cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7236
Views
5
Helpful
11
Replies

Iphones and WLC - WPA

davidfield
Level 3
Level 3

Hello All,

Having a nightmare with iphones connecting to 2504 WLC.  I have WPA setup with PSK and laptops non apple connect ok.  My iphone is saying unable to join.  I roll back to No Security and iphone connects ok. 

Seams to connect ok on native Vlan with WPA enabled but on tagged Vlans unable to join with Security.  Strange.

Running 6.1.2 on iphone

&

WLC

Software Version7.4.100.0
Field Recovery Image Version

Any ideas?  I've turned off Aironet on the interface with tagged vlan but no change.

Kindest Regards

David

1 Accepted Solution

Accepted Solutions

This is an issue with many Apple devices...

Disable the session timeout

Wi-Fi Protected Access (WPA/WPA2)............. Enabled

WPA (SSN IE)............................... Enabled

TKIP Cipher............................. Disabled <<<<<<< This should be enabled with WPA1

AES Cipher.............................. Enabled  <<<<<<< This should not be used with WPA1

WPA2 (RSN IE).............................. Disabled

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

11 Replies 11

Scott Fella
Hall of Fame
Hall of Fame

Make sure your using WPA2/AES or WPA/TKIP and not both or a mix of both. If that doesn't help please post your show WLAN

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Thanks for responding Scott

Tried WEP and no joy either.    Just resetup WPA and not connecting see below settings

Thanks

Dave

(Cisco Controller) >show wlan 3

WLAN Identifier.................................. 3

Profile Name..................................... Client

Network Name (SSID).............................. Home

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

  Client Profiling Status ....................... Disabled

   DHCP ......................................... Disabled

   HTTP ......................................... Disabled

  Radius-NAC State............................... Disabled

  SNMP-NAC State................................. Disabled

  Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Maximum number of Clients per AP Radio........... 200

Number of Active Clients......................... 0

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. 1800 seconds

User Idle Timeout................................ 300 seconds

--More-- or (q)uit

User Idle Threshold.............................. 0 Bytes

NAS-identifier................................... BKWWLC01

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ client

Multicast Interface.............................. Not Configured

WLAN IPv4 ACL.................................... unconfigured

WLAN IPv6 ACL.................................... unconfigured

mDNS Status...................................... Enabled

mDNS Profile Name................................ default-mdns-profile

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Silver

Per-SSID Rate Limits............................. Upstream      Downstream

Average Data Rate................................   0             0

Average Realtime Data Rate.......................   0             0

Burst Data Rate..................................   0             0

Burst Realtime Data Rate.........................   0             0

Per-Client Rate Limits........................... Upstream      Downstream

Average Data Rate................................   0             0

Average Realtime Data Rate.......................   0             0

Burst Data Rate..................................   0             0

--More-- or (q)uit

Burst Realtime Data Rate.........................   0             0

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Disabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... 802.11b and 802.11g only

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

   Authentication................................ Global Servers

   Accounting.................................... Global Servers

      Interim Update............................. Disabled

   Dynamic Interface............................. Disabled

   Dynamic Interface Priority.................... wlan

Local EAP Authentication......................... Disabled

--More-- or (q)uit

Security

   802.11 Authentication:........................ Open System

   FT Support.................................... Disabled

   Static WEP Keys............................... Disabled

   802.1X........................................ Disabled

   Wi-Fi Protected Access (WPA/WPA2)............. Enabled

      WPA (SSN IE)............................... Enabled

         TKIP Cipher............................. Disabled

         AES Cipher.............................. Enabled

      WPA2 (RSN IE).............................. Disabled

      Auth Key Management

         802.1x.................................. Disabled

         PSK..................................... Enabled

         CCKM.................................... Disabled

         FT-1X(802.11r).......................... Disabled

         FT-PSK(802.11r)......................... Disabled

         PMF-1X(802.11w)......................... Disabled

         PMF-PSK(802.11w)........................ Disabled

      FT Reassociation Timeout................... 20

      FT Over-The-DS mode........................ Disabled

      GTK Randomization.......................... Disabled

      SKC Cache Support.......................... Disabled

--More-- or (q)uit

      CCKM TSF Tolerance......................... 1000

   WAPI.......................................... Disabled

   Wi-Fi Direct policy configured................ Disabled

   EAP-Passthrough............................... Disabled

   CKIP ......................................... Disabled

   Web Based Authentication...................... Disabled

   Web-Passthrough............................... Disabled

   Conditional Web Redirect...................... Disabled

   Splash-Page Web Redirect...................... Disabled

   Auto Anchor................................... Disabled

   FlexConnect Local Switching................... Disabled

   flexconnect Central Dhcp Flag................. Disabled

   flexconnect nat-pat Flag...................... Disabled

   flexconnect Dns Override Flag................. Disabled

   FlexConnect Vlan based Central Switching ..... Disabled

   FlexConnect Local Authentication.............. Disabled

   FlexConnect Learn IP Address.................. Enabled

   Client MFP.................................... Optional but inactive (WPA2 not configured)

   PMF........................................... Disabled

   PMF Association Comeback Time................. 1

   PMF SA Query RetryTimeout..................... 200

   Tkip MIC Countermeasure Hold-down Timer....... 60

AVC Visibilty.................................... Disabled

--More-- or (q)uit

AVC Profile Name................................. None

Flow Monitor Name................................ None

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

KTS based CAC Policy............................. Disabled

Assisted Roaming Prediction Optimization......... Disabled

802.11k Neighbor List............................ Disabled

802.11k Neighbor List Dual Band.................. Disabled

Band Select...................................... Disabled

Load Balancing................................... Disabled

Multicast Buffer................................. Disabled

Mobility Anchor List

WLAN ID     IP Address            Status

-------     ---------------       ------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Also should mention no issues with other clients.  I've reset the WLC from scratch and still same issue.  Never had this problem before and Ive setup 4 in the last 2mths.

Regards

David

This is an issue with many Apple devices...

Disable the session timeout

Wi-Fi Protected Access (WPA/WPA2)............. Enabled

WPA (SSN IE)............................... Enabled

TKIP Cipher............................. Disabled <<<<<<< This should be enabled with WPA1

AES Cipher.............................. Enabled  <<<<<<< This should not be used with WPA1

WPA2 (RSN IE).............................. Disabled

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Session timeout was the culprit by tthe looks of it.

Thanks Scott

Just makes sure you change your encryption also as it will help. I typically use WPA2/AES only and my iOS devices work fine.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

I spoke to soon.  I disconnected and forgot the network and reconnected and now gessatting same "unable to Join" messages.

I'm running out of ideas.  Anymore thoughts Scott?

So I have a bunch of iDevices at home and what I have to do to make sure they connect is to disable the session timeout, disable load balancing and use either WPA/TKIP or WPA2/AES. Can you post your show wlan again.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Also reboot your iphone if you can.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Hi,

 

Where can i change this Session TimeOut Setting. Does it need to be done on the Cisco Wireless Controller ?

Hi David,

I just posted a new discussion: 2504 wlc, 3602 ap, 802.1 x authentication issues.

Scott replied to my discussion too.

I have the opposite results from you.

iPad, iPhone, and Android devices have successfully connected.

Windows 8.x clients do not connect.

My setup:

3 separate VLANs for mgmt, employees, guest.

using internal DHCP server on 2504 WLC.

I was assigned task for this implementation since the 4400 has a known Cisco bug due to Microsoft implementation on Windows 8.x

Now I wonder if the same bug is applicable to the 2504 WLC.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: