[NEBULA] MAC Auth fails

Maestri
Maestri Posts: 5
First Comment
edited April 2021 in Nebula

I have 2 AP NWA1123-ACv2 and one site with 3 SSIDs, two with WPA2 Pre-shared key and one with MAC-based(Open) Nebula cloud authentication.

I found that anonymous users can access to the site by MAC-based(Open) Nebula cloud authentication even if their MAC address in NOT in the Cloud List.


Any idea or is a bug?

Thanks in advanced.

«1

All Replies

  • Zyxel_Panda
    Zyxel_Panda Posts: 97  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited December 2019

    Hi @Maestri

    Do you mean all anonymous users can access to the site by MAC-based(Open) Nebula cloud authentication?

    Please help to enable the Zyxel Support on the Nebula cloud center.

    And your Org and Site information.

    So we can collect the relevant logs, after enabling Zyxel Support, please arrange a time during January 2nd and January 3th to do MAC authentication tests again, then we can observe the behavior by SSH method.

    Thanks!

  • Zyxel_Panda
    Zyxel_Panda Posts: 97  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hi @Maestri

    I tried to take a NWA1123-ACv2 to do the test with MAC-based(Open) Nebula cloud authentication as below relevant logs and MAC address list, but I can not reproduced that.

    So could you elaborate your testing process? And enable the 'Zyxel Support' on the Nebula cloud center with sharing your Org and Site information.

    Thanks!


  • I couldn't elaborate a test before today, the 5th, but usually with others AP I can use MAC authentication without password, in fact the MAC addresses in the list act as user and password, the others are not allowed. But I tested that a Android system not in the MAC list can access to the network without password because the SSID is open (although with MAC auth!)

  • I enabled the support but how can I share my Org and Site information? This faulty behavior is disappointing me because I see many devices logging to my APs without being in the MAC list. The access actually seems OPEN to everyone!.

  • Zyxel_Panda
    Zyxel_Panda Posts: 97  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited January 2020

    Hi @Maestri

    I sent the messages to you on January 6th and 8th, please check your inbox on the forum and share me the Org and site information on it, we will access that to check more details.

    Thanks a lot!

  • Zyxel_Panda
    Zyxel_Panda Posts: 97  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hello @Maestri

    I think you can share the Org and site information directly here, so we(Zyxel engineers) can help to check your configuration , logs and some relevant information as administrator.

    Actually I tried to use iOS , android and windows devices to do the tests with MAC authentication SSID , but it can not be reproduced at my site, so we would like to access you Org/site for checking more details, do you use any specific application to access the SSID of MAC auth? And any test operating procedure ?

    When is it convenient for you to do the test with us together?

    Thanks!

  • Well, my organization is 'Ale' and my site is 'Guerrazzi', I have 2 NWA1123-ACv2 with 3 SSID.

    My simple test procedure is the following:

    I take my Android phone, which MAC address is NOT in the MAC list of Cloud authentication, and I try to connect to the WIFI SSID with MAC-based(Open) Nebula cloud authentication: if I can connect the protection is buggy!

    It seems the Android can get wifi Ip address from only one of the two AP so one is ok, the other one permits everyone access but the system in this way is not protected.

    Thanks,Alessandro

  • Zyxel_Panda
    Zyxel_Panda Posts: 97  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Dear @Maestri

    Thanks for your Org/Site information.

    Now we can access it on the NCC and we're checking the relevant logs first, but it seems that we cannot access the AP by SSH method for typing some commands, so if need, we will consider updating a debug date firmware on the AP after clarifying the logs.

    Thanks!

  • Zyxel_Panda
    Zyxel_Panda Posts: 97  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hi @Maestri

    Now we have figured out the root cause of this issue and will release a date firmware version to fix it soon.

    You can reboot NWA1123-AVv2.2 AP should be solved this problem.

    Thanks!

  • Ok, thanks you very much. I will report my experience.

    Alessandro

Nebula Tips & Tricks