Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1329
Views
5
Helpful
6
Replies

iOS 8.0 our apple users and CISCO ISE customized portal [SOLVED]

Go to solution
eugenio desideri
Level 1
Level 1

‎09-20-2014 02:40 AM - edited ‎03-10-2019 10:02 PM

Hi there guys ,
i wondering why after the update to iOS 8.0 our apple users , cannot
make it to the ISE authentication Portal , we make em connect thru a WLC wich
is redirecting to ISE ( radius server ) the web-auth process,

while if we use the internal portal (PIC2) of wlc 5508 the all process going well
after the update to 8.0 apple IOS , devices can't reach our customized portal
no more.....

anybody experienced the same?

BR

 

Eugenio

Labels:
Preview file
150 KB
Preview file
147 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to eugenio desideri

‎09-22-2014 08:11 AM

Glad you got it working and good job on finding a solution to your problem (+5 from me). Also, thank you for taking the time to come back and share it.

If your issue is resolved you should mark the thread as "Answered" :)

One thing to also consider is CWA (Central Web Auth) instead of what you are doing which is LWA (Local Web Auth). It is always better to do CWA as there are many benefits to it. 

 

Thank you for rating helpful posts!

View solution in original post

0 Helpful
6 Replies 6

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎09-21-2014 10:43 AM

I haven't played with iOS 8 yet but have read in the release notes that support for it was added in patch 10. Do you have that patch installed?

 

Thank you for rating helpful posts!

0 Helpful

Go to solution
eugenio desideri
Level 1
Level 1
In response to nspasov

‎09-22-2014 12:10 AM

THX for the reply!

didn't try the patch it but i figured out a way to make it work anyway,

 

basically overryding the Web-Policy settings , and forcing a redirection

on "layer 3 security TAB" with the correct string ( using Ips instead of hostnames )

to reach the customized portal on CISCO ISE ( our radius ) i got

ios8 devices working again ....

here's a screenshot of the tweak i made....

 

Preview file
82 KB

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to eugenio desideri

‎09-22-2014 08:11 AM

Glad you got it working and good job on finding a solution to your problem (+5 from me). Also, thank you for taking the time to come back and share it.

If your issue is resolved you should mark the thread as "Answered" :)

One thing to also consider is CWA (Central Web Auth) instead of what you are doing which is LWA (Local Web Auth). It is always better to do CWA as there are many benefits to it. 

 

Thank you for rating helpful posts!

0 Helpful

Go to solution
eugenio desideri
Level 1
Level 1
In response to nspasov

‎09-22-2014 09:38 AM

Thx for rating !

yes , CWA it's (heavly) suggested , we just got some "not standard " solutions in our environment that not allow us to use it right now , it's been a while we looking for

a change to let us do that......

 

 

0 Helpful

Go to solution
a.gooding
Level 5
Level 5
In response to eugenio desideri

‎12-19-2014 12:55 AM

Hi there,

our fix was to enable and configure MDNS (bonjour portal) and that worked for at least our environment. 

We also noticed that our hp wireless printers were not being discovered automatically in windows and this was also the fix.

hope this helps someone in a similar position

P.S - this is enabled on your wlc under controller configuration

 

0 Helpful

Go to solution
eugenio desideri
Level 1
Level 1
In response to a.gooding

‎05-22-2015 12:15 AM

hi gooding ,

unfortunately activate bonjour protocol is not possible in our situation ,

we still having a lot of problem with multicast protocols : most of 'em are not recognized correctly by our IPS that mark em as "false positive" and start drop packets.

 

:(

0 Helpful
Customers Also Viewed These Support Documents