[Notification] 802.1x authentication failed on wireless station with OS Windows 11 Pro ver 22H2
Zyxel Employee
Issue Description:
When a wireless station with OS Microsoft Win11 Pro 22H2 connects to the SSID with 802.1x enterprise security, the authentication fails.
Root Cause:
Microsoft Win 11 Pro 22 H2 uses TLSv1.3 protocol by default for 802.1x authentication with RADIUS Server. When connecting to the RADIUS server by setting the internal server on Zyxel firewall, the station won’t get a response from the Zyxel firewall because Zyxel firewall doesn’t support the TLS v1.3 version.
Affected Scope:
Models: USG FLEX/VPN/ATP
Firmware version: Firmware before WK41
Solution1:
To solve the authentication failure issue, we add a transition mode in the firmware WK41 that informs the station about authentication with TLS v1.2
Firmware WK 41 Download link:
USG FLEX/ATP/VPN Series
https://community.zyxel.com/en/discussion/14803/zld-v5-32wk41-firmware-release#latest。
USG/ZyWALL Series
https://community.zyxel.com/en/discussion/14817/zld-v4-72-wk41-firmware-release#latest
Solution2:
Without firmware upgrading, you can set up the Firewall setting. And let the radius (RADIUS) server, and change from the internal RADIUS server to the external RADIUS server.
Object>>AP Profile>> SSID >> Security list >> click the profile
And The final step is to add the AP to the trusted list in the RADIUS server.
Thanks
Jay
Categories
- All Categories
- 395 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
