Bug: WPA3-Enterprise with 2FA and no internet after reauth time
Options
Master Member
Hello,
when i activate 2FA together with WPA3 Enterprise the client has no internet after the reauth time anymore. There is no auth/two-factor screen after the reauth time.
Test-Client: iPhone 13 Pro with iOS 15
As soon as I deactivate 2FA in the SSID settings, it works normally again.
Thanks!
when i activate 2FA together with WPA3 Enterprise the client has no internet after the reauth time anymore. There is no auth/two-factor screen after the reauth time.
Test-Client: iPhone 13 Pro with iOS 15
As soon as I deactivate 2FA in the SSID settings, it works normally again.
Thanks!
0
Accepted Solution
-
Hi Baba,
Once station auth timeout and can not go to the internet, it should automatically pop out the connection page.
In this case, Apple devices do not pop out login page automatically, even we disconnect and re-connect again.
There is a way to resolve IOS issue by key in HTTP://neverssl.com in your browser.
it will redirect to login page to cover this case.
Thank you.
BR, DickZyxel Nebula Support
0
Zyxel Employee
All Replies
-
Hi baba,
We are testing the issue, we will keep posting the update status.
Thanks for your information.
Zyxel Nebula Support
0 -
Hi @Nebula_CSO,
I think the problem lies in WPA3 and the certificate in connection with iOS15. Even without 2FA, iOS clients no longer have Internet access after the reauth time.
0 -
Hi Baba,
Once station auth timeout and can not go to the internet, it should automatically pop out the connection page.
In this case, Apple devices do not pop out login page automatically, even we disconnect and re-connect again.
There is a way to resolve IOS issue by key in HTTP://neverssl.com in your browser.
it will redirect to login page to cover this case.
Thank you.
BR, DickZyxel Nebula Support
0 -
Hi @Nebula_CSO, neverssl.com fixed it, but this is not sustainable for my clients.
I would like to make a feature request: Skip the captive portal from the VLAN if the client is already authenticated via WPA3 Enterprise using Nebula Cloud Authentication. This would allow iOS clients to authenticate via WP3 Enterprise and still secure the VLAN with the Captive Portal.
0 -
Hi baba,
We will implement a new feature "MAC Auth+ Captive Portal".
The client can auth with their MAC address and pass the captive portal.
The feature will be launched in mid of July.
Based on your requirement, it is hard to achieve in the current networking model,
because the client fails to Auth with 802.1x it will be disconnected, it can not get IP and redirect to the captive portal.
I hope the MAC Auth + Captive Portal can fulfill your requirement.
Thank you.
BR, Dick
Zyxel Nebula Support
0
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 425 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 419 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
