cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6046
Views
10
Helpful
12
Replies
s.kanth
Beginner

IPhone ver 6 unable to connect Guest connect

Hi All,

Guestconnect SSID configured on 5508 WLC with Pass through athentication (NAC guest server).

No issue with Laptops and Iphone/Ipad ver 4and 5.

Only Iphone Ver 6 users unable to access Guest connect .

does anyone have same kind of issue ?

Thanks in Adv - Sri

1 ACCEPTED SOLUTION

Accepted Solutions
Marco Gonzalez
Beginner

Hello Sri,

The "captive" command mentioned by George is

configure network web-auth captive-bypass enable
What this is going to do is to allow Apple devices to contact some apple servers that apple devices required in order to work fine on iOS 6. This is an Apple behavior only (so far) and Cisco invented this command as a workaround for this behavior.
This is actually documented on the following bug as an enhancement request:
CSCtq14771
You can see the details here:

http://tools.cisco.com/squish/1D26e

You can see a further information about this on the following document:

http://tools.cisco.com/squish/c601f

It is a very long document. Just look for the "BYOD Guest Wireless Access" section, then "Authenticatoin and Authorization" and then "Additional Consideratinos"http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html#wp505667

So, in few words, the command will allow the wireless clients to have access to other resourceon on the Web other than just DHCP and DNS in order ot be able to comunicate to the Apple servers (it is like a filter) so it is not going to affect the current configuratoin and the SSIDs that you have already should not be affected.

I hope this helps

View solution in original post

12 REPLIES 12

I suspect you mean iOS 6 .. I have no issues on my network.

How is your SSID configured?

Have you ran a client debug, if not do so and post the results.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

HI George,

Yes, only problem with Iphone Ver 6.

We have faroun and Anchor WLC ,created mobility tunnel between both WLCs and authentication is pass through.

1. user connects to GC SSID.

2. he opnes IE and type any website (ex cisco.com)

3. then it redirects to Splash page ,which is loaded into NGS .

Iphone6 users getting stuck at Splash page.

we see the iPhone phone getting an IP address, the user launched a web browser, entered the credentials and was not redirected – the process appears to hang after entering the credentials.  This is when the client is set to use the GuestConnect ssid.

Have you tried  captive bypass?

config network web-auth captive-bypass enable

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

What is "Captive " ,please elaborate on this.(If you dont mind )

That command may not help at all, but what it des it negates the apple redirect. Since you are getting the splash page it sounds like the redirect is working. But I recently worked with a customer who had similar issues like you and this fixed his issue.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George,

would you want me to try with this command ?

shoule be applied on Anchor or Faroun WLC ?

will it impact any other traffic (because we have many SSID configured on WLC)

Thanks

Sri

Logs are attached...

login as: devik

!!!!!!!!!!!!!!!!!!!!!!!!WARNING READ BEFORE PROCEEDING !!!!!!!!!!!!!!!!!!!!!!!!!Individuals using this system without authority or in excess of their authority are subject to having their activities on this system monitored, recorded and appropriately disclosed. Activities of any user of this system may be monitored. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity or abuse of corporate resources, the results of such monitoring may be provided to law enforcement officials and management and will be subject to disciplinary action up to and including termination .Unauthorized or improper use of this system may result in civil and criminal penalties.  By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning
!!!!!!!!!!!!!!!!!!!!Logging on acknowledges Agreement !!!!!!!!!!!!!!!!!!!!!

(Cisco Controller)

(Cisco Controller) >debug client 68:96:7B:B2:21:3D


(Cisco Controller) >*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d Applying post-handoff policy for station 68:96:7b:b2:21:3d - valid mask 0x0

*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d     QOS Level: -1, DSCP: -1, dot1p: -1,
    Data Avg: -1, realtime Avg: -1, Data Burst -1, Realtime Burst -1

*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d     Session: -1, User session: -1, User elapsed -1
    Interface: N/A, IPv4 ACL: N/A, IPv6 ACL: N/A.

*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d Applying Interface policy on Mobile, role Export Anchor. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 36

*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d Re-applying interface policy for client

*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1839)
*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2006)
*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d Inserting AAA Override struct for mobile
        MAC: 68:96:7b:b2:21:3d, source 16

*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d Resetting web IPv4 acl from 0 to 0

*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d Resetting web IPv4 Flex acl from 65535 to 65535

*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) State Update from Mobility-Complete to Mobility-Incomplete
*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d Stopping deletion of Mobile Station: (callerId: 53)
*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=ExpAnchor, client state=APF_MS_STATE_ASSOCIATED
*mmListen: Nov 13 10:40:43.305: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) pemAdvanceState2 5506, Adding TMP rule
*mmListen: Nov 13 10:40:43.306: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Replacing Fast Path rule
  type = Airespace AP Client - ACL passthru
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4
*mmListen: Nov 13 10:40:43.306: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*mmListen: Nov 13 10:40:43.306: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 0, IPv6 ACL ID 255)
*pemReceiveTask: Nov 13 10:40:43.306: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:40:43.306: 68:96:7b:b2:21:3d 192.168.232.119 Added NPU entry of type 2, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:40:43.306: 68:96:7b:b2:21:3d Pushing IPv6: fe80:0000:0000:0000: 6a96:7bff:feb2:213d , and MAC: 68:96:7B:B2:21:3D , Binding to Data Plane. SUCCESS !!
*pemReceiveTask: Nov 13 10:40:43.307: 68:96:7b:b2:21:3d Sent an XID frame
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec05)
*DHCP Socket Task: May 03 23:39:24.363: 68:96:7b:b2:21:3d DHCP selecting relay 1 - control block settings:
                        dhcpServer: 10.52.237.156, dhcpNetmask: 255.255.252.0,
                        dhcpGateway: 192.168.235.254, dhcpRelay: 192.168.235.252
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP selected relay 1 - 10.52.237.156 (local address 192.168.235.252, gateway 192.168.235.254, VLAN 36, port 2)
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP   xid: 0x3c2102c5 (1008796357), secs: 1, flags: 0
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP   chaddr: 68:96:7b:b2:21:3d
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP   siaddr: 0.0.0.0,  giaddr: 192.168.235.252
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP   requested ip: 192.168.232.119
*DHCP Socket Task: May 03 23:39:24.363: 68:96:7b:b2:21:3d DHCP selecting relay 2 - control block settings:
                        dhcpServer: 10.52.237.156, dhcpNetmask: 255.255.252.0,
                        dhcpGateway: 192.168.235.254, dhcpRelay: 192.168.235.252
*DHCP Socket Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP selected relay 2 - NONE
*DHCP Proxy Task: Nov 13 10:40:44.363: 68:96:7b:b2:21:3d DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Nov 13 10:40:44.364: 68:96:7b:b2:21:3d DHCP sending packet in EoIP tunnel to foreign 10.52.232.55 (len 346)
*DHCP Proxy Task: Nov 13 10:40:44.364: 68:96:7b:b2:21:3d DHCP transmitting DHCP ACK (5)
*DHCP Proxy Task: Nov 13 10:40:44.364: 68:96:7b:b2:21:3d DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Nov 13 10:40:44.364: 68:96:7b:b2:21:3d DHCP   xid: 0x3c2102c5 (1008796357), secs: 0, flags: 0
*DHCP Proxy Task: Nov 13 10:40:44.364: 68:96:7b:b2:21:3d DHCP   chaddr: 68:96:7b:b2:21:3d
*DHCP Proxy Task: Nov 13 10:40:44.364: 68:96:7b:b2:21:3d DHCP   ciaddr: 0.0.0.0,  yiaddr: 192.168.232.119
*DHCP Proxy Task: Nov 13 10:40:44.364: 68:96:7b:b2:21:3d DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
*DHCP Proxy Task: Nov 13 10:40:44.364: 68:96:7b:b2:21:3d DHCP   server id: 1.1.1.1  rcvd server id: 10.52.237.156

*apfReceiveTask: Nov 13 10:42:22.506: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Web-Auth Policy timeout
*apfReceiveTask: Nov 13 10:42:22.506: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) PEM timed out. Delete client immediately.
*apfReceiveTask: Nov 13 10:42:22.506: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Pem timed out, Try to delete client in 10 secs.
*apfReceiveTask: Nov 13 10:42:22.506: 68:96:7b:b2:21:3d Scheduling deletion of Mobile Station:  (callerId: 12) in 10 seconds
*osapiBsnTimer: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d apfMsExpireCallback (apf_ms.c:597) Expiring Mobile!
*apfReceiveTask: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Deleted mobile LWAPP rule on AP [00:00:00:00:00:00]
*apfReceiveTask: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) pemAdvanceState2 5327, Adding TMP rule
*apfReceiveTask: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Adding Fast Path rule
  type = Airespace AP Client - ACL passthru
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4 ACL
*apfReceiveTask: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*apfReceiveTask: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 0, IPv6 ACL ID 255)
*apfReceiveTask: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Change state to DHCP_REQD (7) last state WEBAUTH_REQD (8)

*apfReceiveTask: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d 192.168.232.119 DHCP_REQD (7) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*apfReceiveTask: Nov 13 10:42:32.506: 68:96:7b:b2:21:3d 192.168.232.119 DHCP_REQD (7) Replacing Fast Path rule
  type = Airespace AP - Learn IP address
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4 ACL ID
*apfReceiveTask: Nov 13 10:42:32.507: 68:96:7b:b2:21:3d 192.168.232.119 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*apfReceiveTask: Nov 13 10:42:32.507: 68:96:7b:b2:21:3d 192.168.232.119 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*apfReceiveTask: Nov 13 10:42:32.507: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Reached ERROR: from line 6200
*apfReceiveTask: Nov 13 10:42:32.507: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*apfReceiveTask: Nov 13 10:42:32.507: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
  type = Airespace AP - Learn IP address
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4 ACL ID = 255,
*apfReceiveTask: Nov 13 10:42:32.507: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*apfReceiveTask: Nov 13 10:42:32.507: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*apfReceiveTask: Nov 13 10:42:32.507: 68:96:7b:b2:21:3d apfMsAssoStateDec
*apfReceiveTask: Nov 13 10:42:32.507: 68:96:7b:b2:21:3d Deleting mobile on AP 00:00:00:00:00:00(0)
*pemReceiveTask: Nov 13 10:42:32.509: 68:96:7b:b2:21:3d 192.168.232.119 Removed NPU entry.
*pemReceiveTask: Nov 13 10:42:32.509: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:42:32.510: 68:96:7b:b2:21:3d 192.168.232.119 Added NPU entry of type 2, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:42:32.510: 68:96:7b:b2:21:3d Pushing IPv6: fe80:0000:0000:0000: 6a96:7bff:feb2:213d , and MAC: 68:96:7B:B2:21:3D , Binding to Data Plane. SUCCESS !!
*pemReceiveTask: Nov 13 10:42:32.510: 68:96:7b:b2:21:3d Sent an XID frame
*pemReceiveTask: Nov 13 10:42:32.510: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:42:32.510: 68:96:7b:b2:21:3d 192.168.232.119 Added NPU entry of type 9, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:42:32.510: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:42:32.510: 68:96:7b:b2:21:3d 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:42:32.511: 68:96:7b:b2:21:3d 0.0.0.0 Removed NPU entry.
*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d Adding mobile on Remote AP 00:00:00:00:00:00(0)
*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d Re-applying interface policy for client

*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1839)
*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2006)
*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 36

*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d Re-applying interface policy for client

*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1839)
*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2006)
*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d 0.0.0.0 START (0) Initializing policy
*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)

*mmListen: Nov 13 10:42:46.114: 68:96:7b:b2:21:3d 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state AUTHCHECK (2)

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d Applying post-handoff policy for station 68:96:7b:b2:21:3d - valid mask 0x0

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d     QOS Level: -1, DSCP: -1, dot1p: -1,
    Data Avg: -1, realtime Avg: -1, Data Burst -1, Realtime Burst -1

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d     Session: -1, User session: -1, User elapsed -1
    Interface: N/A, IPv4 ACL: N/A, IPv6 ACL: N/A.

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d Applying Interface policy on Mobile, role Export Anchor. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 36

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d Re-applying interface policy for client

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1839)
*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2006)
*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d Inserting AAA Override struct for mobile
        MAC: 68:96:7b:b2:21:3d, source 16

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d Resetting web IPv4 acl from 0 to 0

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d Resetting web IPv4 Flex acl from 65535 to 65535

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d Stopping deletion of Mobile Station: (callerId: 53)
*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=ExpAnchor, client state=APF_MS_STATE_ASSOCIATED
*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5464, Adding TMP rule
*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
  type = Airespace AP - Learn IP address
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4 ACL ID = 255, IPv
*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*mmListen: Nov 13 10:42:46.115: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d Sent an XID frame
*IPv6_Msg_Task: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d Pushing IPv6: fe80:0000:0000:0000: 6a96:7bff:feb2:213d , and MAC: 68:96:7B:B2:21:3D , Binding to Data Plane. SUCCESS !!
*IPv6_Msg_Task: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d Calling mmSendIpv6AddrUpdate for addition of IPv6: fe80:0000:0000:0000: 6a96:7bff:feb2:213d , for MAC: 68:96:7B:B2:21:3D
*IPv6_Msg_Task: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d Calling pemAdvanceState from ipv6 addr learn, with pem session state 7
*IPv6_Msg_Task: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Change state to WEBAUTH_REQD (8) last state DHCP_REQD (7)

*IPv6_Msg_Task: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d 0.0.0.0 WEBAUTH_REQD (8) pemAdvanceState2 6294, Adding TMP rule
*IPv6_Msg_Task: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d 0.0.0.0 WEBAUTH_REQD (8) Replacing Fast Path rule
  type = Airespace AP Client - ACL passthru
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4 ACL ID =
*IPv6_Msg_Task: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d 0.0.0.0 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*IPv6_Msg_Task: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d 0.0.0.0 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 0, IPv6 ACL ID 255)
*IPv6_Msg_Task: Nov 13 10:42:46.116: 68:96:7b:b2:21:3d Plumbing web-auth redirect rule due to user logout
*pemReceiveTask: Nov 13 10:42:46.117: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:42:46.117: 68:96:7b:b2:21:3d 0.0.0.0 Added NPU entry of type 2, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:42:46.117: 68:96:7b:b2:21:3d Pushing IPv6: fe80:0000:0000:0000: 6a96:7bff:feb2:213d , and MAC: 68:96:7B:B2:21:3D , Binding to Data Plane. SUCCESS !!
*pemReceiveTask: Nov 13 10:42:46.117: 68:96:7b:b2:21:3d Sent an XID frame
*IPv6_Msg_Task: Nov 13 10:42:46.291: 68:96:7b:b2:21:3d Calling pemAdvanceState from ipv6 addr learn, with pem session state 8
*IPv6_Msg_Task: Nov 13 10:42:46.291: 68:96:7b:b2:21:3d 0.0.0.0 WEBAUTH_REQD (8) DHCP Address Re-established
*IPv6_Msg_Task: Nov 13 10:42:46.291: 68:96:7b:b2:21:3d 0.0.0.0 WEBAUTH_REQD (8) Reached PLUMBFASTPATH: from line 5963
*IPv6_Msg_Task: Nov 13 10:42:46.291: 68:96:7b:b2:21:3d 0.0.0.0 WEBAUTH_REQD (8) Replacing Fast Path rule
  type = Airespace AP Client - ACL passthru
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4 ACL ID =
*IPv6_Msg_Task: Nov 13 10:42:46.291: 68:96:7b:b2:21:3d 0.0.0.0 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*IPv6_Msg_Task: Nov 13 10:42:46.291: 68:96:7b:b2:21:3d 0.0.0.0 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 0, IPv6 ACL ID 255)
*pemReceiveTask: Nov 13 10:42:46.292: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:42:46.292: 68:96:7b:b2:21:3d 0.0.0.0 Added NPU entry of type 2, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:42:46.292: 68:96:7b:b2:21:3d Pushing IPv6: fe80:0000:0000:0000: 6a96:7bff:feb2:213d , and MAC: 68:96:7B:B2:21:3D , Binding to Data Plane. SUCCESS !!
*pemReceiveTask: Nov 13 10:42:46.292: 68:96:7b:b2:21:3d Sent an XID frame
*DHCP Socket Task: Nov 13 10:42:47.567: 68:96:7b:b2:21:3d DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec05)
*DHCP Socket Task: Nov 13 10:42:47.567: 68:96:7b:b2:21:3d DHCP selecting relay 1 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0  VLAN: 0
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP selected relay 1 - 10.52.237.156 (local address 192.168.235.252, gateway 192.168.235.254, VLAN 36, port 2)
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP   xid: 0x3c2102c6 (1008796358), secs: 4, flags: 0
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP   chaddr: 68:96:7b:b2:21:3d
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP   siaddr: 0.0.0.0,  giaddr: 192.168.235.252
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP   requested ip: 192.168.232.119
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP selecting relay 2 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.235.252  VLAN: 36
*DHCP Socket Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP selected relay 2 - NONE
