cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco announces new innovations in SD-WAN, ISRs, SD-WAN Services, and Catalyst 9000 Series switches


107
Views
0
Helpful
4
Replies
Highlighted
Beginner

Captive Portal Problem on IOS

Hi Guys,

 

Recently I got a problem where several of my client's iPhones are unable to connect to SSID with Captive Portal. The popup said that the iPhone unable to connect to the SSID. Here is the condition:

1. My client's iPhone is given by their company. I do not know what kind of security setting that was applied to the phone.

2. The SSID is a guest network using captive portal with no Pre-Shared Key.

3. The captive portal is using ISE's CWA.

 

So I tried some troubleshooting. I modified the SSID by adding the PSK, but the user still has to accept T&C on the captive portal. The iPhone still could not connect with different error notification this time. The popup said that the password is wrong, but when I tried with another phone to connect to the SSID, it connected. So I remove the captive portal setting, this time only using PSK, the iPhone connected to the SSID.

 

I have 2 wild guesses regarding this:

1. Is captive portal information is added to the beacon when the AP broadcasting the SSID? Because the iPhones acted strangely when connecting to SSID with captive portals, but not to SSID with PSK only.

2. Does iPhone with a certain security setting need to check to a certain IP address first before able to connect to an SSID? Because the captive portal setting is blocking every access but to the DHCP server and ISE.

 

Is any of my guess is right? Or is there something else happens on the background. Thank you.

4 REPLIES
Beginner

Re: Captive Portal Problem on IOS

Have you investigated the ISE Radius Logs for both of the devices - Wondering if you have multiple Policies and one Phone is hitting one whilst the other is hitting a different one?

Beginner

Re: Captive Portal Problem on IOS

Hi kkillby,

 

The log was not even on the ISE, so I'm not sure if the phone got blocked by one of my rules. Did not check the log on WLC though.

Hall of Fame Master

Re: Captive Portal Problem on IOS

I would perform another test. Create a new SSID and use a generic pass through portal on the controller, not in ISE and see if that works. If it doesn’t work and other iPhones work, it can be that the company is blocking the use of guest wireless with portal page. I know some companies that do this for laptops. 

-Scott
*** Please rate helpful posts ***
Beginner

Re: Captive Portal Problem on IOS

Hi Scott,

 

Will do if I got the chance in the future. Kinda curious regarding this one.

 

Do you know what is being checked by endpoint to reject captive portal? Is captive portal information broadcasted by AP?

CreatePlease to create content
Ask the Expert- DMVPN on Cisco routers