Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
2
Replies

Guestaccess - Android/iPad problem

Mikael Gustafsson
Level 5
Level 5

‎10-25-2012 12:44 AM - edited ‎07-03-2021 10:55 PM

Hi.

I post this here as well, as in Security, becauese Im not realy sure that this is a ISE problem.

I have a problem with a guestaccess using CWA on ISE 1.1.1 and WLC 7.2

The setup is realy simple with redirect ACL to ISE and after that an permit-all ACL.

Guest users are on a guest vlan and go thru a ASA to talk to DHCP, DNS and ISE.

When I try to connect with laptops, Windows 7, OSX 10.7 and 10.8, it works like it a charm.

The user gets redirected, put in credentials and after that get on the network. Not one problem out of maybe 30 tests.

But when I try smartphones and iPad it doesent work that well...

With iPhones, iOS5 and iOS 6 tested on three diffrent phones, I get access 19/20 times.

With iPad, only one with iOS 5.1, I get access maybe 50% of the tries

And with Android, two HTC with 2.3.7 and 2.3.3, I got one logon to the guest network out of 25 or more tries.

What happends when I try to access the network with a problem device is that it gets a redirect url but states,

on Android 'Web page not available' and on iPAD '..could not open page because it could not connect ot server.

On all these devices I can see that I have a DHCP lease with IP address and DNS. I have rebooted all devices several times and I have used 'forget this network' on the diveces. I also tried to removed the clients from the WLC and I have tried to turn off/on the WLAN on the WLC.

Could this be a WLC problem? I did a simple TCP dump on the ISE server but did not see any packets from the host. (Need to do this one again..)

Anyone with some insight on guestaccess and mobile devices?

A good way to troubleshoot this?

Thanks

Mikael

several
Labels:
0 Helpful
2 Replies 2

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎10-25-2012 03:56 AM

IIRC when you go to ISE the browser needs to have cookies enabled, as that is how ISE maintains the session information. Check to see if you are allowing cookies in those devices.

Alternately could also try loading the page on the WLC directly and testing it there.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Mikael Gustafsson
Level 5
Level 5
In response to Stephen Rodriguez

‎10-25-2012 04:48 AM

Yes, the wierd thing is that it is not a consistent error/problem.

If I take the iPad as an example.

With some tests it works, other times it gets a network error before the redirect page and some times it get it after authentication.

With Android it's more or less before the redirect page, you see the https://ise01.x.coom/xxxx...cwa in the browser but you get a 'Web page not available'

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card