Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2241
Views
0
Helpful
4
Replies

Captive Portal Problem on IOS

fdharmawan
Level 4
Level 4

‎12-06-2018 10:57 PM - edited ‎07-05-2021 09:33 AM

Hi Guys,

 

Recently I got a problem where several of my client's iPhones are unable to connect to SSID with Captive Portal. The popup said that the iPhone unable to connect to the SSID. Here is the condition:

1. My client's iPhone is given by their company. I do not know what kind of security setting that was applied to the phone.

2. The SSID is a guest network using captive portal with no Pre-Shared Key.

3. The captive portal is using ISE's CWA.

 

So I tried some troubleshooting. I modified the SSID by adding the PSK, but the user still has to accept T&C on the captive portal. The iPhone still could not connect with different error notification this time. The popup said that the password is wrong, but when I tried with another phone to connect to the SSID, it connected. So I remove the captive portal setting, this time only using PSK, the iPhone connected to the SSID.

 

I have 2 wild guesses regarding this:

1. Is captive portal information is added to the beacon when the AP broadcasting the SSID? Because the iPhones acted strangely when connecting to SSID with captive portals, but not to SSID with PSK only.

2. Does iPhone with a certain security setting need to check to a certain IP address first before able to connect to an SSID? Because the captive portal setting is blocking every access but to the DHCP server and ISE.

 

Is any of my guess is right? Or is there something else happens on the background. Thank you.

Labels:
0 Helpful
4 Replies 4

kkillby
Level 1
Level 1

‎12-07-2018 01:19 AM

Have you investigated the ISE Radius Logs for both of the devices - Wondering if you have multiple Policies and one Phone is hitting one whilst the other is hitting a different one?

0 Helpful

fdharmawan
Level 4
Level 4
In response to kkillby

‎12-09-2018 06:47 PM

Hi kkillby,

 

The log was not even on the ISE, so I'm not sure if the phone got blocked by one of my rules. Did not check the log on WLC though.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎12-07-2018 03:40 AM

I would perform another test. Create a new SSID and use a generic pass through portal on the controller, not in ISE and see if that works. If it doesn’t work and other iPhones work, it can be that the company is blocking the use of guest wireless with portal page. I know some companies that do this for laptops. 

-Scott
*** Please rate helpful posts ***
0 Helpful

fdharmawan
Level 4
Level 4
In response to Scott Fella

‎12-09-2018 06:51 PM

Hi Scott,

 

Will do if I got the chance in the future. Kinda curious regarding this one.

 

Do you know what is being checked by endpoint to reject captive portal? Is captive portal information broadcasted by AP?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card