Why is a client not in the NCAS MAC Auth list able to connect to network?

Options
Zyxel_Bella
Zyxel_Bella Posts: 483  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer

This issue occurs because of the current settings on the Nebula Cloud Auth Server disconnect behavior. When a device tries to connect to the network, it needs to authenticate via the server. If there is a network issue preventing the server from being reached, the system reacts based on preset instructions.

If the SSID settings are configured to "Allowed: Client devices can access the network without signing in, except they are explicitly blocked."

This means that if the server cannot be reached, devices are still allowed to connect. For example, when a device tries to authenticate and there is a disconnection issue with the Nebula Cloud Auth Server, the system bypasses the normal authentication process.

The logs will be like:

Cloud Authentication No response from NCAS over 30 seconds: NCAS disconnected. CURL: SSL connect error.

Cloud Authentication MAC-auth: bypass 00:11:22:00:11:33.

If you want to ensure that no devices connect without successful authentication, change the setting to "Limited: Only currently authorized clients will be able to access the network.