Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2733
Views
0
Helpful
3
Replies

Webauth - 405 Method Not Allowed error

Y C
Level 4
Level 4

‎10-06-2020 01:57 PM - edited ‎07-05-2021 12:36 PM

We have an 8540 running 8.5.140.0. On our guest ssid we use simple webauth with an AUP and I accept button, no other input required. It's worked for the longest time just fine. It continues to work with windows clients and android phones. Recently IOS went from 13.6.1 to 14.0 to 14.0.1.

 

Somewhere in this transition webauth broke on iphones and produces the error "405 Method Not Allowed error" - the initial page with the AUP comes up fine but the moment "I accept" is selected the error comes up. I tried it on a phone that was still on 13.6.1 and it works fine, but multiple phones with 14.0.1 do not. Can't be certain about 14.0. The working phone, when hitting "I accept" takes you to a page that says "Success" at the top left which you can close and continue on your way.

 

I've seen various older threads mentioning the load.action() function. I've verified that's already in my code. Yes we're still using the 1.1.1.1 2.2.2.2 ip scheme for webauth but if that were the issue the phone wouldn't see the aup at all I imagine. Same phones with 14.0.1 work just fine on an ssid doing 802.1x/eap.

Labels:
0 Helpful
3 Replies 3

Rich R
VIP
VIP

‎10-07-2020 10:19 AM

Not familiar with the problem myself but have you read through these?

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCtd66990

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj17640

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCtq47337

iOS 14 has numerous privacy and security enhancements which could impact this type of content.

You should also think about updating to at least 8.5.161.0 to make sure you are running the latest recommended 8.5 release.

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc10

 

------------------------------
Please click Helpful if this post helped you and Accept as Solution if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Y C
Level 4
Level 4

‎10-08-2020 09:23 AM

Those ultimately lead back to that bit of code I was referring to. I would consider a code upgrade if we can tie it directly to this issue.

 

The two upgraded phones that were continuously failing yesterday are intermittently working and connecting normally today. There must be a specific state the phone needs to be in, or the client on the controller needs to be in, for this to trigger. Either that or it's some random fluke.

 

Speaking of ios14 enhancements - I just found that it randomizes macs for every ssid by default. Probably unrelated to this though.

 

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to Y C

‎10-08-2020 11:25 PM

Also change the IP address, you will get more and more issues by abusing 1.1.1.1 as the virtual interface address. 

IOS 14 also randomized the MAC address of already connected SSID every 24 hours. 

 

Then there is also the possibility of another bug (for example FT related) with the release you are running. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card