User mentioned they have an older SSID using LEAP (they are scheduled to migrate away from this BTW, but not soon enough) and existing Apple client devices who upgraded to iOS 8 are having authentication issues.
According to Apple Enterprise support. The fix is as follows:- Use Apple Configurator to create a WiFi profile with LEAP enabled - Go to Make Profile - Click on WiFi Payload for IOS8 or Later except Apple TV - and click LEAP as the Authentication type - Go to the Prepare screen and find the profile you created and click the Share button. That exports the profile that can be pushed to the IOS devices or (as in my case) imported into my third party MDM software and pushed out that way. You can also email that profile to the users device.In case you are using Apple configurator, the above mentioned solution works fine for one of the user who mentioned: Apple Configurator worked for us. We created the profile then emailed it to affected users. The documentation is a little thin so it took some experimenting with settings but finally got it working.https://supportforums.cisco.com/discussion/12304946/apple-ios-8-and-leap-issue
According to the Apple Knowledge base "LEAP is disabled by default". So far we haven't been able to find where to enable it and when adding an SSID LEAP is not an option.
According to Apple, About the
Security content of iOS 8
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by disabling LEAP by default.
it sounds like you need to re-enable it after upgrading to iOS8. Depending on how you configured authentication, it may require pushing out a new profile.
This document is created from the following discussion:
Good Evening All, I am having a weird issue and maybe I am mistaken, but I am pretty sure we can run wpa2/psk plus mac filtering. I have an SSID that is configured with wpa2/psk. I want to enable mac filtering, so when I do and apply the config, the ...
Hi all, I must implement QoS on a 5520 WLC already working in local mode, I am new to QoS on WLC and I can't find much on the web. Any help for a usefull guide of how to configure QoS on WLC? I know differences between DSCP, ToS, CoS, and DSCP i...
Hi,I just upgraded firmware of WLC to 17.3.20200621 but after the upgrade, whenever i login to controller it shows password policy message.I tried configuring password policy by going to Configuration -> AAA -> AAA Advanced -> Password policymade...
hi everybody i have tested wired guest lan with one C9800 Foreign in the LAN and one C9800 Anchor in the DMZ.it works very well with this.but with this architecture "foreign/anchor", i must have 2 C9800 and use a DMZ. it's possible to use a gues...