Web-Auth not working on Apple IOS devices
I am using L3 web-auth (when no mac filter match). I currently have downloaded the custom page to the controller. It works fine with Windows and Android. I can not get to the redirect page on Apple IOS though.
In my pre-auth ACL I have added rules to allow any traffic to and from 17.0.0.0/8. I can see that it is getting hits.
I have also tried the config netwrok web-auth captive-bypass enable command.
Neither of these have helped.
My Apple client is getting an IP address.
Any ideas? Thanks
WLAN on Anchor controller:
(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... HopeNet
Network Name (SSID).............................. HopeNet
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 2
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 3600 seconds
CHD per WLAN..................................... Enabled
--More-- or (q)uit
Webauth DHCP exclusion........................... Disabled
Interface........................................ guest-dmz
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
--More-- or (q)uit
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
LDAP Servers
Server 1...................................... 10.4.21.177 389
Server 2...................................... 10.4.21.178 389
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
--More-- or (q)uit
FT Support.................................... Enabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled-On-MACFilter-Failure
IPv4 ACL........................................ web-auth-test
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
--More-- or (q)uit
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
2 10.241.15.5 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
WLAN on foreign controller:
WLAN Identifier.................................. 4
Profile Name..................................... HopeNet
Network Name (SSID).............................. HopeNet
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 2
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 3600 seconds
CHD per WLAN..................................... Enabled
--More-- or (q)uit
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
--More-- or (q)uit
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
--More-- or (q)uit
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled-On-MACFilter-Failure
IPv4 ACL........................................ Unconfigured
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
--More-- or (q)uit
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
4 10.241.15.5 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Interface detailed virtual on Anchor controller:
(Cisco Controller) >show interface detailed virtual
Interface Name................................... virtual
MAC Address...................................... 68:ef:bd:93:bd:00
IP Address....................................... 1.1.1.1
Virtual DNS Host Name............................ anchor.stjude.org
AP Manager....................................... No
Guest Interface.................................. No
Interface detailed virtual on Foreign controller:
(30-WiSM2-slot2-1) >show interface detailed virtual
Interface Name................................... virtual
MAC Address...................................... 2c:54:2d:3a:51:a0
IP Address....................................... 1.1.1.1
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
Similar Messages
-
Web auth not working on new controllers
We are currently experiencing a problem with web auth on one of our sites. This uses WiSM2 controllers running version 7.2.110.0 of the software.
The affected SSID is set up for web auth exactly the same way as our other site and that works (although that uses WiSMs running 7.0.230.0).
Both sites use the same web auth bundle and the same certificate. We have a DNS entry that points back to the virtual interface IP they all use which is 1.1.1.1.
When users connect to the SSID they are not being presented with the login page. Running a preview on the controller at the problem sites shows the correct page that should be being displayed.
The controllers have had the certificate re-applied, the web auth bundle reloaded on and have been upgraded from 7.2.103.0 to 7.2.110.0 but none of these have resolved the issue. All other SSIDs work fine, but this is the only one that uses web auth.
As I say, the only configuration difference is the hardware (WiSM2 vs WiSM) and the software level.
Any suggestions?When you mention that the login page does not open, that usually means that is a DNS issue. Make sure that you allow DNS from the guest subnet to the DNS server in which the FQDN of the certificate is being resolved.
Are you anchoring the guest ssid to an anchor controller? It would be the same troubleshooting, but make sure the anchor is configured correctly. The foreign wlc guest ssid needs to have a mobility anchor to the anchor wlc and the FW needs to allow DNS back in if your using an internal DNS server.
If you are not using an anchor wlc, the best way to test is to map the guest to another dynamic interface on the inside network that is working. If that works, your FW is blocking DNS on the guest subnet. You also can remove the FQDN (make sure it was entered correctly) from the VIP and test. If that fixes it, then DNS was not resolving the certificate FQDN.
Hope this helps
Sent from Cisco Technical Support iPad App -
ITunes freezes and causes shared media to not work on my iOS Devices
Even since I installed Mavericks my iTunes seems to freeze after a while which causes my home sharing media to fail on all my iOS devices. This is really annoying and tiresome i do have a big collection of music and movies on an external HDD but never had issues before the Mavericks update. Anyone now hot to fix this issue once and for all?
I down graded my machines to 10.8 and the issue went away. I have not trouble shot if it is due to itunes upgrade or the mavericks upgrade
-
Iphone will not work beacuse apple mobile device service is not started
When i plug my iphone into my computer itunes opens and then i get a pop up message that says "This iphone can not be used because the apple mobile device service is not started"
Prior to this i have had no problems using my iphone with itunes.Right click My Computer.
Choose Manage.
Expand Services and Applications.
Click on Services.
Locate that service and ensure it is started and set to Automatic. -
I have spent a lot of time troubleshooting this and think I've narrowed down the problem. Here is the setup:
I've got two 4402 controllers running 4.0.179.11. The guest SSID is mapped to a dynamic interface (VLAN). The VLAN is trunked through one switch where it connects to a DSL modem. It's a Siemens DSL modem that does NAT. So essentially from the perspective of a guest user it is a flat network.
I have a DHCP scope set up on the WLCs. When a guest client connects, it receives an address. Then they open a web browser and say their homepage is http://www.google.com. It times out waiting for a DNS reply.
I did a sniffer trace on the port going to the DSL modem. I see the DNS query with a source IP address of the guest client PC and destination address of the DSL modem (which I guess gets NAT'd to the real DNS server). Then I see the DSL modem ARP for the MAC address of the guest client PC. But here's the kicker: nobody replies to the ARP request. And I believe that is why the guest client is timing out.
It works fine if I bypass the DNS capture by using https://1.1.1.1/login.html. Also once I authenticate, DNS from the client PC works great, so I know it's not an issue with NAT.
I'm guessing the WLC should be responding to the ARP request since the guest client PC cannot talk to the gateway at this point in the process. But why is it not answering?
I'd also like to point out that I first tried all of this on 4.0.206.0 but had the same issues.
Thanks for any help you can provide.There is a bug in the pre-auth ACL (CSCse93986) but should not affect DNS. The webauth should work fine without a pre-auth ACL, but if you need to use one remember it's not statefull. You will need to allow for outbound and return traffic. I usually start with an ICMP rule to get the hang of the ACL, and then change to DNS. Bottom line you must be able to successfully run a NSLOOKUP to http://www.google.com or a site of your choice from the guest device, before you can get the Cisco Auth page.
DNS Example
Source Destination Source Port Dest Port
I Dir IP Address/Netmask IP Address/Netmask Prot Range Range DSCP Action
1 In 10.0.0.0/255.0.0.0 66.111.52.118/255.255.255.255 17 0-65535 53-53 Any Permit
2 Out 66.111.52.118/255.255.255.255 10.0.0.0/255.0.0.0 17 53-53 0-65535 Any Permit -
PAD Mini Locked after iOS upgrade, tried reset on iPAD did not work, plugged in and device not appearing in iTUNEs for reset/restore. Just get an Apple Logo then a flashing blue screen as if it is caught booting up. This has happened twice before and iTunes restore fixed it. But this time device not appearing in iTunes.
Running iTunes for PC. But as stated restore has worked before! Any help greatly appreciated!!Place the device in DFU mode and let iTunes restore the device to factory condition.
-
My iPhone 4s Bluetooth is not working, I have ios 5.1 but just can't get my Sony erricson hbh-pv715 headset to connect to the phone, the phone can't find any Bluetooth device, can you help please
Yes it's in pairing mode, it worked fine with the 3GS but doesn't seem to work with the 4s, my 4s can't find any other bluetooth device, I think the problem ls with apple?
-
ActiveSync not working for Apple Devices - Windows and android devices not having issue
Recently we have had reports of users not being able to send or sync emails to / from Apple iOS devices. When we look at the ActiveSync logs, we see the affected people getting HTTP 503 errors. Yet if this person works on a Windows Mobile device or an android
Mobile device - they do not have the problem. Similarly, if the person uses the new "Outlook" app on an Apple iOS device, they don't have the problem. It only occurs with the native mail app on iOS devices.
We have Exchange 2013 CU5 - 4 x CAS Servers on Windows 2012, and 6 x Mailbox servers on Windows Server 2008 R2 (hardware doesn't support WS2012).
We have logged a call with MS Support and they are looking into it, but was just wondering whether anyone else has seen this issue.
PS - Before anyone suggests it - we have new servers on the way for the mailbox servers, and will install WS2012R2 and CU8 on it when they arrive. But because our executive is being affected now, we need to look at this now.I did inital think it might be a widows phone issue but there are no other settings for me to use. I have also tested using a windows 8 surface and I get the same issue.
I have raised the event log level on the exchange server to expert and I have seen 2 messages when I try to connect.
I get Event ID 1100: Exhcnage ActiveSync device requests for your uses are being blocked. This problme frequently occurs when HTTP OPTIONS method is not allowed.
I know it is allowed as the test exchange connectivity worked and passed that test.
The other error Event ID 1309 ASP.NET warning. Part of the exception messge is DeviceTypeMissingOrInvalid
I have come across a comment that says for certificates to work you need to use windows intune or SCCM which we don't have. Do we know if this is true? -
Where is iTunes Match content stored on apple TV? I recently joined itunes match and it is working on my ios devices, but I can't find my uploaded music on Apple TV
It isn't actually stored anywhere, it needs to be downloaded from the internet before any content can be played.
iTunes Match content is accessed through the 'Music' icon on the main screen though, it needs turning on though in settings first. -
TS1702 I tunes Match doesnt work on my IOS devices. It states I'm not subscribed
I tunes Match doesnt work on my IOS devices. It states I'm not subscribed
On the other device setup an other email address; Settings > Messages > Receive on.
-
Why is Adobe Flashplayer not working with Apple? Do you have an other flash program you recommend?
Why is Adobe Flashplayer not working with Apple? Do you have an other flash program you recommend?
maj-brittfromsjöbo wrote:
Thank you for your interest in Adobe Flash Player. Unfortunately Apple does not allow Flash Player to be installed on iPhone or iPad.
May I add, this is the answer I get When I try to Download Adobe Flash Player
You get the message because that is exactly the situation. Apple has not allowed any Flash on iOS devices.
What site are you trying to see? Many sites now provide Flash alternatives. For example, if you want to listen to Pandora, instead of using the Flash on the Pandora website, instead you download the Pandora app for the iPad.
In the future, even if Apple wants to add Flash to the iPad, it won't be able to because Adobe will no longer be making it at all, for any mobile device:
http://www.wired.com/gadgetlab/2011/11/adobe-kills-mobile-flash/
If you often go to sites that use a lot of Flash and they don't have an alternative, you should write to them and tell them to stop using Flash. -
My sound on FaceTime is not working after downloading iOS 6 ??
Ever since I have downloaded iOS 6 when I am on a FaceTime call nobody can ever hear me. Has anyone else had sound problems since the new update ??
Re: My sound on FaceTime is not working after downloading iOS 6 ??
Apr 8, 2013 12:16 AM (in response to B69B69)
same issue here... And a restore didn't do any good either.
Try backing up your information to iTunes, and Restore your devices as new with no content on it what-so-ever. If the issue persists after that, this may be a hardware issue. Check your Mic's for debris, and remove the case you have on the device as well to see if you have the same results. Then contact Apple Support if all else fails. -
my new i-tunes download not installing 'service apple mobile device failed' windows error 126
I have the same problem. I uninstalled the old one because it will not work and now the new one does not either.
Keep getting this picture
Nothing on it works to install itunes and there is no support on the apple site.
Ideas? -
My iPhone says Searching in the top right hand side and has been like this for 2 days. Already had a replacement sim yesterday, still not working. Apple advised me to restore my phone by connecting to iTunes. When trying to do this it's not allow
Are you on a Windows PC? Do you have anti-virus software running on it? Here are some help articles for you to troubleshoot with:
Resolve iOS update and restore errors
Resolve iOS update and restore errors in iTunes -
Wifi not working after latest iOS update
wif not working after latest iOS update 7.0.4. Any suggestions?
Same happening to my iphone no wifi or bluetooth since latest update tryed everything reset restore reset back to factory setting all to no avail phoned apple they want 155 pound for a replacement (cheeky #$%/$$#@) when everyone knows its there fault .i read phone may need new wifi chip if its out of warrenty cheaper to take to local phone doctor
Maybe you are looking for
-
I recntly got a iphone and i gave my daughter my ipod and we only have one apple id, is there a way to seperate the two so I don't see her instant messages? or do we have to have seperate apple IDs?
-
Sparsebundle could not be created (error 45)
I just bought my first ever Mac a little over 30 days ago and also purchased a 1TB Seagate FreeAgent GoFlex Home network storage system. I immediately installed the GoFlex software that included a full integration into Time Machine. This worked perfe
-
How do I make use of my International Warranty???
To whom it may concern, I am consulting ths forum in the hope to receive an answer in how to make use of my International Warranty. I am a proudly user of a Blackberry Curve 9300, which I purchased in the second half of 2011 in South Africa. I am how
-
Hi everyone we are on ECC5. I have created a simple web service from a RFC, but when I try to test the home page in trnx wsadmin, I get the following error : Cannot download WSDL from We have created the J2EE server, but it seems like the server can
-
Need help sequencing Yamaha s80 in GarageBand
I'm new to Mac and new to trying to hook up my Yamaha s80 to do sequencing. I have GB 09 and an M-Audio Uno midi interface. I'm compfused. I'm not sure where to begin, don't know whether i need special drivers or what settings to adjust. I realize th