Ruijie Community

Title: AP Portal Auth using account bypass [Print this page]

Author: misadrian6@gmai Time: 2024-8-14 13:03
Title: AP Portal Auth using account bypass
I config my ap on the ruijie cloud portal that only those have an account can login to the ssid network. But duing my active monitoring there are other devices connecting on this ssid without using account. The config was 1 account every 1 devices mac addresses are bind after using the account on a certain devices, and the account can be only use on a dedicated ssid network. Can you give us any advice how to secure our network?

Author: guominxiang@rui Time: 2024-8-14 13:39
Hello,
I‘m sorry that we can't provide a specific solution for you based on current information.
Can you help to check the following aspects:
1. Is the configuration you mentioned the configuration in the screenshot below? If not, you can follow the screenshot and change your authentication configuration.

2. If the configuration has been changed, but there are still users who can connect to the SSID without authentication, can you take a screenshot of the authentication configuration, account group Settings, and SSID configuration for me to check?
3. Please also share the records of user connections(client list) on the cloud

Best regards,
Micca

Author: misadrian6@gmai Time: 2024-8-14 16:53

GTAC-Micca replied at 2024-8-14 13:39
Hello,
I‘m sorry that we can't provide a specific solution for you based on current information.
C ...

Your attached file is the exact config I made and also I recorded all the bind mac address that been use on our users but the problem there is some mac addressing still accessing the ssid event without an account. The attached file is the current mac address and I think it the same user before because the location where he/she connecting is always the same. Maybe he/she have a way to change his/her mac address.

Author: guominxiang@rui Time: 2024-8-14 17:17

Pol B replied at 2024-8-14 16:53
Your attached file is the exact config I made and also I recorded all the bind mac address that be ...

Hello,

What does the topology look like? How many APs are there? Are all APs successfully synchronized with portal configuration? You can manually click deliver to synchronize the portal configuration to the AP again

If you add this MAC address to block list, will this user still get connection with new MAC assress?
Tips: How to config Whitelist/Blacklist for wireless users on Ruijie AP? https://community.ruijienetworks.com/forum.php?mod=viewthread&tid=3670&extra=page%3D1

If the issue still exists, please talk with me again. I would be glad to help you in CoMmunity.

Best regards,
Micca

Author: misadrian6@gmai Time: 2024-8-14 17:51

GTAC-Micca replied at 2024-8-14 17:17
Hello,

What does the topology look like? How many APs are there? Are all APs successfully synchro ...

We have 41 access point, and yes I already blacklisting the mac address but the device manage to get new
mac address on his/her device and still connecting on the same location. I look to the AP

where the user
frequent connected to it all sync base on our config.

Author: liujunhui1@ruij Time: 2024-8-19 10:23

Pol B replied at 2024-8-14 17:51
We have 41 access point, and yes I already blacklisting the mac address but the device manage to g ...

Hello,
I‘m sorry that we can't provide a specific solution for you based on current information.
Can you help to check the following aspects:
1. May I also confirm whether these two functions were enabled
it will allow user access the network and portal page will not pop up
and user who has passed the authentication will not need authentication again
if these two functions were enabled, could you try to disable them?

2. May I also see the configutation on the user Group too?
configuration like this

3.May I know if on the terminal devices, users enabled the random MAC function
it will changed the MAC address after users forget the SSID then reconnect
Best regards,
Ross

Author: misadrian6@gmai Time: 2024-8-19 12:07

GTAC-Ross replied at 2024-8-19 10:23
Pol B replied at 2024-8-14 17:51
We have 41 access point, and yes I already blacklisting the mac add ...

I will try and workaround the 1 and 3, now I put an alias to all the mac address that been use so that I can
easily identify which mac addresses are newly registered and when I saw an new mac address that is
not binded to any account I created I blacklist the mac addresses globally. (temporary solution)

As of now I already black 6 mac addresses that been connecting to the different ssid even they
do not have an account and they consuming a certain amount of bandwidth. For those 2 this is my
group settings.

Thank you

Author: guominxiang@rui Time: 2024-8-19 16:14

Pol B replied at 2024-8-19 12:07
I will try and workaround the 1 and 3, now I put an alias to all the mac address that been use so ...

Hello,

I need your network share so that I can check more details for you. Could you share your project with me for checking ploease? In order to protect the safety of your project, please share to my email guominxiang@ruijie.com.cn
How to share the project in the new version of the Ruijie Cloud?https://community.ruijienetworks.com/forum.php?mod=viewthread&tid=6341&extra=page%3D1

Best regards,
Micca

Author: misadrian6@gmai Time: 2024-8-30 15:52

GTAC-Micca replied at 2024-8-19 16:14
Hello,

I need your network share so that I can check more details for you. Could you share your p ...

Hello mica, as of update I am checking my ssid everyday for any unknown connection. as of now the issue
now is been address after I block 6 unknown mac address connecting my ssid without any account.
I am already satisfy with this. Thank you for the prompt response.

Welcome to Ruijie Community (https://community.ruijienetworks.com/)