Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
55710
Views
15
Helpful
10
Comments

Common Apple iOS and Cisco Wireless Related Issues

Jeffrey Keown
Cisco Employee
Cisco Employee

‎02-07-2014 07:10 AM - edited ‎11-18-2020 03:06 AM

Common Issues

1)    Fast SSID change

This  feature is disabled by default, and prevents clients from quickly  moving from one WLAN to another.  Most Apple iOS devices tend to move  quickly between WLANs and therefore have issues with the default ‘fast  ssid change disabled’ on Cisco WLCs.

The setting causes the  controller to deauthenticate the client from the existing WLAN once the  client attempts to associate to another.

The typical result is an ‘Unable to join the network’ message on the iOS device.

Workaround: Enable Fast SSID change

fast-ssid-change.jpg

Additional Information:

Apple iOS Clients 'Unable to join the network' -  Fast SSID Change and Apple Clients

Known Issues

CSCui95938    fast Switching SSDi and IPAD Issue

2)      WISPr Protocol: iOS Clients and Web Authentication

WISPr  is a draft protocol that enables users to roam between different  wireless service providers. Some devices, such as Apple iOS devices, use  a mechanism which can determine if the device is connected to Internet,  based on an HTTP WISPr request made to a designated URL. This mechanism  is used for the device to automatically open a web browser when a  direct connection to the Internet is not possible. This enables the user  to provide his credentials to access the Internet. The actual  authentication is done in the background every time the device connects  to a new SSID.

This HTTP request triggers a Web Authentication  interception in the controller as any other page requests are performed  by a wireless client. This interception leads to a Web Authentication  process, which will be completed normally. If the Web Authentication is  being used with any of the controller's splash page features (URL  provided by a configured RADIUS server), the splash page may never be  displayed.  This is because the WISPr requests are made at very short  intervals, and as soon as one of the queries is able to reach the  designated server, any web redirection or splash page display process  that is performed in the background is aborted.  The device then  processes the page request, thus breaking the splash page process.

You  can now configure the controller to bypass WISPr detection process, so  the Web Authentication interception is only done when a user requests a  web page leading to splash page load in user context, without the WISPr  detection being performed in the background.

Cisco Wireless LAN Controller Configuration Guide, Release 7.5 - Configuring Captive Bypassing

Known Issues

CSCuj18674    captive portal/wispr support for apple ios7

CSCui89500    CWA and BYOD flow on Apple iOS 7 is broken with Auto-login enabled

Additional Information:

Important Captive portal bypass changes needed for iOS 7


3) Fast Secure Roaming

Content pending.

4) Unicast ARP

Content pending.

CSCug64750    ARP request unicast is dropped on anchor scenario

5) iOS Process Backgrounding

On  any iOS device that has an activated cellular/4g interface, Cisco  Jabber (VoIP) App + AnyConnect (SSL VPN) App works as expected. However,  on iOS device that only has a single network interface (iPod Touch,  iPad WIFI Only, iPad with 4g capability but has never been activated  with SIM card), with AnyConnect connected, Jabber in background mode,  and let device rest, after about either 2 min 55 sec or 9 min 55 sec,  the TCP connection between Jabber client and Jabber server is terminated  by the iOS. We think that because traffic between Jabber client and  Jabber server is encapsulated by AnyConnect, iOS is not recognizing the  socket as a VoIP socket.

CSCul07315 iPad+VPN: Can't receive call when put app in background 15 minutes

6) iOS devices do not support Checkpoint Firewall clusters using IPV4 Mulicast MAC addresses

When  the default gateway for iOS devices is a Checkpoint Firewall cluster  (usually in Anchored use-case), the MAC address of the DG will be a  multicast MAC address.  This is not understood properly by the iOS  devices, and the radio driver in iOS will drop all SYN-ACKs.  This  manifests to client as an inability to get to the Webauth login page.   No known workaround.

Known Bugs

  CSCue71856    AP not send traffic indication to client in power saving mode in time - Resolved in 7.4.110.0 and 7.5.102.0

  CSCug27515    Incorrect Block ACK segment calculation for winstart/winend

  CSCub14854    Phone drops from wifi to 3G if standby awhile causing app to miss calls

  CSCul41076    Apple devices cannot associate with country code Indonesia on 11a

  CSCub82468    WLC should not allow disable of MCS rates on 800ns guard interval - Resolved in 7.4.110.0

  CSCug32118    Apple iPad freeze up every 30 sec Resolved in 7.4.110.0, 7.5.102.0, and 7.6.100.0

Resolved in iOS 7

   CSCud67358    Degraded Wi-Fi throughput w/ Apple iOS6 clients w/ 11n/CAC during BA neg - Resolved in iOS 7

   CSCud88177    Apple iOS clients report two associated wlans with bssid mac overlap - Resolved in iOS 7

Comments
JacquesGonsoulin
Community Member
‎02-24-2015 11:52 AM

Thank you so much for this. The "Fast SSID change" option was our problem with having several WLANs and SSIDs at the same location. After fighting the issue for quite some time you finally solved our problem. Thanks!

Jeffrey Keown
Cisco Employee
Cisco Employee
‎02-25-2015 10:30 AM

Hi Jacques,

You’re very welcome.  Kind of a tricky issue ;)

Thanks,

Jeff

Vinay Sharma
Level 7
Level 7
‎04-07-2015 05:09 AM

Thank you Jeffrey for sharing common issues and workarounds with CSC user. 

 

Regards,

Vinay Sharma,

Community Manager,

CCIE#44972

collin.wicker
Community Member
‎12-04-2015 09:14 AM

I was having issues connecting iOS devices to a guest network on a cisco 4404 WLC controlled network and this method fixed the problem immediately. Thanks for sharing. 

Jeffrey Keown
Cisco Employee
Cisco Employee
‎12-04-2015 09:20 AM

Hi Collin, you bet.  Glad to hear this saved some grief ;)

kderby-bullhorn
Community Member
‎12-28-2015 12:50 PM

Great post, Jeffrey.

The fast SSID switching was the resolution to my issue; once disabled, I received the certificate trust prompt on the mobile device, and after accepting was then able to connect the device.

Bravo.

randrewright
Level 1
Level 1
‎09-20-2016 11:47 AM

Thank you very much. This solved my problem with Apple iPhone and iPad devices not connecting to our controller.

rajanengineer115
Level 1
Level 1
‎12-07-2016 01:00 PM

Jeff, 

we are using cisco 3850-x switch as a controller and i have 'enable FAST SSID'' on my WLC.. but while Apple users connected on AP they feel slow speed and some times not able to connect. but beside i have windows platform system they are all good!! even FAST SSID working fine but for us Apple users are not good !! 

please share your opinion on it. 

Rajan 

onikaycee
Level 1
Level 1
‎03-08-2018 10:08 AM

WhatsApp Image 2018-03-08 at 17.04.18 - Copy.jpegplease i have this error from my Ipad and i have tried all TSHOOT i could....i have trusted the certificate and also i have rebooted the ipad and even reset the network setting but still it comes back as this

rafafilho11
Level 1
Level 1
‎03-13-2018 05:57 AM

Good practse are in place on my network but I'm facing the issue with new apple IOS version 11.2.6 disconection.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents