Eric,

Thanks for the reply and we are testing this with a device and I will post our results.

Jeff

Thanks for the link Eirc +5

May I know how to enable that in my iOS8 devices? I don't have Mac, so Apple Configurator is not a solution to me. I reset my network in my iOS8 devices, it is not working.

Any thing I need to do?

Hi Jeff,

This link may not give answer to your question. But it is a worth document to understand iOS8.0 Security policies.

http://images.apple.com/privacy/docs/iOS_Security_Guide_Sept_2014.pdf

HTH

Rasika

**** Pls rate all useful responses ****

Rasika,

Thanks for the document as it says iOS supports LEAP but we are not able to find where to enable it in ver 8. The Apple KB says LEAP is disabled by default so by this wording it can be enabled. If its removed in iOS 8 then they should have worded it that way.

We are still searching and waiting but its not looking good.

Thanks again.

Jeff

Thanks for this update...

You're very welcome. We were able to push this to all 94 of our corporate iPads and it works fine. Cheers

I was also stuck with this.  Luckily, I upgraded early so I was able to roll back to 7.1.2 on iPhone because Apple was still signing the previous version.  But I know that I cannot play trial and error because I may not be able to roll back if I upgrade again. Also, the current config utility for iPhone requires OS-X 10.9 which I don't have.

My config (12.4(15)T on an old 871W) is many years old, and I had to do a lot of trial and error setting it up since 99% of examples on the internet are "this doesn't work, what is wrong with it" :-(

dot11 ssid VaxinationWiFi
   vlan 10
   authentication open eap eap_list_name
   authentication network-eap eap_list_name
   authentication key-management wpa optional
   guest-mode

(there is a local radio server on the router).

I have no idea whether the above is kosher, but it works fine for my laptop and my iPhones whuch never had problems before until IOS 8.

Unless Apple explicitely states that it has re-enabled LEAP (is LEAP the same as EAP ?), I would rather change my router to another flavour of WPA2 Enterprise. 

within config mode, these are the options given by my router for the authentication command:

router1(config-ssid)#authentication ?
  client          LEAP client information
  key-management  key management
  network-eap     leap method
  open            open method
  shared          shared method

Note that I do not use "client" in my config.

So what would be recommended in terms of ssid config to maintain similar authentication secrity AND please Apple ?

 This router caused me no end in headaches because I got the cripped "advanced security" instead of "advanced IP" without knowing there were options.  I realise it is time to replace but not sure by what model yet.

Spent a bit more time on the issue.

Some said that the issue isn't with EAP itself but the encryption used.

Here is what my router can handle: (871W, 12.4(15)T9 IIRC.

router1(config)#int Dot11Radio0router1(config-if)#encryption vlan 10 mode ciphers ?

  aes-ccm  WPA AES CCMP
  tkip     WPA Temporal Key encryption
  wep128   128 bit key
  wep40    40 bit key

Has anyone gotten confirmation from Apple on which of the above is acceptable to "out of the box" IOS8 ? My router is setup with aes-ccm, and that one does not work with IOS-8.

Or are all of the above unacceptable to Apple which means I need to buy a new router if I want to upgrade to IOS8 and not use the configurayion utility (requires 10,9) ?

Thanks for the reply.

We don't use the Apple Configurator as the Apple devices are personally owned. Can we create, export and distribute these profiles for just the SSID without affecting other settings on the device? We don't want to be liable settings caused by a profile we provided and the user imported.

Appreciate the help.

Jeff

That is an excellent question for Apple support. I would like to say yes but, PLEASE verify before attempting. Have a great day.