*DHCP Proxy Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d DHCP setting server from ACK (server 10.52.237.156, yiaddr 192.168.232.119)
*DHCP Proxy Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) DHCP Address Re-established
*DHCP Proxy Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Reached PLUMBFASTPATH: from line 5963
*DHCP Proxy Task: Nov 13 10:42:47.568: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Replacing Fast Path rule
  type = Airespace AP Client - ACL passthru
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 0, IPv6 ACL ID 255)
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d Assigning Address 192.168.232.119 to mobile
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP success event for client. Clearing dhcp failure count for interface guestconnect.
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP success event for client. Clearing dhcp failure count for interface guestconnect.
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP sending packet in EoIP tunnel to foreign 10.52.232.55 (len 346)
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP transmitting DHCP ACK (5)
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP   xid: 0x3c2102c6 (1008796358), secs: 0, flags: 0
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP   chaddr: 68:96:7b:b2:21:3d
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP   ciaddr: 0.0.0.0,  yiaddr: 192.168.232.119
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
*DHCP Proxy Task: Nov 13 10:42:47.569: 68:96:7b:b2:21:3d DHCP   server id: 1.1.1.1  rcvd server id: 10.52.237.156
*pemReceiveTask: Nov 13 10:42:47.570: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:42:47.570: 68:96:7b:b2:21:3d 192.168.232.119 Added NPU entry of type 2, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:42:47.570: 68:96:7b:b2:21:3d Pushing IPv6: fe80:0000:0000:0000: 6a96:7bff:feb2:213d , and MAC: 68:96:7B:B2:21:3D , Binding to Data Plane. SUCCESS !!
*pemReceiveTask: Nov 13 10:42:47.570: 68:96:7b:b2:21:3d Sent an XID frame
*apfReceiveTask: Nov 13 10:47:46.106: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Web-Auth Policy timeout
*apfReceiveTask: Nov 13 10:47:46.106: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) PEM timed out. Delete client immediately.
*apfReceiveTask: Nov 13 10:47:46.106: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Pem timed out, Try to delete client in 10 secs.
*apfReceiveTask: Nov 13 10:47:46.106: 68:96:7b:b2:21:3d Scheduling deletion of Mobile Station:  (callerId: 12) in 10 seconds
*IPv6_Msg_Task: Nov 13 10:47:52.306: 68:96:7b:b2:21:3d Calling pemAdvanceState from ipv6 addr learn, with pem session state 8
*IPv6_Msg_Task: Nov 13 10:47:52.306: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) DHCP Address Re-established
*IPv6_Msg_Task: Nov 13 10:47:52.306: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Reached PLUMBFASTPATH: from line 5963
*IPv6_Msg_Task: Nov 13 10:47:52.306: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Replacing Fast Path rule
  type = Airespace AP Client - ACL passthru
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4
*IPv6_Msg_Task: Nov 13 10:47:52.306: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*IPv6_Msg_Task: Nov 13 10:47:52.306: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 0, IPv6 ACL ID 255)
*pemReceiveTask: Nov 13 10:47:52.307: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:47:52.307: 68:96:7b:b2:21:3d 192.168.232.119 Added NPU entry of type 2, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:47:52.307: 68:96:7b:b2:21:3d Pushing IPv6: fe80:0000:0000:0000: 6a96:7bff:feb2:213d , and MAC: 68:96:7B:B2:21:3D , Binding to Data Plane. SUCCESS !!
*pemReceiveTask: Nov 13 10:47:52.308: 68:96:7b:b2:21:3d Sent an XID frame
*osapiBsnTimer: Nov 13 10:47:56.106: 68:96:7b:b2:21:3d apfMsExpireCallback (apf_ms.c:597) Expiring Mobile!
*apfReceiveTask: Nov 13 10:47:56.106: 68:96:7b:b2:21:3d pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Nov 13 10:47:56.106: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Deleted mobile LWAPP rule on AP [00:00:00:00:00:00]
*apfReceiveTask: Nov 13 10:47:56.106: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) pemAdvanceState2 5327, Adding TMP rule
*apfReceiveTask: Nov 13 10:47:56.106: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Adding Fast Path rule
  type = Airespace AP Client - ACL passthru
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4 ACL
*apfReceiveTask: Nov 13 10:47:56.106: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*apfReceiveTask: Nov 13 10:47:56.106: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 0, IPv6 ACL ID 255)
*apfReceiveTask: Nov 13 10:47:56.106: 68:96:7b:b2:21:3d 192.168.232.119 WEBAUTH_REQD (8) Change state to DHCP_REQD (7) last state WEBAUTH_REQD (8)

