My RADIUS Auth via local network does not work
i've set up a RADIUS Sever for a SSID and added the LAN IP in Nebula. But if i am offline the authentication does not work, because the external IP is used:
AP Log:
2022-11-28 15:33:05 10.10.100.35 0" dst="0.0.0.0:0" msg="User baba (MAC: a2:5d:32:xx:xx:xx) 802.1X auth timeout. (Server: 91.42.xxx.xxx:1812, Timeout: 12s)" note="" user="unknown" devID="d8ece58cdxxx" cat="User"
2022-11-28 15:33:05 10.10.100.35 0" dst="0.0.0.0:0" msg="User baba (MAC: a2:5d:32:xx:xx:xx) 802.1X auth failed on interface wlan-2-8.(Server: 91.42.xxx.xxx:1812)" note="" user="unknown" devID="d8ece58cdxxx" cat="User"
Whats wrong?
Best,
baba
All Replies
-
I had added a dns entry in Host field before. I believe it's using the old hostname instead using the the new private ip0
-
Hi @baba
Ensure the AP status is up to date after apply new settings, if the security type of SSID applied on AP the server will use IP address in the config file.
You can access the AP by ssh and use command show running-config to check or enable the Zyxel support at Help > Support request > Invite Zyxel support as administrator, save the changes for us to check. And provide the Org and Site name.
[Nebula] How to turn on Zyxel Support Access?
Kindly sharing your topology with us will help a lot.
Thank you
Regards,
Bella
0 -
Hi @Zyxel_Bella,
The AP status is up to date. And you're right, the settings were not applied. "show running-config" shows that the domain still will be used. What can I do? It's urgent because this effects all wifi clients. Can it be related to this https://community.zyxel.com/en/discussion/15169/nebula-cloud-service-incident-2022-11-28-12-42-utc-0#latest issue?server-auth 1 host address mydomain.tld port 1812 secret-encrypted base64encodedString=
The new IP is saved in Nebula but not applied to the access points.
Topology: USG Flex 200 with six MWA110AX.
I've activated the zyxel support access.
Thanks!0 -
The problem is getting bigger. Tonight, without a change, all SSIDs disappeared. After I turned one SSID off and on, it was working again. In the running-config is still an "entry server-auth 1 host address" with the DNS name. The field "server-acct 1 ip address" contains the correct IP. The access points continue to try to contact the DNS name.
0 -
Hi @baba
After investigated, we found the result is due to the AP applied the running-cofig which includes both IP address and domain name but domain name override the firstly applied IP to cause the issue.
The thing we’ve confirmed is NCC pushed the correct info for AP, but we’re still working on tracking the flow AP part to and to fix it asap.
To help you quickly back the service to normal, the fastest way is to delete the SSID on Nebula then create it again with IP address or like you mentioned in message to add a new one.
Feel free to let me know if you need my help to do any changed on the SSID settings for you or you’ll arrange to operate.
Thank you
Regards,
Bella
0 -
Hi @Zyxel_Bella,
do you have any ETA for a fix of this Problem? Deleting a SSID is no option for me, because i will loose the order of the ssids.
Thanks!0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight