Question about 802.1x port based authentication and Zyxel APs
Is there a way to use a Zyxel ap as a 802.1x supplicant IE, the AP joins as a client and then the Wifi networks that are shared from the AP would have their own security IE WPA2, clients that join a wifi SSID get authenticated to the port based off the AP's authentication to the port?
I'll also say this incase someone else has a better idea: Outside of physical security I'm just looking for a way to prevent someone from ripping off an outdoor AP and connecting to the switch / all trunked vlans.
All Replies
-
Hi @Tazman ,
Zyxel APs do not support acting as 802.1x supplicants in the way you've described. The APs can authenticate clients using 802.1x, but they themselves cannot authenticate to the network in this way.
Regarding your scenario and your concern about physical security, to mitigate this risk, you could consider the methods below:
Method 1: Configuration on AP
You can refer to establishing the Smart mesh (as the wireless connection mechanism to Zyxel AP connects to another Zyxel AP) for your network, so there is no Ethernet cable outdoor.
Method 2: Configuration on firewall
You can refer to Captive portal feature. When opening the browser and trying to surf the internet, client will be redirected to the login page and must verify the authentication to access the network and use internet services.
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
