[Notification] 802.1x authentication failed on wireless station with OS Windows 11 Pro ver 22H2
Zyxel Employee
Issue Description:
When a wireless station with OS Microsoft Win11 Pro 22H2 connects to the SSID with 802.1x enterprise security, the authentication fails.
Root Cause:
Microsoft Win 11 Pro 22 H2 uses TLSv1.3 protocol by default for 802.1x authentication with RADIUS Server. When connecting to the RADIUS server by setting the internal server on Zyxel firewall, the station won’t get a response from the Zyxel firewall because Zyxel firewall doesn’t support the TLS v1.3 version.
Affected Scope:
Models: USG FLEX/VPN/ATP
Firmware version: Firmware before WK41
Solution1:
To solve the authentication failure issue, we add a transition mode in the firmware WK41 that informs the station about authentication with TLS v1.2
Firmware WK 41 Download link:
USG FLEX/ATP/VPN Series
https://community.zyxel.com/en/discussion/14803/zld-v5-32wk41-firmware-release#latest。
USG/ZyWALL Series
https://community.zyxel.com/en/discussion/14817/zld-v4-72-wk41-firmware-release#latest
Solution2:
Without firmware upgrading, you can set up the Firewall setting. And let the radius (RADIUS) server, and change from the internal RADIUS server to the external RADIUS server.
Object>>AP Profile>> SSID >> Security list >> click the profile
And The final step is to add the AP to the trusted list in the RADIUS server.
Thanks
Jay
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 246 Service & License
- 383 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
