Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1269
Views
0
Helpful
4
Replies

Apple CNA still borked with WLC and ISE?

RichardAtkin
Level 3
Level 3

‎09-09-2017 05:31 AM - edited ‎07-05-2021 07:37 AM

Hi,

 

I'm looking for solutions to the problem of Apple & Cisco not playing nicely when doing web-auth, particularly with ISE involved.  I want to provide users with the 'it just works' experience like they get from their local coffee shop or hotel chain, ie, join a CWA WLAN from their iPhone and have the mini-brower auto popup so they can authenticate.

 

I know about the config network web-auth captive-bypass enable command and this gets around the wispr problem, but it still requires the User to open a browser manually which isn't good enough; I want the auth page to popup without the User having to do anything.

 

I feel like I've read everything on the subject but I am yet to find an answer - please tell me I've missed something somewhere?  Is there anything I can do with AVC / Rate-limiting / DNS ACLs / etc... to get it to work?  Is there some other WLC CLI command I don't know about?  Not having support for this most common-place feature seems mad...  please tell me I'm missing a trick somwhere!

 

Thanks.

Labels:
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎09-09-2017 07:19 AM - edited ‎09-09-2017 07:20 AM

Hello,

 Did you disable auto-login under WLAN settings on the Apple device?

0 Helpful

RichardAtkin
Level 3
Level 3
In response to Flavio Miranda

‎09-09-2017 07:24 AM

Nope. It's a guest network so I can't touch the Apple device's config...
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-09-2017 05:22 PM

@RichardAtkin wrote:

 

 

I know about the config network web-auth captive-bypass enable command and this gets around the wispr problem, but it still requires the User to open a browser manually which isn't good enough; I want the auth page to popup without the User having to do anything.

 

Even with a simple web authentication bundle hosted by the WLC can enable the T&C page automatically pop out for Apple users (on a per-session basis).  

 

Apple & Cisco developed a feature called FastLane (Apple & Cisco) but not really applicable to guest because FastLane is more focused on corporate Apple devices (plus the Apple devices require FastLane to be specially enabled).

0 Helpful

RichardAtkin
Level 3
Level 3
In response to Leo Laohoo

‎09-10-2017 05:26 AM

so we're saying it's not possible then? This is bonkers... come on Cisco/Apple! Is there a fix in the pipeline anywhere?

 

Anybody got experience of similar scenario, but using LWA (annoying because of lack of supporting features) or CMX (additional cost)? Presumably these approaches would play nicely with Apple's CNA, right?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card