Solved: iPads/iPhone and Open Wifi Issue

Shawn Shoemaker · ‎06-26-2012

Running Cisco wireless at a larger university and We're running into issues with ipads and iphones on our network. We run an Open guest network. No encryption. But are having difficulty getting ipads and iphones, of variying models, getting connected reliably. We get "error joining network" messages, but only for the Open networks. Also, it seems Random. 3 out of 4 times it fails and then it will connect a few times and then fail again. It makes no sense whatsoever.

Here is out network setup:

Wireless network enryption: None (Open)

WLC is a 5508 Running version 7.0.222.0

We also have 2-4400 models running 7.0.222.0

APs are 1131's (ABG) and 1142's (AGN)

We have run several tests to confirm that this seems isolated to our Cisco envirnoment and only Open networks. We have another vendors products on site (That we've been slowly replacing with Cisco) and have the same network configured there and are not having these issues. We have also tried putting a WPA2-PSK password on the network for testing purposes, and that elminates the issues, however, we need this network to be Open due to requirements on our end.

We've tested everything from iPad 1's up to iPad 3's all running the latest iOS 5.1.1 as well as iPhone4 and iPhone4S version running 5.1.1. All seem to have the issue.

I'm running out of ideas for testing and troubleshooting this issue. Any help or direction would be greatly apprecated.

Thank You.

Scott Fella · ‎06-26-2012

Ah well that explains it:)

Try to increase your idle timer to 4, 8, or 12 hours. Disable or also increase your session timeout and you might enable fast SSID on the wlc.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎06-26-2012

When you say open, do you mean broadcasting the SSID and there is no webauth?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Shawn Shoemaker · ‎06-26-2012

Open meaning encryption. Or No Layer 2 Security at all..

We are broadcasting the SSID and there is a web auth redirect using the built in web auth page for email entry.

The erros occur during connection.. If it makes a connection, like I said at random intervals, the redirect and everything works without issue.

Scott Fella · ‎06-26-2012

Ah well that explains it:)

Try to increase your idle timer to 4, 8, or 12 hours. Disable or also increase your session timeout and you might enable fast SSID on the wlc.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Shawn Shoemaker · ‎06-26-2012

Ok will try that and report back.

Scott Fella · ‎06-26-2012

I better explain this better:)

The session timeout will force a user to have to log back on the webauth. Idle timeout will allow the wlc to know of the iDevice even if it goes to sleep, or else it will timeout after 300 seconds which is default. Fast SSID change might not be needed unless you want the ability or devices to be able to switch to a different SSID or else the will have to wait for around 30 seconds.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Shawn Shoemaker · ‎06-26-2012

Thanks. Our idle timers and session timeouts were already set to 12 hours (or 43200 Seconds)

I think the Fast SSID switch might have fixed it. We will test more all day tomorrow and I'll report back.

Scott Fella · ‎06-26-2012

Make sure client load balancing is disabled also.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Shawn Shoemaker · ‎06-26-2012

Yep.. verified that one already. Found that during other searches. I usually keep that off by default anymore. Thanks.

George Stefanick · ‎06-26-2012

You know I seen this same issue first hand. I normally would "forget the network" and then it works. But it will happen again the next time.

I need to sniff this and see what the frames are saying ...

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Shawn Shoemaker · ‎06-26-2012

You know, I tried that and I didn't really see anything that led me to an answer, which is why I posted here.

I do think its interesting that all apple devices seem to automatically do an nslookup on

www.apple.com.edgekey.net as soon as they connect to any of my networks, no matter the encryption. If you exempt that address in your ACL's it bypasses the Apple Captive Network Assistant which is kind of nice.

Scott Fella · ‎06-26-2012

There is a command in 7.2 mr1 that disables that apple portal page. I will have to find that command.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Saravanan Lakshmanan · ‎06-26-2012

here you go.
WLC>config network web-auth captive-bypass

Scott Fella · ‎06-26-2012

Good job... took me a while to find it and then you beat me to it

-Scott
*** Please rate helpful posts ***

George Stefanick · ‎06-26-2012

Scott,

What happens when you disable this ? Does the browser not pop up ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________