Private Addressing on IOS14 Issue with WLC

tokis · ‎01-13-2021

So I have one member who has an iPhone and is having problems connecting to our enterprise Wi-Fi.
Android users are not having problems connecting to, other iPhone users does not have any problems to.

So as far the troubleshooting goes we found something about iPhone on IOS14 - Private Addressing feature which hides their mac address when joining the Wi-Fi.

Upon turning it off the member was able to connect now. Since we have different sites and this is happening only on one site, on the other site the same member can connect to the wifi with the private addressing feature on.

So anyone can assist on how to fix the settings, for the user to use private addressing feature and still manage to connect to the wifi?

our WLC is Cisco 4402 model

marce1000 · ‎01-13-2021

- Should work, I guess, check the logs or debug the particular mac address with the controller debugging features. Also make sure the WLC is on a recent or advisory controller release , especially if the current release is outdated.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎01-13-2021

- You may also find this thread related :

https://community.cisco.com/t5/wireless/internet-access-not-working-through-cisco-wireless-controller-on/m-p/4271498

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Scott Fella · ‎01-13-2021

Maybe you should start by looking at your radius logs. I'm assuming you are using PEAP or EAP-TLS since you mentioned enterprise WiFi? In iOS 14, private address was enabled by default and devices are entered into system using the mac address. So if for some reason you see that mac address failed, then the radius server is where I would start looking for answers. If the controller is managing multiple sites, and the issue doesn't happen in other sites, I don't think its a wireless issue. However, the 4402 is very old and sooner or later, devices will have issue connecting when the manufacture start making small changes to the NIC or firmware. The code you are running is no longer supported and you risk having issues in the future.

Also you mentioned other iPhones are working, so it points to the device or how that device is connecting. Maybe reset the network setting on the phone and create it again. The user will have to re-enter their other ssid's when you reset the network on the iPhone.

-Scott
*** Please rate helpful posts ***

tokis · ‎01-13-2021

hi all,

I did a debug (debug mac, aaa, dhcp,dns, etc) before the user connected to the wireless but this is all I can see that might help.

Client #1 has MAC Address x:xx:xx:xx:xx

---------------------------------------------------------

Jan 12 13:23:32.929 Client has Received Idle-Timeout from AP

Jan 12 13:23:33.731 Client session has timed out

Jan 12 13:23:33.731 Client has been deauthenticated

Jan 12 13:23:33.731 Client session has timed out

I don't see any blocking on the logs. Its just isolated to users with Iphone and Private addressing feature on their mobile is turned on.

I'll look into the links provided. Thanks

Scott Fella · ‎01-13-2021

You don't see anything on the radius logs?

-Scott
*** Please rate helpful posts ***

tokis · ‎01-13-2021

on the show debug command? no I did not see any. I am looking through some other logs on the web gui not sure if its radius but I don't see anything related to the mac address record I am having problems with.

Scott Fella · ‎01-13-2021

What encryption method are you using? Do you have a radius server?

-Scott
*** Please rate helpful posts ***

Leo Laohoo · ‎01-13-2021

Run a debug with both the feature turned off and on and then post the output here.