09-09-2017 05:31 AM - edited 07-05-2021 07:37 AM
Hi,
I'm looking for solutions to the problem of Apple & Cisco not playing nicely when doing web-auth, particularly with ISE involved. I want to provide users with the 'it just works' experience like they get from their local coffee shop or hotel chain, ie, join a CWA WLAN from their iPhone and have the mini-brower auto popup so they can authenticate.
I know about the config network web-auth captive-bypass enable command and this gets around the wispr problem, but it still requires the User to open a browser manually which isn't good enough; I want the auth page to popup without the User having to do anything.
I feel like I've read everything on the subject but I am yet to find an answer - please tell me I've missed something somewhere? Is there anything I can do with AVC / Rate-limiting / DNS ACLs / etc... to get it to work? Is there some other WLC CLI command I don't know about? Not having support for this most common-place feature seems mad... please tell me I'm missing a trick somwhere!
Thanks.
09-09-2017 07:19 AM - edited 09-09-2017 07:20 AM
Hello,
Did you disable auto-login under WLAN settings on the Apple device?
09-09-2017 07:24 AM
09-09-2017 05:22 PM
@RichardAtkin wrote:
I know about the config network web-auth captive-bypass enable command and this gets around the wispr problem, but it still requires the User to open a browser manually which isn't good enough; I want the auth page to popup without the User having to do anything.
Even with a simple web authentication bundle hosted by the WLC can enable the T&C page automatically pop out for Apple users (on a per-session basis).
Apple & Cisco developed a feature called FastLane (Apple & Cisco) but not really applicable to guest because FastLane is more focused on corporate Apple devices (plus the Apple devices require FastLane to be specially enabled).
09-10-2017 05:26 AM
so we're saying it's not possible then? This is bonkers... come on Cisco/Apple! Is there a fix in the pipeline anywhere?
Anybody got experience of similar scenario, but using LWA (annoying because of lack of supporting features) or CMX (additional cost)? Presumably these approaches would play nicely with Apple's CNA, right?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide