[NEBULA] MAC Auth fails

Maestri

I have 2 AP NWA1123-ACv2 and one site with 3 SSIDs, two with WPA2 Pre-shared key and one with MAC-based(Open) Nebula cloud authentication.

I found that anonymous users can access to the site by MAC-based(Open) Nebula cloud authentication even if their MAC address in NOT in the Cloud List.

Any idea or is a bug?

Thanks in advanced.

Zyxel_Panda

Hi @Maestri

Do you mean all anonymous users can access to the site by MAC-based(Open) Nebula cloud authentication?

Please help to enable the Zyxel Support on the Nebula cloud center.

And your Org and Site information.

So we can collect the relevant logs, after enabling Zyxel Support, please arrange a time during January 2nd and January 3th to do MAC authentication tests again, then we can observe the behavior by SSH method.

Thanks!

Zyxel_Panda

Hi @Maestri

I tried to take a NWA1123-ACv2 to do the test with MAC-based(Open) Nebula cloud authentication as below relevant logs and MAC address list, but I can not reproduced that.

So could you elaborate your testing process? And enable the 'Zyxel Support' on the Nebula cloud center with sharing your Org and Site information.

Thanks!

Maestri

SSID_Condif.PNG

I couldn't elaborate a test before today, the 5th, but usually with others AP I can use MAC authentication without password, in fact the MAC addresses in the list act as user and password, the others are not allowed. But I tested that a Android system not in the MAC list can access to the network without password because the SSID is open (although with MAC auth!)

Maestri

I enabled the support but how can I share my Org and Site information? This faulty behavior is disappointing me because I see many devices logging to my APs without being in the MAC list. The access actually seems OPEN to everyone!.

Zyxel_Panda

Hi @Maestri

I sent the messages to you on January 6th and 8th, please check your inbox on the forum and share me the Org and site information on it, we will access that to check more details.

Thanks a lot!

Zyxel_Panda

Hello @Maestri

I think you can share the Org and site information directly here, so we(Zyxel engineers) can help to check your configuration , logs and some relevant information as administrator.

Actually I tried to use iOS , android and windows devices to do the tests with MAC authentication SSID , but it can not be reproduced at my site, so we would like to access you Org/site for checking more details, do you use any specific application to access the SSID of MAC auth? And any test operating procedure ?

When is it convenient for you to do the test with us together?

Thanks!

Maestri

Well, my organization is 'Ale' and my site is 'Guerrazzi', I have 2 NWA1123-ACv2 with 3 SSID.

My simple test procedure is the following:

I take my Android phone, which MAC address is NOT in the MAC list of Cloud authentication, and I try to connect to the WIFI SSID with MAC-based(Open) Nebula cloud authentication: if I can connect the protection is buggy!

It seems the Android can get wifi Ip address from only one of the two AP so one is ok, the other one permits everyone access but the system in this way is not protected.

Thanks,Alessandro

Zyxel_Panda

Dear @Maestri

Thanks for your Org/Site information.

Now we can access it on the NCC and we're checking the relevant logs first, but it seems that we cannot access the AP by SSH method for typing some commands, so if need, we will consider updating a debug date firmware on the AP after clarifying the logs.

Thanks!

Zyxel_Panda

Hi @Maestri

Now we have figured out the root cause of this issue and will release a date firmware version to fix it soon.

You can reboot NWA1123-AVv2.2 AP should be solved this problem.

Thanks!

Maestri

Ok, thanks you very much. I will report my experience.

Alessandro