cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1762
Views
125
Helpful
12
Replies

users unable to connect to wifi using Iphone

Hi Experts , 

 

We have few users who are unable to connect to office Wifi network using iphone . Local IT team has provided the user names .

 

Can you please help me with the troubleshooting steps to follow . 

We have Cisco ISE - Can we identify user details with ISE ? like location and the WLC controller which he is trying to connect ? 

12 Replies 12

marce1000
VIP
VIP

 

 - Start by looking at controller level. What is controller model and software version ? You can do client-debugging on controller (based on mac address) and have analyzed with : https://cway.cisco.com/tools/WirelessDebugAnalyzer/ , also have sanity check of controller configuration with  https://cway.cisco.com/tools/WirelessAnalyzer/

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Leo Laohoo
Hall of Fame
Hall of Fame

@Network_Sarovani wrote:

We have few users who are unable to connect to office Wifi network using iphone


Please provide more useful information other than this. 

  1. What, exactly, is the problem?
  2. What is the WLC firmware?
  3. What are the different AP models. 
  4. What is the exact error message?
  5. Has anyone verified the complaint by replicating the issue? 
  6. What OS predominantly is affected by this?  

 

ammahend
VIP
VIP

wish there was a straight answer to this, but to start login to ise, go to operations live log, in the endpoint ID field put the mac address of the iPhone and see if you see any results. 
If you see failures great, means atleast your communication between WLC and ise is correct, click on little magnifying glass next to failure message, it will give lot of you details including user details. Look at failure reason, Network Device tells you which WLC they connected to. 
There are a ton of ISE and WLC basic videos on YouTube, just go through a few of them. It’s fairly easy to get started and do basic troubleshooting. 

-hope this helps-

We see user on ise with below "Authentication failure reason" :

 

12935 Supplicant stopped responding to ISE during EAP-TLS certificate

Well make sure ISE eap certificate is trusted by endpoints and endpoint is provisioned correctly for eap-tls and the endpoint certificate issuing CA is trusted by ISE (most likely both are same, if you have an internal CA)
seems like a certificate trust issue between your client and radius server based on the message. 
if you don’t know about eap-tls authentication,  open a case with Cisco with this error message and work with them as quick fix, and later you can study about it in more details, lot of content on YouTube and online generally. 

-hope this helps-

Scott Fella
Hall of Fame
Hall of Fame

So as I'm reading this thread, I need to ask, has this worked before or is this a new implementation?  Now I'm going to assume from your post that all other devices are working fine and its just iPhones?  Are there any iPhones that are working, any iPad's?  The other thing is, is your ISE policy calling out for EAP-TLS only or also allowing EAP-PEAP?  We need to understand what exactly is implemented and how you want to authenticate devices to have a better understanding of what is going on.  As an example, if you are not using EAP-TLS and are allowing EAP-PEAP, then it can be a configuration issue on the client device on how the device is trying to authenticate.  Are you pushing out policies to these iPhones or are users manually joining the SSID?  Have you got an iPhone in which you can replicate the issue?  Have you tried to remove the wireless profile and or even reboot the device?

-Scott
*** Please rate helpful posts ***

This is linked to "JAMF" (JAMF known issue).

 

Does anyone know what it is ?

 

 

 

If you know it's linked to JAMF, then you should also know "what it is"?  If it's an issue with JAMF, shouldn't you get the answer from their community forum or from their support?

-Scott
*** Please rate helpful posts ***

 @Scott Fella This was resolved by client team , I do not have visibility or access .

 

So a different team in your company will not disclose to you what the issue was?

-Scott
*** Please rate helpful posts ***

really hard to get the info from them ..That is the reason I am trying to get some clue on this forum . 

So I can ask them more question on this topic if ever get a chance to speak to them this week or in coming weeks .

 

 

It seems like that outage was caused by them.  They should provide the root cause analysis to you and your team so that it is at least documented.  Most likely it's because the profile they pushed was the issue.  The profile or maybe even the certificate.  I'm surprised that you couldn't escalate to their manager for root cause.  

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: