[Notification] 802.1x authentication failed on wireless station with OS Windows 11 Pro ver 22H2
Zyxel Employee
Issue Description:
When a wireless station with OS Microsoft Win11 Pro 22H2 connects to the SSID with 802.1x enterprise security, the authentication fails.
Root Cause:
Microsoft Win 11 Pro 22 H2 uses TLSv1.3 protocol by default for 802.1x authentication with RADIUS Server. When connecting to the RADIUS server by setting the internal server on Zyxel firewall, the station won’t get a response from the Zyxel firewall because Zyxel firewall doesn’t support the TLS v1.3 version.
Affected Scope:
Models: USG FLEX/VPN/ATP
Firmware version: Firmware before WK41
Solution1:
To solve the authentication failure issue, we add a transition mode in the firmware WK41 that informs the station about authentication with TLS v1.2
Firmware WK 41 Download link:
USG FLEX/ATP/VPN Series
https://community.zyxel.com/en/discussion/14803/zld-v5-32wk41-firmware-release#latest。
USG/ZyWALL Series
https://community.zyxel.com/en/discussion/14817/zld-v4-72-wk41-firmware-release#latest
Solution2:
Without firmware upgrading, you can set up the Firewall setting. And let the radius (RADIUS) server, and change from the internal RADIUS server to the external RADIUS server.
Object>>AP Profile>> SSID >> Security list >> click the profile
And The final step is to add the AP to the trusted list in the RADIUS server.
Thanks
Jay
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 183 Nebula Ideas
- 120 Nebula Status and Incidents
- 6.2K Security
- 440 USG FLEX H Series
- 299 Security Ideas
- 1.6K Switch
- 80 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 276 Service & License
- 433 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 84 About Community
- 91 Security Highlight
