WPA Enterprise using cloud auth and EAP-TLS?

HPITS · March 2023

Nebula AP with WEP Enterprise and cloud auth is currently using the insecure PEAP-MSChap2? Can it be configured with EAP-TLS?

Zyxel_Judy · March 2023

Nebula cloud authentication provides a simple and easy-to-use authentication service with the authentication method as PEAP-MSChap2, which provides a certain level of security by providing encryption for user credentials during the authentication process. It is suitable for small and medium-sized businesses that do not have a certificate infrastructure, as it does not require client-side certificates to be installed.

Compare to PEAP-MSChap2, EAP-TLS provides a higher level of security as it requires both the client and server to authenticate using certificates. So, if you requires a higher level of security for their network, you can configure WPA Enterprise with My RADIUS server.

ChrisKringle · July 30

Hi Judy

https://community.zyxel.com/en/discussion/comment/49691#Comment_49691

is there a kind of timeline available to implement RFC 6613 (Radius/TLS, also known RadSec)? i advised customers to implement zyxel hardware, but for some of my public sector customers it is mandatory or a a criterium to have this implemented and supported.

many thanks, Chris

ChrisKringle · July 30

hey @Zyxel_Judy - this helps a lot and i apologize to hijack this one also as a kind of feature request to implement Radsec as well - if i need to raise a new topic, please let me know, but as of today, i am dealing with Zyxel Hardware together with AAD joined Devices (Intune Managed) and Cloud Radius to fulfil my customer needs - and also want to implement the more advanced one called Radius/TLS as described in RFC6614. i do not want to raise a comparison against competitors as i like and advised customers to use Zyxel, but for some of those it is a A criterium for public tender.
hope you can understand some concerns and maybe you can provide some insights or a timeline or an "if"…?
all the best, chris