPS, the embedded Web server routes HTTPS communications through port 443, the well-known port for HTTPS traffic. Although ports 80, 280, or 631 continue for Internet Printing Protocol (IPP) use, other non-secure communications (HTTP) are redirected to HTTPS. Redirection of your browser to use HTTPS may be transparent depending on your browser's capabilities.
note:
IPP is not supported on value-based print servers.
By factory default, HP Jetdirect print servers and printers with IPsec support are configured to require HTTPS only.
Although not recommended, HTTPS and HTTP communications that are not secure can be allowed by clearing the Encrypt All Web Communication checkbox.
To support the use of HTTPS communications, a Jetdirect certificate must be installed. A factory-default, self-signed certificate is pre-installed for initial use. Click the Configure button to update the pre-installed certificate, or to install a new one. For more information, see Configuring Certificates.
The minimum encryption strength that will be allowed must be specified when using a Jetdirect certificate. You may select Low (default), Medium, or High encryption strength. For example, selecting Low will allow medium or high encryption levels to be used whereas selecting High will only allow high encryption levels.
For each encryption strength, ciphers are specified to identify the weakest cipher allowed.
note:
Cipher suites support different levels of encryption strength. The cipher suites currently supported for encryption and decryption are DES (Data Encryption Standard, 56-bit), RC4 (40-bit or 128-bit), and 3DES (168-bit).

SNMP

Use this tab to enable or disable SNMP v1, v2c and v3 agents on the print server, depending on the print server model. For a description of SNMP selections, see SNMP.

SNMP v3

Full-featured HP Jetdirect print servers include an SNMP v3 (Simple Network Management Protocol, version 3) agent, for enhanced SNMP security. The SNMP v3 agent employs a User-based Security Model for SNMP v3 (RFC 2574), which features user-authentication and data privacy through encryption.
The SNMP v3 agent is enabled when an initial SNMP v3 account on the print server is created. Once the account is created, any SNMP management application, if properly configured, can access or disable the account.
  caution:
If you use HP Web Jetadmin to manage your devices, you should use HP Web Jetadmin to seamlessly configure SNMP v3 and other security settings on the print server.
Using the embedded Web server to create the SNMP v3 account will erase any existing SNMP v3 accounts. In addition, the SNMP v3 account information will need to be implemented on the SNMP management application.
You may create the initial account by specifying the HMAC-MD5 authentication and CBC-DES data privacy encryption keys used by your SNMP v3 management application.
  caution:
You should disable Telnet and ensure secure embedded Web communications through HTTPS is enabled before creating the initial SNMP v3 account. This will help to prevent access or interception of account information over a connection that is not secure.
SNMP v1 and v2c agents can coexist with the SNMP v3 agent. However, to fully secure SNMP access, you should disable SNMP v1 and v2c.

Other

Use this tab to enable or disable various protocols supported by the print server for printing, print services, and management. See the table below.
Other Protocols
Item
Description
Enable Print Protocols
Enable or disable network protocols supported by the print server: IPX/SPX, AppleTalk, DLC/LLC. For example, you should disable unused protocols to prevent printer access using those protocols.
Because it uses TCP/IP, the embedded Web server does not allow disabling TCP/IP.
note:
HP Jetdirect 635n print servers: except for TCP/IP, network protocols are disabled by factory default.
Enable Print Services
Enable or disable various print services supported by the print server: port 9100, LPD (Line Printer Daemon), IPP (Internet Printing Protocol), FTP (File Transfer Protocol), Web Services Print (Microsoft Web Services for Devices Print services). Disable unused print services to prevent access through those services.
Enable Device Discovery
Enable or disable device discovery protocols supported by the print server:
SLP (Service Location Protocol).
If enabled (checked), the HP Jetdirect print server sends SLP packets, which are used by system applications for automated discovery and installation.
If disabled (cleared), SLP packets are not sent.
If SLP uses multicast protocols, Multicast IPv4 must be enabled.
Bonjour.
If enabled (checked), Bonjour services are provided. Bonjour is typically used on for IP address and name resolution (through UDP port 5353) where a conventional DNS server is not used.
For Bonjour operation, Multicast IPv4 must be enabled.
Multicast IPv4.
If enabled (checked), the print server will send and receive IP version 4 multicast packets. If this parameter is disabled, other protocols that use multicast protocols, such as Bonjour and SLP, may also be disabled without notification.
WS-Discovery Enable or disable the Microsoft Web Services Dynamic Discovery (WS Discovery) protocols on the print server.
Enable Management Protocols
Enable or disable Telnet access and the use of FTP to upgrade firmware on the print server. Telnet and FTP are not secure protocols and device passwords may be intercepted.
Enable or disable RCFG, a remote IPX configuration protocol used by older management tools to configure Novell NetWare parameters. Disabling RCFG does not affect direct mode printing using IPX/SPX.
Disabling Telnet, FTP firmware upgrades, and RCFG is recommended.

