Steps to Setup and Secure an HP 40xx Printer

 

Setting up and securing HP printers involves the JetDirect Print Server. The 40x0s have 600N (J3113A) cards, and the 4550 has a 610N (4169A). The 610N has more options and is described after the 600N. Most configuration is done through telnet and through JetAdmin. Note: Tray 1 is usually the manual feed tray that folds out, and Tray 2 is the paper tray. A “cold reset” of an HP printer resets all settings – hold down [Go/Online] button while powering on. Mac name must be change with Mac HP Namer (see below).

Power cycle printer after changing settings.

 

1.     Determine printer IP name and number [por_lab_bw]

2.     Update JetDirect firmware to latest version – check HP website for latest version

• Install HP JetDirect Download Manager (already installed on PRS server and print stations)
• Run Download Manager Configurator:  set to use IP, set subnet mask
• Download/install/add printer firmware updates to Download Manager
• Run Download Manager

·       Specify device IP address

·      Add IP# of target printer, click “Add”, select IP in “Devices added” window, click “Done”

·       Select target print server (JetDirect card) – verify info

·       Click “Download”, then “continue”

·       View log to verify successful update

 

Steps to secure a JetDirect printer (also see doc “HP JetDirect - Making HP JetDirect Secure on the Network.htm”)

 

Telnet: (JetDirect 600N) [set local echo, transmit CR+LF]

Type "?" for HELP, "/" for current settings or "quit" to save-and-exit. Or type "exit" to exit without saving configuration parameter entries.

• Set telnet password: [password with no punctuation] (This password can be 16 characters in length, is case sensitive and can be saved across a power cycle. Resetting the JetDirect print server to factory defaults will erase the telnet password.)
• Set IP number (ip:#)
• Set IP host name: ‘host-name:SS1-LAB’ (all uppercase letters for IP name only, others are lowercase)
• Set SNMP community name:  ‘set-cmnty-name: [same password with no punctuation] ‘(password used by JetAdmin and WebAdmin)
• Set Syslog Server:  ‘syslog-svr:128.114.x.x’
• Set Banner:  disabled ‘banner:0’
• Set DHCP config off ‘dhcp-config:0’
• Disable unused protocols (DLC/LLC, Netware, LPR, AppleTalk, JetDirect, etc) -0 to disable, 1 to enable

·       ews-config (web configuration port 80)      

·       ipx/spx

·       dlc/llc

·       ethertalk

• Create allow list of IP addresses allowed to print/telnet/ftp to printer

·       allow: ip address, e.g., allow: 128.114.x.x

·       To view list – allow: list

·       To clear list – allow: 0

• Power cycle printer after changing settings

 

JetAdmin: (Use defaults unless specified below)

• Advanced

·       Security

·      Control Panel Lock:  Maximum

• Password:  Enable [same password with no punctuation – same as the Community Name]  (This “Device Password” is not case sensitive and is saved across a power cycle.)

• Power cycle printer after changing settings

 

From Web JetAdmin: (runs in Windows only, best with IE) (function disabled by ews-config setting above)

• Select “Device Server” tab

·       Select “Security” tab (both passwords should already be set just verify)

·      Set Administrator password:  [same password w/no punctuation]

·      Set Community name:  [same password with no punctuation]

• Power cycle printer after changing settings

 

From Mac: (if using EtherTalk)

• Set the AppleTalk configuration password numeric ONLY (use numeric part of tech password)

• Power cycle printer after changing settings

 

When using “HP JetDirect printing” port is TCP port 9100, not standard LPR port.

 

JetDirect 610N (4169a)

 

Telnet: (610N) [set local echo, transmit CR+LF]

Type "?" for HELP, "/" for current settings or "quit" to save-and-exit. Or type "exit" to exit without saving configuration parameter entries.

• Set telnet password: [standard tech password with no punctuation] (This password can be 16 characters in length, is case sensitive and can be saved across a power cycle. Resetting the JetDirect print server to factory defaults will erase the telnet password.)

• passwd-admin      <new-password> <retype-new-password>

• Set IP number
• Set IP host name: ‘SS1-LAB’ (all uppercase letters for IP name only, others are lowercase)
• Set SNMP community name:  [same password with no punctuation]
• Set Syslog Server:  syslog-svr:128.114.x.x
• sys-location      alpha-numeric string (255 chars max)
• sys-contact       alpha-numeric string (255 chars max)
• Set Banner:  disabled (banner:0)
• Disable unused protocols (DLC/LLC, Netware, LPR, AppleTalk, JetDirect, etc)

·       ipp-printing      0 to disable, 1 to enable (TCP port 631)

·       ftp-printing      0 to disable, 1 to enable (TCP port 20, 21)

·       lpd-printing      0 to disable, 1 to enable (TCP port 515)

·       9100-printing     0 to disable, 1 to enable (TCP port 9100)

·       slp-config        0 to disable, 1 to enable (UDP port 427)

·       ews-config        0 to disable, 1 to enable (TCP port 80)

·       ipx/spx

·       dlc/llc

·       ethertalk

• Create allow list of IP addresses allowed to print/telnet/ftp to printer

·       allow: ip address, e.g., allow: 128.114.x.x

·       To view list – allow: list

·       To clear list – allow: 0