[NEBULA] guest account captiove works on our primary lan
FrankIversen
Posts: 92 
Ally Member
Ally Member
have setup 2 ssids with 2 different vlans.
have createa a guest user in NCC Cloud Auth. for use with the ssid2 (guest network) and login through captive portal.
The problems is that the guest acount user also can use this credential to log into out ssdi1 (primary network) which also uses nebula Cloud Authentication.
Is it possible to say which networks/ssid a guest user can access?
have createa a guest user in NCC Cloud Auth. for use with the ssid2 (guest network) and login through captive portal.
The problems is that the guest acount user also can use this credential to log into out ssdi1 (primary network) which also uses nebula Cloud Authentication.
Is it possible to say which networks/ssid a guest user can access?
0
Comments
-
Hi @FrankIversen
I suggest you can use WPA2-Enterprise with Nebula cloud authentication (which is 802.1x) for your primary network and captive portal for guest users to distinguish between your two networks.
You can select this option
And create your primary network accounts here
But normally for the ease of use of employees we just use simply use another SSID with WPA2 preshared key.
If you want to have different groups of guest accounts assigned to different SSIDs, currently it is not able to so. And as always we welcome you to submit new ideas on our forum.
Cheers!
Nebula_Dean
0 -
This is exactly what I have done .The problem is that the guest user account (captive) also work on our 802.1x internal lan, not only on the captive portal.
EDIT:
Hmm, it does seems like it works as exptected today. Perhaps it just needed to settle things down. But this could be a security issue, because yesterday (a couple of min. after I setup the AP) we could log in to the internal lan (802.1x auth with nebula auth.) and the guest user account (which is supposed to only work on the captive portal on our guest ssid)
0 -
Hi @FrankIversen
I just tested it both ways (802.1x & portal) and it worked as supposed to. I think the key here is due to configuration change which may experience the NAPs performing not as planned when the AP is still setting up new configs.
As for your reference, we already have discussions internally to whether or not block connections when the AP is not ready to service yet, which timing issues could be somewhat confusing to users since it recovers on it's own.
Dean1
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
