User mentioned they have an older SSID using LEAP (they are scheduled to migrate away from this BTW, but not soon enough) and existing Apple client devices who upgraded to iOS 8 are having authentication issues.
According to Apple Enterprise support. The fix is as follows:- Use Apple Configurator to create a WiFi profile with LEAP enabled - Go to Make Profile - Click on WiFi Payload for IOS8 or Later except Apple TV - and click LEAP as the Authentication type - Go to the Prepare screen and find the profile you created and click the Share button. That exports the profile that can be pushed to the IOS devices or (as in my case) imported into my third party MDM software and pushed out that way. You can also email that profile to the users device.In case you are using Apple configurator, the above mentioned solution works fine for one of the user who mentioned: Apple Configurator worked for us. We created the profile then emailed it to affected users. The documentation is a little thin so it took some experimenting with settings but finally got it working.https://supportforums.cisco.com/discussion/12304946/apple-ios-8-and-leap-issue
According to the Apple Knowledge base "LEAP is disabled by default". So far we haven't been able to find where to enable it and when adding an SSID LEAP is not an option.
According to Apple, About the
Security content of iOS 8
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by disabling LEAP by default.
it sounds like you need to re-enable it after upgrading to iOS8. Depending on how you configured authentication, it may require pushing out a new profile.
This document is created from the following discussion:
I am trying to setup evaluation licenses on a Catalyst 9800-CL appliance. I was told all you have to do was registered it under your Cisco smart account, and it will automatically activate the evaluation licenses for the appliance under your account. I re...
I borrowed a 'Cisco SG300-10 10 port gigabit managed switch' from work to practice things i'm learning from my CCNA course. I have tried a serial to ethernet cable for console connection, and a regular ethernet cable from one of the ports. I have tri...
Hello All, I have a question regarding a Cisco Aironet Wifi infra with co-existence of another Wi-Fi infra. (different brand e.g. Aurba or Meraki) Cisco Aironet Wi-Fi infra will have one SSID, while another Wi-Fi infra running another SSID. ...
Hello, I want to migrate WLC to Mobility Express. My WLC is in version 188.8.131.52 and the same the CAPWAP AP'sI have one AP 3800 with Mobility Express 8.5.140, it's configured as the Mobility Express Primary controllerI disconnect the CAPWAP AP's from...