cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
460
Views
0
Helpful
1
Replies

Turning off 4G to get Cisco Network Assitant to work on Android

stephendrkw
Level 3
Level 3

I finally have BYOD working on ISE 2.4.x with 8.5.x running on my WLC's. Working fine for a week, then I asked a few users in my building to test sitting near the outer ring close to our building windows (my 4G signal is very intermittent in the center of my floor where I sit). Of the 3 users I tested the following error appears after clicking Cisco Network Assistant for Android:

“"Unable to detect Server. Please ensure your network access device is configured to redirect enroll.cisco.com to ISE”

Came across a few forums referring to DNS named WLC ACL entries nothing seemed a definite solution to me. So I asked the 3 users to turn off 4G on there devices (all Android) suddenly Cisco Network Assistant starts working, users complete onboarding successfully, job complete.

 

Having a look at packet captures from my Anchor WLC I can clearly see the issue, each user was sending out a request to our BYOD DNS Servers (google Servers 8.8.8.8) over DNS-TLS port 853, the difference was all of these users were sending out SYN packets unlike working Android devices who are completing 3 way handshakes!

 

With DNS-TLS obviously I can't see packet information to decode

 

Asking users to turn 4G off on their devices for onboarding is not an easy task. Has anyone else had this issue with Android or iOS?

 

I have opened a TAC..............no reply as yet.

 

 

1 Reply 1

Timothy Abbott
Cisco Employee
Cisco Employee

Apple iOS and Android use Multipath TCP.  I've seen this behavior in my lab environment when an iOS device like iPhone doesn't have a very good wifi signal.  Unfortunately, the only way I was able to combat the issue was to increase wifi coverage so that the request remains with the wifi network and not go out through the cellular network.

 

Regards,

-Tim