10-25-2012 12:44 AM - edited 07-03-2021 10:55 PM
Hi.
I post this here as well, as in Security, becauese Im not realy sure that this is a ISE problem.
I have a problem with a guestaccess using CWA on ISE 1.1.1 and WLC 7.2
The setup is realy simple with redirect ACL to ISE and after that an permit-all ACL.
Guest users are on a guest vlan and go thru a ASA to talk to DHCP, DNS and ISE.
When I try to connect with laptops, Windows 7, OSX 10.7 and 10.8, it works like it a charm.
The user gets redirected, put in credentials and after that get on the network. Not one problem out of maybe 30 tests.
But when I try smartphones and iPad it doesent work that well...
With iPhones, iOS5 and iOS 6 tested on three diffrent phones, I get access 19/20 times.
With iPad, only one with iOS 5.1, I get access maybe 50% of the tries
And with Android, two HTC with 2.3.7 and 2.3.3, I got one logon to the guest network out of 25 or more tries.
What happends when I try to access the network with a problem device is that it gets a redirect url but states,
on Android 'Web page not available' and on iPAD '..could not open page because it could not connect ot server.
On all these devices I can see that I have a DHCP lease with IP address and DNS. I have rebooted all devices several times and I have used 'forget this network' on the diveces. I also tried to removed the clients from the WLC and I have tried to turn off/on the WLAN on the WLC.
Could this be a WLC problem? I did a simple TCP dump on the ISE server but did not see any packets from the host. (Need to do this one again..)
Anyone with some insight on guestaccess and mobile devices?
A good way to troubleshoot this?
Thanks
Mikael
10-25-2012 03:56 AM
IIRC when you go to ISE the browser needs to have cookies enabled, as that is how ISE maintains the session information. Check to see if you are allowing cookies in those devices.
Alternately could also try loading the page on the WLC directly and testing it there.
Steve
Sent from Cisco Technical Support iPhone App
10-25-2012 04:48 AM
Yes, the wierd thing is that it is not a consistent error/problem.
If I take the iPad as an example.
With some tests it works, other times it gets a network error before the redirect page and some times it get it after authentication.
With Android it's more or less before the redirect page, you see the https://ise01.x.coom/xxxx...cwa in the browser but you get a 'Web page not available'
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: