Solved: Apple Device iOS 11 connectivity problem.

MM15 · ‎10-05-2017

iPad , iPhone with iOS 11 cannot associate to AP.

when i use my ipad and iphone connect to new SSID with authentication OPEN, my devices are disassociate but i use iphone with iOS 10 can connect to SSID normally.

anyone here got this problem with iOS 11 ?

MM15 · ‎05-30-2018

Hi all,

This is my post and my issue is caused by Apple iOS devices. I will summary my issue.

In First post mention this issue

when i use my ipad and iphone connect to new SSID with authen. OPEN,
my devices are disassociated but i use iphone with iOS 10 can connect to SSID normally.

First Test

From my test when i use iOS get dhcp it was disconnected but if i static ip,
it can connect.

Next Test

if I use dhcp server from Switch or Router,
it will connect but use dhcp server from windows server,
it got IP and will be disconnected within 2-3 seconds.

what happens about iOS 11 with DHCP server using window server ??

Next Test

I found when iOS11 connect to WiFI, it tried to sent URL: http://captive.apple.com to the internet. If we have to use Proxy Authen. or Web Authen. for authentication before using the Internet then the connection will be dropped.

My Workaround and Test to fix this issue.

1. Bypass captive.apple.com on Proxy or Web authen. to the internet. (It works)

2. Create captive.apple.com on internal DNS server, When the client resolves captive.apple.com will get the ip of the internal DNS server to prevent the traffic of captive.apple.com sending out proxy or web authen to the internet. (It works)

captive.apple.com.png

3. Static FAKE DNS IP address on iOS Devices to get connection first, (for prevent iOS try to resolve, if iOS can resolve, WiFi will be disconnected) when iOS devices can connect to WiFi then adjust it to auto. but it must be done every time the wifi connection. This method is suitable for use over public wifi. (It works)

static dns.jpg auto dns.jpg

This is my issue that i got and now this issue has been fixed by upgrade iOS by apple.

Other people in this post may got different problems, different workaround and different solution.

Thanks All

View solution in original post

Scott Fella · ‎10-05-2017

I have an iPhone 7 Plus with iOS 11 and no issues.

-Scott
*** Please rate helpful posts ***

MM15 · ‎10-05-2017

I got this issue with WLC version 8.2.151.0

Sandeep Choudhary · ‎10-05-2017

I am using iphon6 with IOS 11.0.1 and its working normally.

are you using WLC or is it a standalone AP?

If using wlc then paste the output of the command: sh wlan <id>

or standalone AP: then paste the complete config here..

Regards

Dont forget to rate helpful posts

MM15 · ‎10-05-2017

I use WLC software version 8.2.151.0 and AP 2700.

I think to upgrade software for testing again. not sure for bug

Sandeep Choudhary · ‎10-05-2017

paste the output of the command from WLC CLI: sh wlan <id>

MM15 · ‎10-05-2017

XXXXX5508WLC01) >show wlan 10

WLAN Identifier.................................. 10
Profile Name..................................... test_apple_device
Network Name (SSID).............................. test_apple_device
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200

--More-- or (q)uit
ATF Policy....................................... 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 720 minutes
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... none
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Tunnel Profile................................... Unconfigured
PMIPv6 Mobility Type............................. none

--More-- or (q)uit
PMIPv6 MAG Profile........................... Unconfigured
PMIPv6 Default Realm......................... Unconfigured
PMIPv6 NAI Type.............................. Hexadecimal
PMIPv6 MAG location.......................... WLC
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled

--More-- or (q)uit
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... 802.1P (Tag=0)
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Enabled
Interim Update Interval.................... 0
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Radius NAI-Realm................................. Disabled
Mu-Mimo.......................................... Enabled
Security

802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled

--More-- or (q)uit
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web Authentication Timeout.................... 300
Web-Passthrough............................... Disabled
Mac-auth-server............................... 0.0.0.0
Web-portal-server............................. 0.0.0.0
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
FlexConnect Central Association............... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled

--More-- or (q)uit
Client MFP.................................... Optional but inactive (WPA2 not configured)
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Not Applicable
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel Configuration
Split Tunnel................................. Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
802.11v Directed Multicast Service............... Disabled
802.11v BSS Max Idle Service..................... Enabled
802.11v BSS Transition Service................... Disabled
802.11v BSS Transition Disassoc Imminent......... Disabled

--More-- or (q)uit
802.11v BSS Transition Disassoc Timer............ 200
802.11v BSS Transition OpRoam Disassoc Timer..... 40
DMS DB is empty
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Universal Ap Admin............................... Disabled

Mobility Anchor List
WLAN ID IP Address Status Priority
------- --------------- ------ --------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Local Policy
----------------
Priority Policy Name
-------- ---------------

Lync State ...................................... Disabled
Audio QoS Policy................................. Silver

--More-- or (q)uit
Video QoS Policy................................. Silver
App-Share QoS Policy............................. Silver
File Transfer QoS Policy......................... Silver

MM15 · ‎10-06-2017

Yesterday i got same problem in others site

anyone here got same issue ?

Scott Fella · ‎10-08-2017

The wlan you posted is an open auth SSID. So the only thing I see off is that you have the authentication and accounting servers checked. Disable that and that also should grey out interim update.

We have v8.2.130.0 and I’m running v8.5 at home with no issue on iOS11. Move to a different code and test.

You should also run a diff from your previous config to the one after the upgrade to see what changed. Sometimes defaults change which can cause some issue.

-Scott
*** Please rate helpful posts ***

MM15 · ‎10-08-2017

I disabled already still got same problem.

The system isn’t upgraded the software and does not change any configure on WLC. After iOS 11 come on, user who use iOS11 cannot connect to wireless (same ssid , same configure, same software , everything same)

WLAN as my post above i create new WLAN for testing, just authentication OPEN it cannot connect.

if I available I will show you to capture and record the video. Now i will trying to open TAC

Scott Fella · ‎10-08-2017

Open a TAC case is your best method. Every new code train adds some configuration lines which might not be ideal. TAC will probably tell you to move to another code unless they see a configuration item that needs to change.

-Scott
*** Please rate helpful posts ***

amirhosseintalebzade1 · ‎10-08-2017

I have this problem too, after iphone users upgrade to ios 11 they can1t connect to WLAN. but iphone with ios 10 can use Wireless network.

MM15 · ‎10-08-2017

What’s your WLC software version ?

CFayNTAdmin83 · ‎10-10-2017

I am running 8.0.140.15 and having the same issue. Tried IOS 11.0.2 as well but same problem.

MM15 · ‎10-10-2017

Do you use DHCP server ? window server ?

From my test when i use iOS get dhcp it’s disconnect but if i fix static ip it’s can connect.

let you try to test this.