Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6963
Views
7
Helpful
16
Replies

"Your browser is currently unsupported" BYOD portal - ISE 2.4 U14

Go to solution
phake
Level 1
Level 1

‎11-12-2021 10:59 AM

We've been noticing that any new iOS device trying to use and enroll in our BYOD portal/setup, they're getting: "Your browser is currently unsupported". 
I'm fairly confident it's any device that's upgraded to iOS 15, 15.1, 15.2. It was working on several older test iPhones last week. 
I have: 

Version: 2.4.0.357
Installed Patches: 5,8,9,14

Any thoughts on how to get this running again?

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to phake

‎12-15-2021 03:15 PM - edited ‎12-15-2021 03:20 PM

This community is not TAC and we cannot comment on or escalate TAC cases. You'll need to work with TAC and escalate if needed via their processes. The TAC engineer will need to work with the software developers to determine if a workaround/fix can be developed.

I can say that I tested my iPad running iOS 15.2 with the BYOD flow in ISE 3.0 p4. With the Captive Network Assistant Bypass feature disabled on my BYOD provisioning SSID (WLC AireOS 8.5), I saw the same "Your browser is currently unsupported" message from the BYOD Portal.

I enabled the CNA Bypass feature on the SSID, and I was able to complete the BYOD enrollment successfully.

View solution in original post

0 Helpful
16 Replies 16

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-15-2021 02:14 PM

The Cisco supported OS versions are updated by the Posture Update packages. If you have not done so already, I would suggest getting the last online update via the Administration > System > Settings > Posture > Updates page. I believe the current 'Cisco supported OS version' should be 63.0.0.0.

If you have already updated to the current version, you might need to open a TAC case.

0 Helpful

Go to solution
phake
Level 1
Level 1
In response to Greg Gibbs

‎11-15-2021 02:50 PM

Greg,

Thanks for this!
I checked and we're at the latest, Cisco supported OS version 63.0.0.0.

 

Last successful update on 2021/11/15 15:10:52.

Just strange that all iOS devices stopped working after iOS v15.

0 Helpful

Go to solution
phake
Level 1
Level 1
In response to phake

‎11-22-2021 02:55 PM

Greg,

We found this article:
BYOD portal - Your browser is currently unsupported - Cisco Community

Looks like it has to do with the WLC and the Captive Portal.

I noticed this is the case for any device over iOS 15.x. How is Cisco solving this issue? There has got to be a large amount of customers having this issue right now. No one is going to figure out how to go to Safari, and then go to a non-cached website to activate the redirect portal.
Do we have to detect the version of the device? Can we just skip that part? 

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to phake

‎11-22-2021 09:12 PM

If this is related to the Apple CNA, this is not the first time Apple has made changes to their CNA that end up breaking portal flows. Cisco has no involvement or control over Apple software development, so this typically involves development effort to identify and implement a workaround, which takes time. If you have not already done so, please open a TAC case to investigate further and track this potential issue and any potential in-flight enhancements.

A common practice to avoid these potential CNA issues with portal-based flows is to use one of the methods to bypass the CNA documented here. Leveraging these bypass methods does involve training the users to open a browser on their device, which is typically included in the communication plan to the end users when enabling/enhancing end-user services like BYOD. Doing so, however, helps mitigate future potential issues with portal-based flows breaking due to vendors changing something with their CNA.

0 Helpful

Go to solution
phake
Level 1
Level 1

‎12-15-2021 01:05 PM

Greg,

 

Sorry, but this isn't a solution. What is Cisco actually doing to fix this issue. Apple did something post iOS 15.1 to break the captive portal redirect. What is Cisco doing to fix it?


Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to phake

‎12-15-2021 01:52 PM

Open a TAC case to investigate further and track this potential issue and any potential in-flight enhancements.

0 Helpful

Go to solution
phake
Level 1
Level 1
In response to Greg Gibbs

‎12-15-2021 01:53 PM

I do have a case open. SR 692538402. Zero progress has been made. 

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to phake

‎12-15-2021 03:15 PM - edited ‎12-15-2021 03:20 PM

This community is not TAC and we cannot comment on or escalate TAC cases. You'll need to work with TAC and escalate if needed via their processes. The TAC engineer will need to work with the software developers to determine if a workaround/fix can be developed.

I can say that I tested my iPad running iOS 15.2 with the BYOD flow in ISE 3.0 p4. With the Captive Network Assistant Bypass feature disabled on my BYOD provisioning SSID (WLC AireOS 8.5), I saw the same "Your browser is currently unsupported" message from the BYOD Portal.

I enabled the CNA Bypass feature on the SSID, and I was able to complete the BYOD enrollment successfully.

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Greg Gibbs

‎12-16-2021 09:14 PM

Just an update for anyone else interested in this topic. I tested the same ISE BYOD flow in ISE 3.0 p4 using the 9800-CL WLC (17.3.4c) and found a similar issue with the Apple CNA portal on my iPad running 15.2.

I created a webauth parameter map to enable Captive Bypass Portal on my BYOD SSID (single-SSID flow) as per the Configuration Guide and was able to complete the BYOD enrollment successfully.

Go to solution
franklinb
Level 1
Level 1
In response to Greg Gibbs

‎03-21-2023 08:38 PM - edited ‎03-21-2023 08:39 PM

@Greg Gibbs wrote:

 

I created a webauth parameter map to enable Captive Bypass Portal on my BYOD SSID (single-SSID flow) as per the Configuration Guide and was able to complete the BYOD enrollment successfully.

Hi Greg could you please possibly expand on this and how it can achieve a work-around solution to the problem? Does it mean the Guest users can still be automatically redirected upon joining vs. having to open a page? 

0 Helpful

Go to solution
ocristea88
Level 1
Level 1
In response to phake

‎08-24-2022 04:55 AM

Hi Phake,

Do you have any updates from Cisco wrt to your case?

Thanks

0 Helpful

Go to solution
DerpaNet
Level 1
Level 1

‎11-09-2022 08:06 PM

Also seeing this on a 3.1-patch3 environment and 2.6-patch10

At least on the 3.1 environment I can get around this by hitting the Retry button, waiting for it to time-out, after which the SSID connects without the BYOD work-flow. 

0 Helpful

Go to solution
dustinskyes
Level 1
Level 1
In response to DerpaNet

‎02-03-2023 09:58 AM

Seeing this as well on 3.1.0.518 patch 3.  Captive portal bypass is not working in my environment; possibly because I am using a Meraki cloud controller instead of Cisco WLC.

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to dustinskyes

‎02-03-2023 11:37 AM

This thread is from 2.4.  I would suggest creating a new one for your issue.

0 Helpful
Customers Also Viewed These Support Documents