CSCvp54579(CSC.policy-mgmt,upd,jakunst)ise 2.6 hotspot flow with apple ios CNA ends with 400 error after success page. The flow still works but user will see 400 error instead of success page. They still have connectivity as a guest. This will apply to all guest flows using apple captive network assistant.
ROADMAP - we will be perhaps updating AireOS wireless code in future to keep relevant until we decommission likely July 2020
When first connecting a client to the network using the hotspot or guest network (straight MAB), the device will be denied access. When you connect a second time (now the mac address is in the database) it will be successful.
Why do we have different WLC versions depending on the ISE demo?
We try to stay with the same WLC version across demos so that you aren't required to wait 20 min or so when switching between the code. We are also restricted to using public versions of the code as well. An AP can store 2 images of code. This is useful as we have 3 different code versions. AireOS 8.3, 8.5 and C9800-CL running 16.11 (soon to be 16.12)
We are looking in November to consolidate AireOS code into 8.5.x for both the ISE Sandbox and Mobility Deep Dive
What are some of the reasons why we cannot keep the versions the same:
Secure Access Wizard demo is running 126.96.36.199 code because WLC 188.8.131.52 code is not working with the wizard.
ISE - CSCvg65262, WLC - CSCvg80402
hoping to have a fix in 2.6 patch 3 ETA Nov 2019? This will be consolidated into the ISE 2.6 Sandbox v1.1
Captive Network Assistant - 8.3 code doesn't work with per WLAN captive portal bypass, this feature is needed on the Mobility demo to showcase that we support the Apple CNA (Captive Network Assistant) mini-browser that auto-pops up when connecting to a WLAN with a guest portal - new ISE Enterprise & Security demo with C9800-CL works correctly
8.5 has new GUI options to enable easy setup with ISE
APs that are built into the router will not work with the following (Use an external AP compatible with WLC 8.5 code)
URL based ACLs (used in the SAW demo).
Device Sensor profiling (if you're accessing the network without the endpoint opening an ISE portal (guest for example) then your device will not be able to be profiled utilizing the DHCP/HTTP probes running on the WLC.
I’ve been trying get to work for over a year. ATT came out with this document. Any suggestions on how to implement this would be appreciated. https://www.att.com/esupport/article.html#!/wireless/KM1114459
I seem to have this strange problem with ASDM on one of my ASA5515's in the pair, the standby unit does not have the problem I am about to describe. ASDM was working just fine then suddenly I am unable to connect to it on, only on the Primary, the Se...
Hi, I need to allow internet access for internal client for facebook access and need to build NAT on FMC. I did many times source NAT for internet access on other firewalls but not sure nat. type on. FMC. I can see client url traffic on fmc but ...
Hello, I have a new router (Sagecom fast3890, from Argentina). I use the VPN Cisco to work. But my internet company provider, change my internet modem. Since that change, i couldn't connect to Cisco VPN. I Not even have the chance to put my credentia...