[NEBULA] WPA2-Enterprise with Nebula cloud authentiation sudden stopped working

Link
Link Posts: 10  Freshman Member
edited April 14 in Nebula
Last week I followed the Bayardo's post on how to configure Nebula WPA2-Enterprise auth with Nebula Cloud Authentication.
It worked perfectly last Firday, but after a weekend users cannot login in anymore.
The NAP102 AP  returns " unable to connect to network"  on the devices or " username password is incorrect " after I reconnect to the SSID again.

Is there a problem now with the Cloud Authentication?

Best Regards,
Ling Kwang
«1

Comments

  • Link
    Link Posts: 10  Freshman Member
    AP eventlog shows: Station: mac address has blocked by Auth Failed(AAA Profile: default) on Channel: 11, SSID: XXX, 2.4G, reason 23, interface wlan -1-1
  • Zyxel_Dean
    Zyxel_Dean Posts: 243  Zyxel Employee
    edited October 2017
    Hi @Link
    Welcome to our forum!

    Could you check under "Cloud authentication" page which is under the organization panel, to see if the users have expiration time due? (refer to below screenshot)


    If you followed the exact settings from the FAQ likely you will end up the account expired after 60 minutes.  You can click on the account and change to "never expire" should do the trick.

    Dean
  • Link
    Link Posts: 10  Freshman Member
    Hi Dean,

    it shows never, so there is no expiration time due.

    LingKwang
  • Link
    Link Posts: 10  Freshman Member
    I use the email as username.
  • Zyxel_Dean
    Zyxel_Dean Posts: 243  Zyxel Employee
    edited October 2017
    Hi @Link ,

    Let's check the possible elements one by one, 

    For the log "Auth Failed(AAA Profile: default) on Channel: 11, SSID: XXX, 2.4G, reason 23, "
    meaning that authentication failed , we should look into the authentication process. 

    Below I enlist some items to check.

    Connectivity to authentication server: 
    Could you check the eventlogs in the period of your failed login attempts that this message is showing frequently? 
    " No response from NCAS over 15 seconds: NCAS disconnected "
    or 
    "NCAS disconnected "

    Configurations:
    1. In the "Authentication" page what is your SSID setting of  "NCAS disconnection" behavior, "allowed" or "limited"
    2. In "Cloud authentication" page,  could you check if you are logging in with the same "Login by" method in your case by email? or you could just simply upload a screenshot and let me check if anything is wrong.
      
     
    Other check items. 
    1. Did you login on the same AP as last week or is it a different AP? 
    2. What client device did you find login not able? If it's an iOS device what is the iOS version?



    Dean

  • Link
    Link Posts: 10  Freshman Member
    Hi Dean,

    yes, the Login by is Email.
    the NCAS disconnection" behavior, is set to "allowed"
    I cannot find NCAS disconnected disconnected.
    there is 204 NCAS is alive message.

    We have to AP's we are loging in the same AP.
    I also rebooted the gateway as well as the AP this morning.
    At this moment I returned to use WPA2 personal again.

    I do have 2 SSID's configured with WPA2 Enterprise with Nebula Cloud Auth. 
    Can that cause problems??


  • Link
    Link Posts: 10  Freshman Member
    Hi Dean,

    I found some " No response from NCAS over 15 seconds: NCAS disconnected "
    or 
    "NCAS disconnected "

    but in about 3 min later it shows NCAS connected: 204 Server is Alive
  • Zyxel_Dean
    Zyxel_Dean Posts: 243  Zyxel Employee
    Hi @Link

    According to your info I think your configurations and connectivity should be fine.
    May I know what type of client device did you have this trouble with?
    Is it an iPhone or Android or other types?
  • Link
    Link Posts: 10  Freshman Member
    Goodmorning Dean,

    It is with all types of devices.

    Best Regards,
    Ling Kwang
  • WebberIT
    WebberIT Posts: 52  Ally Member
    I do have 2 SSID's configured with WPA2 Enterprise with Nebula Cloud Auth. 
    Can that cause problems??


    are the 2 SSIDs in a different organisation? it shouldn't if your aps are in the same org 
    mine is working btw

    perhaps create a new account or try login with other account to see if that can work ?


Nebula Tips & Tricks