03-05-2013 06:50 AM - edited 07-03-2021 11:40 PM
Hello All,
Having a nightmare with iphones connecting to 2504 WLC. I have WPA setup with PSK and laptops non apple connect ok. My iphone is saying unable to join. I roll back to No Security and iphone connects ok.
Seams to connect ok on native Vlan with WPA enabled but on tagged Vlans unable to join with Security. Strange.
Running 6.1.2 on iphone
&
WLC
Software Version | 7.4.100.0 |
Field Recovery Image Version | |
Any ideas? I've turned off Aironet on the interface with tagged vlan but no change.
Kindest Regards
David
Solved! Go to Solution.
03-05-2013 07:24 AM
This is an issue with many Apple devices...
Disable the session timeout
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Disabled <<<<<<< This should be enabled with WPA1
AES Cipher.............................. Enabled <<<<<<< This should not be used with WPA1
WPA2 (RSN IE).............................. Disabled
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
03-05-2013 07:04 AM
Make sure your using WPA2/AES or WPA/TKIP and not both or a mix of both. If that doesn't help please post your show WLAN
Sent from Cisco Technical Support iPhone App
03-05-2013 07:16 AM
Thanks for responding Scott
Tried WEP and no joy either. Just resetup WPA and not connecting see below settings
Thanks
Dave
(Cisco Controller) >show wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... Client
Network Name (SSID).............................. Home
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... BKWWLC01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ client
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
--More-- or (q)uit
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
WPA2 (RSN IE).............................. Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Disabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
802.11u........................................ Disabled
MSAP Services.................................. Disabled
03-05-2013 07:19 AM
Also should mention no issues with other clients. I've reset the WLC from scratch and still same issue. Never had this problem before and Ive setup 4 in the last 2mths.
Regards
David
03-05-2013 07:24 AM
This is an issue with many Apple devices...
Disable the session timeout
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Disabled <<<<<<< This should be enabled with WPA1
AES Cipher.............................. Enabled <<<<<<< This should not be used with WPA1
WPA2 (RSN IE).............................. Disabled
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
03-05-2013 08:06 AM
Session timeout was the culprit by tthe looks of it.
Thanks Scott
03-05-2013 08:09 AM
Just makes sure you change your encryption also as it will help. I typically use WPA2/AES only and my iOS devices work fine.
Sent from Cisco Technical Support iPhone App
03-05-2013 08:21 AM
I spoke to soon. I disconnected and forgot the network and reconnected and now gessatting same "unable to Join" messages.
I'm running out of ideas. Anymore thoughts Scott?
03-05-2013 08:27 AM
So I have a bunch of iDevices at home and what I have to do to make sure they connect is to disable the session timeout, disable load balancing and use either WPA/TKIP or WPA2/AES. Can you post your show wlan
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
03-05-2013 08:28 AM
Also reboot your iphone if you can.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
11-22-2019 07:33 AM
Hi,
Where can i change this Session TimeOut Setting. Does it need to be done on the Cisco Wireless Controller ?
05-14-2015 06:11 PM
Hi David,
I just posted a new discussion: 2504 wlc, 3602 ap, 802.1 x authentication issues.
Scott replied to my discussion too.
I have the opposite results from you.
iPad, iPhone, and Android devices have successfully connected.
Windows 8.x clients do not connect.
My setup:
3 separate VLANs for mgmt, employees, guest.
using internal DHCP server on 2504 WLC.
I was assigned task for this implementation since the 4400 has a known Cisco bug due to Microsoft implementation on Windows 8.x
Now I wonder if the same bug is applicable to the 2504 WLC.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: