Please make Password for MAC-Base Auth optional or remove it entirely
None of the modern NAC solutions are receiving the password for MAB therefore causing authentication failure for devices which do not support 802.1x.
Here is the payload that is received from switch to the NAC and as you can see, the password is not passed down.
The only solution that I know of is FreeRadius and it's not really feasible to pidgehole Zyxel users to a single NAC vendor.
[{"Key":"User-Name","Value":"B4-22-00-5C-97-04"},{"Key":"NAS-IP-Address","Value":"10.x.0.x"},{"Key":"NAS-Identifier","Value":"switch_name"},{"Key":"P-Error-Code","Value":"60035"},{"Key":"P-Error-Msg","Value":"Auth via BE failed with curl err: '22' http code: '400'"},{"Key":"CONTEXT_ID","Value":"cab081ae-3e84-34b3-9b38-462edb8fcb97"},{"Key":"PORT","Value":"10432"},{"Key":"RADIUS_REGION","Value":"2"},{"Key":"RADIUS_TYPE","Value":"1"}]
Categories
- 8.5K All Categories
- 1.6K Nebula
- 71 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 981 Switch
- 46 Switch Ideas
- 874 WirelessLAN
- 22 WLAN Ideas
- 5.1K Consumer Product
- 157 Service & License
- 280 News and Release
- 59 Security Advisories
- 13 Education Center
- 580 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight