cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2461
Views
0
Helpful
7
Replies
Highlighted
Beginner

iPAD, ISE and Onboarding w/SCEP

I am running a ISE 1.1.1 trial and have setup most AuthC/Z policies mainly following the BYOD Design Guide at Design Zone. I have also been refering to the Trustsec 2.1 guides as well.

The problem I have is that when an iPAD connects to the On-boarding SSID.

At the moment, the iPAD correctly notices that web-auth is required and brings up the mini-webbrowser. This brings up the Cisco ISE Guest portal.

After login, I can register the device.

ISE has been configured to deploy a Native supplicant for the iPAD to deploy a profile to configure the device to use the Corp SSID and EAP-TLS. ISE has been correctly configured to connect to a 2008 R2 SCEP/NDES standalone install. The relevant certs are trusted in ISE (Including EAP-TLS auth).

However, this is where things go wrong. Once I register the device, the next stage is for a mobile profile to be pushed to the device. This does happen, but the problem is that it appears "behind" the mini-webbrowser used to perform the web login.

The issue is that when I press cancel on the mini-webbrowser to get to the profile install dialog, the iPAD appears to disconnect from the wifi network. This is a big problem as the certificate enrollment can't happen anymore.

Has anyone else had this issue?

Everyone's tags (1)
7 REPLIES 7
Highlighted
Advocate

iPAD, ISE and Onboarding w/SCEP

Can you post a screenshot of what you are seeing.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Highlighted
Beginner

iPAD, ISE and Onboarding w/SCEP

Not really. Wouldn't be captured in a screen shot.

Essentially the Profile wizard on the iPAD gets hidden behind the auto-login mini-webbrowser that the iPAD uses to get guest login.

The problem then is that I can't continue the profile NSP stage of the process.

Highlighted
Beginner

iPAD, ISE and Onboarding w/SCEP

did you ever find the fix for this issue. We are having the same trouble..

Highlighted
Enthusiast

iPAD, ISE and Onboarding w/SCEP

I had also this problem with "hidden" windows on iPhone and iPads.

For me the problem was fixed by implementing the captive portal bypass on the WLC controller:

config network web-auth captive-bypass

(small disadvantage: you don't fall automatically on the logon page. You need to open the browser yourself and got to google for example to get redirected)

Just try it...

Highlighted
Enthusiast

iPAD, ISE and Onboarding w/SCEP

We were having the same problem initially.  Have you enabled the captive portal bypass on the wireless controllers?

config network web-auth captive-bypass enable

This spoofs the iPad into thinking there is no login portal and that it has internet access and therefore it doesn't open the mini browser.  Then you can launch Safari and it will work fine.  I did have an issue with a user that was trying to use Chrome on their iPad and it wouldn't work with ISE. 

Highlighted
Beginner

iPAD, ISE and Onboarding w/SCEP

config network web-auth captive-bypass

Seems to fix the pop-up webpage problem... but others remain....

Highlighted
Beginner

iPAD, ISE and Onboarding w/SCEP