03-25-2020 09:23 AM - edited 07-05-2021 11:53 AM
It´s a new Deployment with 9800-CL and ISE 2.6 with 3 Guest Portals.
If Windows and Android connect to a open SSID they will get a Push Notification to Login, but certain Apple Device won´t get a Push Notification and it´s not working.
I captured the traffic from WLC to Apple Device an i see:
So it is able to communicate to captive.apple.com
I followed that Guide https://community.cisco.com/t5/security-documents/ise-and-catalyst-9800-series-integration-guide/ta-p/3753060
My Redirect ACL:
ip access-list extended Redirect
1 deny udp any any range bootps bootpc log
2 deny udp any range bootps bootpc any log
10 deny udp any any eq domain
20 deny udp any eq domain any
30 deny tcp any host 10.2.0.1 range 8443 8447 log
40 deny ip host 10.2.0.1 any log
50 permit ip any any
Is my ACL not correct ?
03-25-2020 10:53 AM
Hi,
Not sure about your overall setup, but take a look at this guide to ensure the proper configs have been done.
Regards,
Cristian Matei.
03-26-2020 12:20 AM
03-26-2020 03:34 AM - edited 03-26-2020 03:34 AM
Hi,
That link was more to inform you on possible issues with Apple Captive Network Assistant. Now, can you try and change the REDIRECT ACL as follows:
ip access-list extended Redirect
10 deny udp any eq bootpc any eq bootps
20 deny udp any eq bootps any eq bootpc
30 deny udp any any eq domain
40 deny udp any eq domain any
50 deny tcp any host 10.2.0.1 range 8443 8447
60 deny tcp host 10.2.01 range 8443 8447 any
70 permit tcp any any eq 80
80 permit tcp any any eq 443
Regards,
Cristian Matei.
03-26-2020 09:16 AM
03-26-2020 07:08 AM
Under webauth parameter, can you confirm if captive bypass portal is checked or unchecked ?
03-26-2020 09:15 AM
It´s definitely unchecked in global map and not mapped in wlan policy.
03-26-2020 06:30 PM
one more check.
The Apple psuedo-browser will not open if you configure only the ip http secure-server command. You should also configure the ip http server command. So make sure both are configured.
03-27-2020 03:53 AM
06-09-2020 07:37 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide