Please make Password for MAC-Base Auth optional or remove it entirely

vladbekker_jp01

None of the modern NAC solutions are receiving the password for MAB therefore causing authentication failure for devices which do not support 802.1x.

Here is the payload that is received from switch to the NAC and as you can see, the password is not passed down.

The only solution that I know of is FreeRadius and it's not really feasible to pidgehole Zyxel users to a single NAC vendor.

[{"Key":"User-Name","Value":"B4-22-00-5C-97-04"},{"Key":"NAS-IP-Address","Value":"10.x.0.x"},{"Key":"NAS-Identifier","Value":"switch_name"},{"Key":"P-Error-Code","Value":"60035"},{"Key":"P-Error-Msg","Value":"Auth via BE failed with curl err: '22' http code: '400'"},{"Key":"CONTEXT_ID","Value":"cab081ae-3e84-34b3-9b38-462edb8fcb97"},{"Key":"PORT","Value":"10432"},{"Key":"RADIUS_REGION","Value":"2"},{"Key":"RADIUS_TYPE","Value":"1"}]

Zyxel_Judy

Hi @vladbekker_jp01 ,

A device, such as a printer, is connected to a network switch. This device doesn't have the capability to perform 802.1X authentication, MAB is often used as a fallback method. If the MAC address of the printer is found in the list of the authentication server, the switch grants network access to the printer.

Regarding MAC-based Authentication with Nebula cloud authentication (or using My RADIUS), you don't need to add any passwords. All you have to do is add the MAC address of the client to the list found at Configure > Cloud Authentication > MAC.

If you have any ideas or suggestions that differ from my previous response, please provide us with more details, such as your specific scenario, network topology, and any other information that you believe would be helpful for us to understand and verify your situation accurately.