cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
690
Views
0
Helpful
4
Replies
Highlighted
Participant

Apple CNA still borked with WLC and ISE?

Hi,

 

I'm looking for solutions to the problem of Apple & Cisco not playing nicely when doing web-auth, particularly with ISE involved.  I want to provide users with the 'it just works' experience like they get from their local coffee shop or hotel chain, ie, join a CWA WLAN from their iPhone and have the mini-brower auto popup so they can authenticate.

 

I know about the config network web-auth captive-bypass enable command and this gets around the wispr problem, but it still requires the User to open a browser manually which isn't good enough; I want the auth page to popup without the User having to do anything.

 

I feel like I've read everything on the subject but I am yet to find an answer - please tell me I've missed something somewhere?  Is there anything I can do with AVC / Rate-limiting / DNS ACLs / etc... to get it to work?  Is there some other WLC CLI command I don't know about?  Not having support for this most common-place feature seems mad...  please tell me I'm missing a trick somwhere!

 

Thanks.

4 REPLIES 4
VIP Advisor

Re: Apple CNA still borked with WLC and ISE?

Hello,

 Did you disable auto-login under WLAN settings on the Apple device?

Participant

Re: Apple CNA still borked with WLC and ISE?

Nope. It's a guest network so I can't touch the Apple device's config...
Hall of Fame Guru

Re: Apple CNA still borked with WLC and ISE?


@RichardAtkin wrote:

 

 

I know about the config network web-auth captive-bypass enable command and this gets around the wispr problem, but it still requires the User to open a browser manually which isn't good enough; I want the auth page to popup without the User having to do anything.

 


Even with a simple web authentication bundle hosted by the WLC can enable the T&C page automatically pop out for Apple users (on a per-session basis).  

 

Apple & Cisco developed a feature called FastLane (Apple & Cisco) but not really applicable to guest because FastLane is more focused on corporate Apple devices (plus the Apple devices require FastLane to be specially enabled).

Participant

Re: Apple CNA still borked with WLC and ISE?

so we're saying it's not possible then? This is bonkers... come on Cisco/Apple! Is there a fix in the pipeline anywhere?

 

Anybody got experience of similar scenario, but using LWA (annoying because of lack of supporting features) or CMX (additional cost)? Presumably these approaches would play nicely with Apple's CNA, right?

CreatePlease to create content