cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7434
Views
2
Helpful
11
Replies

Apple Captive Portal - Guest login loop.

dazza_johnson
Level 5
Level 5

Hey guys, this is the second deployment where I have seen this. The first deployment we basically used the captive portal bypass feature on the WLC as a workaround, but I cannot do this in the second deployment.

Basically, on any Apple device (iPhone/Mac/etc), when I connect to the guest WiFi the captive portal correctly pops up. I create a guest account, then try to log in with that guest account. When I click "Login", I am presented with the create guest account screen again! Its almost like the login button equals the create guest account button.

The captive portal on Android works fine and Windows devices too. Seems some incompatibility with Apple devices. Note: This same solution  did work with Apple devices in <v2.0 ISE releases - so I cannot say the issue is 100% Apples fault. It seems like something introduced in ISE v2.0 and above is causing this.

Surely I'm not the first to have seen this having seen it at two customer sites. Nothing jumps out at me in the Bug database.

I cannot raise a TAC case just yet because the service contract is not assigned to my CCO, so hoping someone has some pointers?

Thanks

Darren

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

Ise 2.2 supports the mini browser latest patch?

You should be able to work with tac to open case to debug even if presales

Did you try a new portal?

This seems to be a bug if you click login and it goes to create account

View solution in original post

11 Replies 11

Jason Kunst
Cisco Employee
Cisco Employee

Ise 2.2 supports the mini browser latest patch?

You should be able to work with tac to open case to debug even if presales

Did you try a new portal?

This seems to be a bug if you click login and it goes to create account

Thanks jakunst When you say ISE v2.2 (officially) supports the Apple mini browser, what does this mean exactly? In ISE v2.1 the Apple mini browser popped up and you could enter guest creds, so just trying to understand what you get extra in v2.2 that you didn't get before. I read the links below and the release notes but it doesn't explain the detail behind it.

ISE 2.2 Apple CNA (Captive Network Assistant) Mini-Browser for BYOD/Guest

Dealing with Apple CNA (AKA Mini browser) for ISE BYOD

As an example, maybe the benefit (this is just an example) is that in ISE v2.2 the portal is rendered specifically for the Apple mini browser whereas in earlier versions the portal was rendered simply as a normal browser and not as per the mini browser used by the Apple CNA.

I've opened a TAC case - but would appreciate clarity on the above query if possible.

There are code changes to support in 2.2 but we don't have the specifics documented and won't be doing that

prior versions may have worked but not supported

"There are code changes to support in 2.2 but we don't have the specifics documented and won't be doing that"


So there is a feature to support this but Cisco won't disclose or document the detail? Respectfully, thats just insane......

Its not a feature per say, its fixes to support the mini browser. I asked the PM behind this and they are not going to specifically call out what call changes were made, we don’t do this for anything.

In the official ISE 2.2 release notes its down as a new feature under guest enhancements......

Thanks for the response.

Understood but we still don’t share what specific code changes were made to support it, apologies that’s all I have to share

Nothing from TAC yet :-( but I have a fix/workaround. Basically, I had to recreate the portal from scratch, and copy/paste everything from the old portal to the new portal. Once I associated the new portal with the authorisation profile the portal works for Apple devices. Note: Simply duplicating the old portal didn't work - I had to manually create a new one from scratch and configure it EXACTLY as per the old portal.

Something must have got corrupted along the way. My concern is that this happened for another customer of mine too, set up by someone else. I have asked TAC to perform a root cause analysis, I don't want to have to recreate the portal on a regular basis.

Hi Darren, here is the a document on how to setup this use case

Dual SSID BYOD with Apple Captive Network Assistant (CNA) Browser - ISE 2.2

FYR,

Note: This feature is broken for iOS devices running 10.3.1 and above. We are working on getting a fix which is being tracked by CSCve39167

Thanks

Imran

Thanks Imran. I have a single guest WiFi SSID on ISE 2.2 and it is working perfectly with IOS 10.3.3 (and other versions) with no issues.

Darren

Please let us know the defect number as well

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: