Why is a client not in the NCAS MAC Auth list able to connect to network?
Zyxel Employee
This issue occurs because of the current settings on the Nebula Cloud Auth Server disconnect behavior. When a device tries to connect to the network, it needs to authenticate via the server. If there is a network issue preventing the server from being reached, the system reacts based on preset instructions.
If the SSID settings are configured to "Allowed: Client devices can access the network without signing in, except they are explicitly blocked."
This means that if the server cannot be reached, devices are still allowed to connect. For example, when a device tries to authenticate and there is a disconnection issue with the Nebula Cloud Auth Server, the system bypasses the normal authentication process.
The logs will be like:
Cloud Authentication No response from NCAS over 30 seconds: NCAS disconnected. CURL: SSL connect error.
Cloud Authentication MAC-auth: bypass 00:11:22:00:11:33.
If you want to ensure that no devices connect without successful authentication, change the setting to "Limited: Only currently authorized clients will be able to access the network.
Categories
- All Categories
- 414 Beta Program
- 2.2K Nebula
- 130 Nebula Ideas
- 88 Nebula Status and Incidents
- 5.4K Security
- 166 USG FLEX H Series
- 255 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 999 Wireless
- 36 Wireless Ideas
- 6.2K Consumer Product
- 233 Service & License
- 370 News and Release
- 77 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 80 About Community
- 69 Security Highlight