NWA50AX PRO cannot disable into wizard the first SSID. (firmware 7.00 P2)
Guru Member
Mint new NWA50AX PRO. Delivered firmware 6.55. On premises mode.
Connect on the web interface (DHCP), follow the wizard, disabling the networks (I have a configuration that i need to upload, but it's made on a more recent firmware). Update firmware to 7.00 P2, reboot.
Connect on the web interface , following the wizard, cannot disable SSID1 on radio section. There's only "ON" green button, no toggle.
Why?
(on a different device this behaviour is not replicated, starding MAC address 14 instead of 70)
All Replies
-
Hi @mMontana
At present, SSID1 cannot be disabled within the setup wizard interface and is configured to remain active by default. To disable SSID1, please go to CONFIGURATION > Wireless > AP Management in the web interface, where you can adjust this setting. However, please note that if you revisit and modify settings within the wizard, SSID1 will be re-enabled automatically. For this reason, we recommend avoiding SSID1 for any network you intend to keep disabled.
Additionally, the behaviour you’re experiencing should be consistent across devices of the same model and firmware version. Could you please share a screenshot of the AP settings from the device with the MAC address starting with 14:XX:XX:XX:XX, along with its firmware version? This will help us investigate further.
Kay
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
Hi, thanks for your answer.
At present, SSID1 cannot be disabled within the setup wizard interface and is configured to remain active by default. T
Question remains, the only one reported into my post: why?
Default configuration for the zyxel aPs are "no security as default" and nowadays, it's not a good idea.
In EU "secure by default" is a concept that sticks to configuration devices, and now I must change admin password at first login, if this password is not "par device", like some NASes or MFPs. The capability to disable at wizard any SSID allowed me to:
-wizard the device
-set it into a non hazardous way
-upgrade it to latest firmware
-create objects for a correct configuration or upload a already refined/secure configurationIt's quite unpractical to create a steel box connected to ground only for reduce the vulnerability footprint for "default config". In some companies this kind of "default behavior" could be the cause for not using at all perfectly good network gear because of the insecure status at delivery. Ominous? I can agree, still as IT guy I must comply with customer's policies.
Could you please share a screenshot of the AP settings from the device with the MAC address starting with 14:XX:XX:XX:XX, along with its firmware version? This will help us investigate further.
As stated in my post… I had a configuration to upload, made on a different device (still a 14:00:00:00:00:00 device). I uploaded it, corrected it and… deployed the device. I'm currently not into a condition for reset the device to factory for testing.
1 -
Hi @mMontana
Regarding the initial SSID security mode, we plan to enhance it with the "enhanced-open" security mode to meet the EN 18031 standard in the version 7.10 release, scheduled for Q1 2025. This update should align with the EU regulation you mentioned.
In the current setup, we prioritize ease of use in the initial wizard setup, ensuring that the security meets minimum requirements. While the product could be designed with a complex, high-security password by default, this might add operational difficulty and impact the user experience during the initial setup. For this reason, we strongly recommend modifying the default SSID and applying additional security settings after purchase.
If the security concern you referenced is different from the EN 18031 standard, please feel free to share more details.
As for the option to disable SSID in the setup wizard, we understand the need for flexibility. Since most users purchase APs to extend wireless coverage, disabling the initial SSID during setup might feel counterintuitive. However, we recognize that adding this option could provide more customization, and we’re taking this into account for future updates.
Thank you for your valuable feedback!
Kay
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
@Zyxel_Kay thanks for the detailed answer.
If configured via ZON utility, do not allow disabling the default profile/SSID makes some sense, however… If i'm accessing from wireless network instead from cabled interface make more sens to provide a costrain nor a warning before apply the setting change (disable the only active SSID).
However: if i'm accessing to the web interface the device should know that i'm using a browser rather than ZON… that's what browser agents are for.
"default not security" only for allowing ZON use is not a policy that I'd endorse.I hope to see in the future more security oriented default approaches.
1
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