*apfReceiveTask: Nov 13 10:47:56.106: 68:96:7b:b2:21:3d 192.168.232.119 DHCP_REQD (7) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d 192.168.232.119 DHCP_REQD (7) Replacing Fast Path rule
  type = Airespace AP - Learn IP address
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4 ACL ID
*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d 192.168.232.119 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d 192.168.232.119 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Reached ERROR: from line 6200
*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
  type = Airespace AP - Learn IP address
  on AP 00:00:00:00:00:00, slot 0, interface = 1, QOS = 0
  IPv4 ACL ID = 255,
*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 36, Local Bridging intf id = 13
*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d apfMsAssoStateDec
*apfReceiveTask: Nov 13 10:47:56.107: 68:96:7b:b2:21:3d Deleting mobile on AP 00:00:00:00:00:00(0)
*pemReceiveTask: Nov 13 10:47:56.109: 68:96:7b:b2:21:3d 192.168.232.119 Removed NPU entry.
*pemReceiveTask: Nov 13 10:47:56.109: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:47:56.109: 68:96:7b:b2:21:3d 192.168.232.119 Added NPU entry of type 2, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:47:56.109: 68:96:7b:b2:21:3d Pushing IPv6: fe80:0000:0000:0000: 6a96:7bff:feb2:213d , and MAC: 68:96:7B:B2:21:3D , Binding to Data Plane. SUCCESS !!
*pemReceiveTask: Nov 13 10:47:56.110: 68:96:7b:b2:21:3d Sent an XID frame
*pemReceiveTask: Nov 13 10:47:56.110: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:47:56.110: 68:96:7b:b2:21:3d 192.168.232.119 Added NPU entry of type 9, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:47:56.110: 68:96:7b:b2:21:3d Set bi-dir guest tunnel for 68:96:7b:b2:21:3d as in Export Anchor role
*pemReceiveTask: Nov 13 10:47:56.110: 68:96:7b:b2:21:3d 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x4
*pemReceiveTask: Nov 13 10:47:56.110: 68:96:7b:b2:21:3d 0.0.0.0 Removed NPU entry.

Marco Gonzalez
Beginner

Hello Sri,

The "captive" command mentioned by George is

configure network web-auth captive-bypass enable
What this is going to do is to allow Apple devices to contact some apple servers that apple devices required in order to work fine on iOS 6. This is an Apple behavior only (so far) and Cisco invented this command as a workaround for this behavior.
This is actually documented on the following bug as an enhancement request:
CSCtq14771
You can see the details here:

http://tools.cisco.com/squish/1D26e

You can see a further information about this on the following document:

http://tools.cisco.com/squish/c601f

It is a very long document. Just look for the "BYOD Guest Wireless Access" section, then "Authenticatoin and Authorization" and then "Additional Consideratinos"http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html#wp505667

So, in few words, the command will allow the wireless clients to have access to other resourceon on the Web other than just DHCP and DNS in order ot be able to comunicate to the Apple servers (it is like a filter) so it is not going to affect the current configuratoin and the SSIDs that you have already should not be affected.

I hope this helps

View solution in original post

Hi Marco,

After enabing these two commands on WLC anchore issue got resolved. it requers reload of WLC.

config network web-auth secureweb disable

config network web-auth captive-bypass enable

Thanks for your help and time.

Sri

hello, I have a customer with many WiSM1 WLCs. They are now just starting to investigate Guest Anchor and have asked about iOS devices running v6 not being able to login using WebAuth.

Is there a fix available for WiSM running 7.0.x code?

What the issue... I have never seen an issue with iOS6 devices and guest anchoring.  The goto code for the WiSM is v7.0.240.0.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

My customer has riased this saying he thinks they might need to replace WiSM with WiSM2.

Captive Portal on Guest Anchor and login without coming out of an app on the iOS device.

"Bug IDs CSCtq14771 relate to how different versions of apple iOS interact with captive portals. The bug has no workaround and there are no public releases for version 7.0 which is the latest code available for the WISM1. I believe this bug affects iOS versions 5 – 7 as it’s related to a feature that came out in iOS 5 that allows the user to login to a captive portal without having to come out of an app."

Maybe 7.0.240 with these tow commands is what they need?

config network web-auth secureweb disable

config network web-auth captive-bypass enable

Content for Community-Ad