Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1618
Views
5
Helpful
7
Replies

Web Redirect Failure with Android 7

m_schmidt1
Level 1
Level 1

‎07-06-2018 04:24 AM - edited ‎07-05-2021 08:48 AM

Hi All, 

 

I've got an issue where newer Android type devices (7.0.x) can't connect to our guest WLAN. They are able to connect, pick up an IP address and then do a DNS request to the DNS servers specified in the DHCP settings, but they cannot bring up the login splash page. See the attached screenshots. This is what they are greeted with. There's no option to bypass the certificate issue. Any idea why? 

1 person had this problem
Labels:
Preview file
112 KB
Preview file
148 KB
Preview file
211 KB
0 Helpful
7 Replies 7

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎07-06-2018 04:30 AM - edited ‎07-06-2018 04:31 AM

1. I feel it is a certificate error.

did you click on "CONTINUE ANYWAY VIA BROWSER" and ADVANCED ?

 2. You can also enablle https redirection wlc(it may impact WLC performance)

Management > Http-Https> HTTPS Redirection

Regards

Dont forget to rate helpful posts

 

m_schmidt1
Level 1
Level 1
In response to Sandeep Choudhary

‎07-06-2018 04:54 AM - edited ‎07-06-2018 05:02 AM

As for the certificate being valid or not, I've got a screen shot here of the WLC's SSC.

 

The response from my users is this: 

“When I tried on the MotoG phone that I have, the phone gave me the option to click advanced button, then only gave me the option to reload page or hide advanced, didn’t see any other option to continue to website.”

 

 I forgot to mention - https redirection  has always been enabled all along.

Preview file
20 KB
0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to m_schmidt1

‎07-06-2018 05:17 AM

Also..

Try to check your Mobilea and WLC Date and Time!!

 

Regards

Dont forget to rate helpful posts

0 Helpful

m_schmidt1
Level 1
Level 1
In response to Sandeep Choudhary

‎07-06-2018 05:33 AM

Good thinking batman, will check that now..

0 Helpful

David Ritter
Level 4
Level 4
In response to m_schmidt1

‎07-06-2018 02:00 PM

This is not limited to Android 7, but Chrome will not support a redirect in Win10 due to bad certs.. points the intended redirects https://5.5.5.5/login.html/redirect=www.gstatic.com/generate_204
IE and FF work Edge and Chrome will not
0 Helpful

m_schmidt1
Level 1
Level 1
In response to David Ritter

‎07-10-2018 03:15 AM

Hi Guys, 

 

It appears that I'm still not out the woods yet. I'm still getting reports from various users of different devices who've told us they can / can't connect using different devices. I found out that those phones I originally mentioned were provided by a third party and these weren't actually tested on our Guest Wi-Fi prior to being distributed to our users. I've put that point back to our management and told them to give me one to test with myself which I'm going to be getting my hands on soon I hope. I've got my own personal WLC setup at home (WLC 2504 and some AP's) to test with too which will be good to see if there's any difference between our Production guest Wi-Fi at work and my own Guest Wi-Fi at home. I also forgot to mention that the WLC at work is a virtual WLC (vWLC) running on some physical host. I don't know if that's relevant?

 

I'm actually now getting other reports about a slightly different error that I've attached below. Here is some feedback I've had from my users:

 

Device Type: User's Mobile

Device Name: MS Lumia 640

Operating System: Windows Phone 8.1 Update 2

How many times did the cert error page load: 1

Was the option to continue there: Yes

 

Device Type: User's Laptop

Device Name: Corporate issue Lenovo ThinkPad T430

Operating System: Windows 7 Enterprise

How many times did the cert error page load: Didn’t – IE sat there trying to load the default home page (Intranet) then failed (pic 1), no option to go to Wifi login page.

Was the option to continue there: Nope

Daft device to try on Guest

Pic 1:

guest connection no redirect.png

 

 

Other users: 

Device Type: Personal Mobile

Device Name: Samsung Galaxy S5

Operating System: Android V6.0.1

How many times did the cert error page load: Device default homepage was Google but wouldn’t go to wifi Login screen.

Was the option to continue there: No

 

Device Type: Personal Mobile

Device Name: Samsung S7 Edge

Operating System: Android V7

How many times did the cert error page load: 1

Was the option to continue there: Yes

 

Device Type: Personal mobile

Device Name: Apple 6S

Operating System: iOS 11.4

How many times did the cert error page load:1

Was the option to continue there: Yes

 

I am confused as to why some are able to be redirected with the option to continue and some aren't. Can anyone give me some pointers? Anyone seen this before? 

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to m_schmidt1

‎07-10-2018 04:26 AM

Two things:
1. use 192.168.x.x or any other private marked IP range for the login page and not a public one like 5.5.5.5.
2. it could be a TLS version/certificate signature hash mode issue. Check for example here for issues that can cause: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux53541/?rfs=iqvred
https://supportforums.cisco.com/t5/security-and-network-management/tls-1-2-on-wlc-gui-management-interface/td-p/2906432
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card