ZyMesh open network once Smart Mesh was enabled on 3 AP

Mar_Cin
Mar_Cin Posts: 8  Freshman Member
First Comment Friend Collector
edited September 30 in Nebula

Hey Zyxel community!
Just wanted to ask you about some odd thing I noticed while I was setting up SmartMesh (2x NWA50AX + NWA55AXE)
When finally got it working I scanned to see how DCS is working on 2.4GHz channels.
All Ap's are creating some weird HIDDEN networks which according to inSSIDer software are all unsecured/open
Did you notice the same? What is it? Why is it open?

Accepted Solution

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,631  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @Mar_Cin ,

    Regarding the hidden "smart-mesh" SSID:
    This is a one of hidden SSID broadcasted by the Root AP to allow Repeater APs to connect.It can be manually detected, however if you try to connect manually, you'll notice the connection is immediately rejected.
    The reason is that security measures for "smart-mesh" SSID is Open authentication + MAC filtering. Only Zyxel APs within the site can authenticate and use this SSID.
    Security assurance: Due to these restrictions, there are no security concerns associated with this hidden SSID.

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,631  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Mar_Cin ,

    Could you share which AP management mode are you using, Nebula cloud or Standalone mode?

    • For APs using Smart Mesh on Nebula: The Mesh profile is generated automatically as shown
    • For APs using WDS Mesh in Standalone mode: You can add Pre-Shared Key to the WDS SSID profile.

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Mar_Cin
    Mar_Cin Posts: 8  Freshman Member
    First Comment Friend Collector

    I'm currently on Nebula management system.
    I installed inSSIDer on other PC machine and it shows the same…

  • Mar_Cin
    Mar_Cin Posts: 8  Freshman Member
    First Comment Friend Collector
    edited September 28

    Well, I run 'show running-config' on all AP's and each one of them returned this:

    So seems like everything is correct and maybe inSSIDer is not?

  • Mar_Cin
    Mar_Cin Posts: 8  Freshman Member
    First Comment Friend Collector
    edited September 28

    Alright…
    So.. Windows also sees that network as open…

    What to do with that..? I'm really concerned about network security now…
    Please help.

  • Mar_Cin
    Mar_Cin Posts: 8  Freshman Member
    First Comment Friend Collector

    Ok, another update…
    My computer was able to connect to that 'hidden' and OPEN smart mesh network with ssid 'smart_mesh' with no issues (manually entered ssid name). There was no internet connection as this network is for internal AP communication (I'm guessing now). Am i right?

    What other potential threats might occur due to having access to open network with smart_mesh enabled?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,631  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @Mar_Cin ,

    Regarding the hidden "smart-mesh" SSID:
    This is a one of hidden SSID broadcasted by the Root AP to allow Repeater APs to connect.It can be manually detected, however if you try to connect manually, you'll notice the connection is immediately rejected.
    The reason is that security measures for "smart-mesh" SSID is Open authentication + MAC filtering. Only Zyxel APs within the site can authenticate and use this SSID.
    Security assurance: Due to these restrictions, there are no security concerns associated with this hidden SSID.

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Nebula Tips & Tricks