802.1X Authentication

(Full-featured print servers only) This page allows you to configure 802.1X authentication settings on the Jetdirect print server as required for client authentication on your network. In addition, you can reset the 802.1X authentication settings to factory-default values.
  caution:
Use caution when changing the 802.1X authentication settings; you may lose your connection. If communication with the printer/MFP device is lost, you may need to reset the print server to a factory-default state and then reinstall the device.
For most 802.1X networks, the infrastructure components (such as LAN switches) must use 802.1X protocols to control a port's access to the network. If these ports do not allow partial or guest access, the print server may need to be configured with your 802.1X parameters prior to connection.
To configure initial 802.1X settings before connecting to your network, you can use an isolated LAN, or a direct computer connection using a cross-over cable.
The supported 802.1X authentication protocols and associated configuration depend on the print server model and firmware version. Available configuration settings are listed in the following table.
802.1X Configuration Settings
Item
Description
Enable Protocols
Enable (check) the supported protocols used for 802.1X authentication on your network.
  • PEAP: (Protected Extensible Authentication Protocol). PEAP uses digital certificates for network server authentication and passwords for client authentication. PEAP requires an EAP User Name, EAP Password, and CA Certificate. Dynamic encryption keys are also used.
  • EAP-TLS: (Extensible Authentication Protocol using Transport Layer Security, RFC 2716). EAP-TLS is a mutual authentication protocol based on digital certificates for authentication of both the client and the network authentication server. EAP-TLS requires an EAP User Name, Jetdirect certificate and CA certificate. Dynamic encryption keys are also used.
User Name
Specify an EAP/802.1X user name (up to 128 characters maximum) for this device. The default user name is the default host name of the print server, NPIxxxxxx, where xxxxxx are the last six digits of the LAN hardware (MAC) address.
Password, Confirm Password
Specify an EAP/802.1X password (up to 128 characters maximum) for this device. Enter the password again in the Confirm Password field to ensure it was properly entered.
Server ID
Specify the Server ID validation string that identifies and validates the authentication server. The Server ID string is specified on the digital certificate issued by a trusted Certificate Authority (CA) for the authentication server. The entry may be a partial string (right-most characters) )unless the Require Exact Match checkbox is enabled.
Encryption Strength
Specify the minimum encryption strength that can be used during communications with the authentication server. You may select Low, Medium, or High encryption strength. For each encryption strength, ciphers are specified to identify the weakest cipher allowed.
Jetdirect Ceritificate
The Jetdirect certificate is used to validate the identity of the Jetdirect device to clients and to network authentication servers. A self-signed Jetdirect certificate is pre-installed. To install a replacement, click Configure.
CA Certificate
To validate the authentication server's identity, the authentication server's certificate or a CA (or “Root”) certificate must be installed on the print server. This CA certificate must be issued by the Certificate Authority who signed the authentication server's certificate.
To configure or install a CA certificate, click Configure.
Authentication Behavior: Reauthenticate on Apply
Enable (check) or disable (clear) this checkbox to control authentication when you click Apply on this page, assuming valid configuration entries have been made.
note:
This parameter does not apply to security or other configuration wizards. Changes to parameters through a wizard will always cause the print server to reauthenticate.
If disabled (default), the print server will not attempt reauthentication unless configuration changes cause the print server to disconnect and reconnect to the network.
If enabled, the print server will always try to reauthenticate using the configuration values set.
Restore Defaults
Click this button to restore 802.1X configuration settings to factory default values.

IPsec/Firewall

Use this page to configure and view the IPsec (Internet Protocol security) or Firewall policy for the print server. You can enable or disable IPsec/Firewall operation on the print server, and configure the default rule for IP packets that are not covered by IPsec/Firewall rules.
Rules that define the IPsec/Firewall policy are configured through an IPsec/Firewall wizard, which is run when you click Add Rules. For more information, see http://www.hp.com/support/jetdirect_ipsec36.

Network Statistics

This page is used to display counter values and other status information currently stored on the HP Jetdirect print server. This information is often useful to diagnose performance and operational problems associated with the network or network device.

Protocol Info

This page provides a list of various network configuration settings on the HP Jetdirect print server for each protocol. Use these lists to validate your desired settings.

Configuration Page

This page provides a view of the HP Jetdirect configuration page that contains a summary of HP Jetdirect status and configuration information.

Other Links

? (Help)

On Networking tab pages, click ? to display a Help page. This page provides a quick summary of the HP Jetdirect embedded Web server features. In the Help page, links to HP support documents that provide updated information are available (Internet access is required).

Support

The information displayed on the Support page depends on the values configured in the Support Info tab in the Other Settings menu. Support information may include the name and telephone number of a Support person, or Web links to Product and Technical Support pages. The default Web links include HP online support and HP product information Web pages (Internet access is required).