Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7806
Views
2
Helpful
11
Replies

Apple Captive Portal - Guest login loop.

Go to solution
dazza_johnson
Level 5
Level 5

‎08-07-2017 01:04 AM

Hey guys, this is the second deployment where I have seen this. The first deployment we basically used the captive portal bypass feature on the WLC as a workaround, but I cannot do this in the second deployment.

Basically, on any Apple device (iPhone/Mac/etc), when I connect to the guest WiFi the captive portal correctly pops up. I create a guest account, then try to log in with that guest account. When I click "Login", I am presented with the create guest account screen again! Its almost like the login button equals the create guest account button.

The captive portal on Android works fine and Windows devices too. Seems some incompatibility with Apple devices. Note: This same solution  did work with Apple devices in <v2.0 ISE releases - so I cannot say the issue is 100% Apples fault. It seems like something introduced in ISE v2.0 and above is causing this.

Surely I'm not the first to have seen this having seen it at two customer sites. Nothing jumps out at me in the Bug database.

I cannot raise a TAC case just yet because the service contract is not assigned to my CCO, so hoping someone has some pointers?

Thanks

Darren

1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎08-07-2017 05:12 AM

Ise 2.2 supports the mini browser latest patch?

You should be able to work with tac to open case to debug even if presales

Did you try a new portal?

This seems to be a bug if you click login and it goes to create account

View solution in original post

0 Helpful
11 Replies 11

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎08-07-2017 05:12 AM

Ise 2.2 supports the mini browser latest patch?

You should be able to work with tac to open case to debug even if presales

Did you try a new portal?

This seems to be a bug if you click login and it goes to create account

0 Helpful

Go to solution
dazza_johnson
Level 5
Level 5
In response to Jason Kunst

‎08-07-2017 06:33 PM

Thanks jakunst When you say ISE v2.2 (officially) supports the Apple mini browser, what does this mean exactly? In ISE v2.1 the Apple mini browser popped up and you could enter guest creds, so just trying to understand what you get extra in v2.2 that you didn't get before. I read the links below and the release notes but it doesn't explain the detail behind it.

ISE 2.2 Apple CNA (Captive Network Assistant) Mini-Browser for BYOD/Guest

Dealing with Apple CNA (AKA Mini browser) for ISE BYOD

As an example, maybe the benefit (this is just an example) is that in ISE v2.2 the portal is rendered specifically for the Apple mini browser whereas in earlier versions the portal was rendered simply as a normal browser and not as per the mini browser used by the Apple CNA.

I've opened a TAC case - but would appreciate clarity on the above query if possible.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to dazza_johnson

‎08-08-2017 10:13 AM

There are code changes to support in 2.2 but we don't have the specifics documented and won't be doing that

prior versions may have worked but not supported

0 Helpful

Go to solution
dazza_johnson
Level 5
Level 5
In response to Jason Kunst

‎08-08-2017 03:13 PM

"There are code changes to support in 2.2 but we don't have the specifics documented and won't be doing that"


So there is a feature to support this but Cisco won't disclose or document the detail? Respectfully, thats just insane......

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to dazza_johnson

‎08-08-2017 03:19 PM

Its not a feature per say, its fixes to support the mini browser. I asked the PM behind this and they are not going to specifically call out what call changes were made, we don’t do this for anything.

0 Helpful

Go to solution
dazza_johnson
Level 5
Level 5
In response to Jason Kunst

‎08-08-2017 03:23 PM

In the official ISE 2.2 release notes its down as a new feature under guest enhancements......

Thanks for the response.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to dazza_johnson

‎08-08-2017 03:25 PM

Understood but we still don’t share what specific code changes were made to support it, apologies that’s all I have to share

0 Helpful

Go to solution
dazza_johnson
Level 5
Level 5
In response to Jason Kunst

‎08-08-2017 09:03 PM

Nothing from TAC yet :-( but I have a fix/workaround. Basically, I had to recreate the portal from scratch, and copy/paste everything from the old portal to the new portal. Once I associated the new portal with the authorisation profile the portal works for Apple devices. Note: Simply duplicating the old portal didn't work - I had to manually create a new one from scratch and configure it EXACTLY as per the old portal.

Something must have got corrupted along the way. My concern is that this happened for another customer of mine too, set up by someone else. I have asked TAC to perform a root cause analysis, I don't want to have to recreate the portal on a regular basis.

Go to solution
imbashir
Cisco Employee
Cisco Employee
In response to dazza_johnson

‎08-08-2017 09:18 PM

Hi Darren, here is the a document on how to setup this use case

Dual SSID BYOD with Apple Captive Network Assistant (CNA) Browser - ISE 2.2

FYR,

Note: This feature is broken for iOS devices running 10.3.1 and above. We are working on getting a fix which is being tracked by CSCve39167

Thanks

Imran

0 Helpful

Go to solution
dazza_johnson
Level 5
Level 5
In response to imbashir

‎08-08-2017 09:42 PM

Thanks Imran. I have a single guest WiFi SSID on ISE 2.2 and it is working perfectly with IOS 10.3.3 (and other versions) with no issues.

Darren

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to dazza_johnson

‎08-08-2017 10:14 AM

Please let us know the defect number as well

0 Helpful
Customers Also Viewed These Support Documents