[Notification] 802.1x authentication failed on wireless station with OS Windows 11 Pro ver 22H2

Zyxel_Jay
Zyxel_Jay Posts: 117
5 Answers First Comment Friend Collector
 Ally Member
edited October 27 in WirelessLAN

Issue Description:

When a wireless station with OS Microsoft Win11 Pro 22H2 connects to the SSID with 802.1x enterprise security, the authentication fails.

Root Cause:

Microsoft Win 11 Pro 22 H2 uses TLSv1.3 protocol by default for 802.1x authentication with RADIUS Server. When connecting to the RADIUS server by setting the internal server on Zyxel firewall, the station won’t get a response from the Zyxel firewall because Zyxel firewall doesn’t support the TLS v1.3 version.

Affected Scope:

Models:  USG FLEX/VPN/ATP

Firmware version: Firmware before WK41

 Solution1:

To solve the authentication failure issue, we add a transition mode in the firmware WK41 that informs the station about authentication with TLS v1.2

Firmware WK 41 Download link:

USG FLEX/ATP/VPN Series

https://community.zyxel.com/en/discussion/14803/zld-v5-32wk41-firmware-release#latest

USG/ZyWALL Series

https://community.zyxel.com/en/discussion/14817/zld-v4-72-wk41-firmware-release#latest

Solution2:

Without firmware upgrading, you can set up the Firewall setting. And let the radius (RADIUS) server, and change from the internal RADIUS server to the external RADIUS server.

 

Object>>AP Profile>> SSID >> Security list >> click the profile

And The final step is to add the AP to the trusted list in the RADIUS server.

 

Thanks

Jay

Tagged: