We have an issue with iPhones and 1G iPods on our WiFi network. (Other devices seem to work fine including: BSD, Linux, XP, Vista, OS-X, and 2G iPods.)
We needed multiple VLANs on the backend and have configured our 1200's with several VLANS and broadcast a single SSID as documented using PEAP / WPA/WPA2, and enabled a hidden open SSID with the legacy captive portal. The iPhone and 1G iPod will not connect to the broadcast SSID so we created a hidden WPA SSID and they associate. (However they won't reconnect to it.) We would really like them to connect to the broadcast SSID, or auto reconnect to either the open or WPA hiddens, but nothings seems to work correctly.
I posted to the APPLE forums as well.
We have a WPA/WPA2 Enterprise (PEAP) network and are having trouble with our users iPhones. (They work fine on the open network SSID, but would like to migrate to the somewhat more secure WPA or WPA2 model.)
Apple iPhones 2.2.1 5H111
Apple iPods 2.2.1 5H11a
Cisco APs 12.3(8)JA2 or 12.3(3)JEC2 (same results) (WPA TKIP and AES support enabled)
OUR STANDARD AP CONFIG: and our results
OPEN SSID (hidden) = iPhones works fine
WPA2 SSID (broadcast) = iPhones fail to connect (occasionally after certificate)
(BUT iPods work just fine!, as does Ubuntu, XP, etc.)
TESTED config 1: (but this setup is incompatible with our network design)
OPEN SSID (broadcast) = iPhone works
WPA2 SSID (broadcast) = iPhone works
TESTED config2: (not desired configuration)
OPEN SSID (broadcast) = iPhone Works
WPA2 SSID (hidden) = iPhone Works
The Standard config needs to be implemented and supported for a variety of reasons. (We use .1X to move clients to various VLANs behind that SSID so can't enable multi-broadcast on our equipment.) We need to broadcast our WPA network SSID instead of the OPEN SSID, but are having issues.
As this problem ONLY seems to impact our iPhone users, and not iPods, (with the same version of software) suspect there may be a simple setting on the phones or APs that we are missing. Anyone else ran into this and have any pointers?
We have also noted the very same problem with 1G iPod Touch. (Several users pointed this out after deployment.)
We have implemented a work-around by having a WPA2#2 SSID as a hidden so these iPhones and iPods can attach to the network. This now allows them to associate without a problem.
However on the hidden ID they seem to connect/disconnect from the network, and may require a user to go to the networks area to get connected after the device is left alone for some time.
On of our users summed the problem up best:
There are two problems (either one will leave us with a workable solution):
1) An iPhone 3G connecting to a hidden SSID on a Cisco 1200AP will be able to connect, but as soon as the phone goes to sleep it will drop the connection. Once that the phone is woken back up it will not reestablish the connection to the hidden SSID unless you go to Settings->Wi-Fi and wait for it to show up on the list of available network. If you fire up safari before doing this you will be presented with only SSIDs that are broadcast, canceling from that list will cause the iPhone to not look for a wi-fi network and use the Edge network instead. It's worth noting that in the Settings->Wi-Fi available networks list that the hidden SSID (once learned) will show up every couple of seconds and then disappear only to show back up a few seconds later (this is not the standard iPhone behavior for hidden SSIDs)
2) An iPhone 3G does not seem to be able to connect to a broadcasted beacon on a Cisco 1200AP if the Cisco is set for single beacon broadcast mode. The phone can connect to hidden SSIDs (see #1 for problems with this) and can also connect to broadcasted beacons if there are more than one. The iTouch does not show this problem in newer hardware (older iTouchs do show this problem)