Bug: WPA3-Enterprise with 2FA and no internet after reauth time
Hello,
when i activate 2FA together with WPA3 Enterprise the client has no internet after the reauth time anymore. There is no auth/two-factor screen after the reauth time.
Test-Client: iPhone 13 Pro with iOS 15
As soon as I deactivate 2FA in the SSID settings, it works normally again.
Thanks!
when i activate 2FA together with WPA3 Enterprise the client has no internet after the reauth time anymore. There is no auth/two-factor screen after the reauth time.
Test-Client: iPhone 13 Pro with iOS 15
As soon as I deactivate 2FA in the SSID settings, it works normally again.
Thanks!
0
Accepted Solution
-
Hi Baba,
Once station auth timeout and can not go to the internet, it should automatically pop out the connection page.
In this case, Apple devices do not pop out login page automatically, even we disconnect and re-connect again.
There is a way to resolve IOS issue by key in HTTP://neverssl.com in your browser.
it will redirect to login page to cover this case.
Thank you.
BR, Dick0
All Replies
-
Hi baba,
We are testing the issue, we will keep posting the update status.
Thanks for your information.
0 -
Hi @Nebula_CSO,
I think the problem lies in WPA3 and the certificate in connection with iOS15. Even without 2FA, iOS clients no longer have Internet access after the reauth time.
0 -
Hi @Nebula_CSO, neverssl.com fixed it, but this is not sustainable for my clients.
I would like to make a feature request: Skip the captive portal from the VLAN if the client is already authenticated via WPA3 Enterprise using Nebula Cloud Authentication. This would allow iOS clients to authenticate via WP3 Enterprise and still secure the VLAN with the Captive Portal.
0 -
Hi baba,
We will implement a new feature "MAC Auth+ Captive Portal".
The client can auth with their MAC address and pass the captive portal.
The feature will be launched in mid of July.
Based on your requirement, it is hard to achieve in the current networking model,
because the client fails to Auth with 802.1x it will be disconnected, it can not get IP and redirect to the captive portal.
I hope the MAC Auth + Captive Portal can fulfill your requirement.
Thank you.
BR, Dick
0
Categories
- 6.8K All Categories
- 1.3K Nebula
- 26 Nebula Ideas
- 28 Nebula Status and Incidents
- 3.8K Security
- 199 Security Ideas
- 691 Switch
- 25 Switch Ideas
- 566 WirelessLAN
- 8 WLAN Ideas
- 4.5K Consumer Product
- 95 Service & License
- 211 New and Release
- 34 Security Advisories
- 476 FAQ
- 216 Nebula FAQ
- 106 Security FAQ
- 72 Switch FAQ
- 66 WirelessLAN FAQ
- Documents
- 20 Nebula Monthly Express
- 40 About Community
- 31 Security Highlight