Why is a client not in the NCAS MAC Auth list able to connect to network?
Zyxel Employee
This issue occurs because of the current settings on the Nebula Cloud Auth Server disconnect behavior. When a device tries to connect to the network, it needs to authenticate via the server. If there is a network issue preventing the server from being reached, the system reacts based on preset instructions.
If the SSID settings are configured to "Allowed: Client devices can access the network without signing in, except they are explicitly blocked."
This means that if the server cannot be reached, devices are still allowed to connect. For example, when a device tries to authenticate and there is a disconnection issue with the Nebula Cloud Auth Server, the system bypasses the normal authentication process.
The logs will be like:
Cloud Authentication No response from NCAS over 30 seconds: NCAS disconnected. CURL: SSL connect error.
Cloud Authentication MAC-auth: bypass 00:11:22:00:11:33.
If you want to ensure that no devices connect without successful authentication, change the setting to "Limited: Only currently authorized clients will be able to access the network.
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 199 Nebula Ideas
- 125 Nebula Status and Incidents
- 6.3K Security
- 495 USG FLEX H Series
- 322 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 48 Wireless Ideas
- 6.8K Consumer Product
- 286 Service & License
- 456 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 95 Security Highlight