10-21-2014 01:02 AM - edited 03-10-2019 10:07 PM
I was wondering if anybody else have the following problem:
Apple iOS 8.x users are not able to register their devices on the ISE portal (native supplicant provisioning).
After they receive the redirection from the WLC, they freeze. Apple 7.x users have no problem.
ISE is version 1.2.1.198 patch 2. WLC is running 8.0.102.14.
Anybody experienced the same?
MB
10-21-2014 05:32 PM
Allow access to apple.com during the guest flow or use the portal bypass feature
on WLC.
10-22-2014 01:21 AM
Hi Salod,
Still not working. Allowed all the apple.com addresses in the ACL. Also the Web Auth Captive-Bypass is Enabled.
11-05-2014 02:41 PM
Hi ,
we hit the same issue with ISE 1.2.1 P3. The apple devices browser got freezed after redirection. We tested today iPhone/iPad running 8.1 iOS.
Any update from the Cisco TAC Case ?
Regards, Holger
11-21-2014 12:16 PM
Hi,
today we deployed WLC 7.6.130 and ISE 1.2.1 P3 .
NSP for iOS 8.1 devices without any issues.
Regards , Holger
11-21-2014 12:38 PM
Hi Holger,
Thanks for the update. Could not yet open a TAC case. something with contracts...
Glad to hear it is working with WLC 7.6.130.
10-21-2014 07:56 PM
Hello-
You are most likely hitting this bug:
Patch 10 resolves this, however, you might want to upgrade to patch 11 since I see another iOS 8 related bug:
Here is the link to the release notes:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/release_notes/ise12_rn.html#pgfId-529760
Thank you for rating helpful posts!
10-22-2014 12:58 AM
Hi Neno,
I am aware of this bug. As we are running ISE version 1.2.1.198 patch 2 (the latest). This bug should'nt be there anymore. Or am I too optimistic about this?
10-22-2014 11:45 AM
Ops sorry I read "1.2 - Patch 2" :)
I have no other suggestions outside of opening a TAC case :)
10-27-2014 02:55 PM
I am also running ISE 1.2.1.198 patch 2 with 8.0.100. I am testing with an iPad running IOS 8.1. The device will register in the registration portal, but is not being classified as an IOS device within client provisioning, I believe. It is getting profiled as a workstation even though all apple device profiles are enabled. I have an authorization policy for registered devices, and ipad, iphone, ios devices to gain access to the network without going through posture assessment. I then have my posture assessment authorization rules with apple IOS devices set for a ssid native supplicant profile. I keep getting an error page on the iPad when connecting to the ISE SSID saying "Client Provisioning Portal ISE is not able to apply an access policy to your log-in session at this time. Please close this browser, wait approximately one minute, and try to connect again". It gives this message over and over. If I turn off the posture checking authorization profiles, the IOS device is selected as a rule further down which tells me that ISE does not recognize it as an IOS device in the profiling or client provisioning.
12-03-2014 01:18 AM
Hi!
I solved this problem. The reason was in the DNS. Are u use domen local (send pls FQDN of your ISE)? After device receive the redirection from the wlc, try to use IP in URL. If it help, u will need configure your DNS server. Later, I can write the details.
12-03-2014 03:18 AM
Hi Svartalf1989,
Forgot to do an update. Last week I "bypassed" the problem by simply inserting a DNS domain name (the one ISE uses off course) in the DHCP scope definition on the WLC as we are using the WLC as the DHCP server. Normally this was left "blank".
If you have your DHCP on a external server then you probably didn't had this issue.
My best guess is that from iOS8.x and up the Apple device only looks at the "host" part in the URL and expects a DNS suffix. If this is left "blank" then it fails to resolve the ISE server IP address.
Regards,
Manodj
01-16-2015 08:56 AM
Just add domain name to your dhcp configs
and bypass command to WLC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide