Due to changes in how Apple devices check for internet connectivity in iOS7 compared to older iOS 6 releases, the Cisco WLC captive portal bypass feature will need to be updated. This is due to the changes that Apple uses in its URL's checks for internet access. These changes are reflected in the following bug ID's
CSCuj18674 - captive portal/wispr support for apple ios7 (WLC bug ID)
WLC does not respond to the ios7 wispr requests because ios7 behaves differently from ios6 in sending the wispr requests. This will be fixed in the next Cisco.com release of 7.4 controller code due out in September and also will be fixed in 7.6 controller code due out by the end of the year. If you need a fix sooner, you will need to contact TAC to obtain a special release that contains this fix If you do not wish to upgrade code, you may try the work around as noted below.
CSCui89500 - CWA and BYOD flow on iOS 7 broken with auto-login enabled (ISE bug ID)
When attempting to access the Guest Portal or BYOD an Apple iOS 7 device while the WLC "Captive Portal Bypass" feature is enabled, the web sheet on the device still appears, preventing the user from continuing the flow. This is not an ISE bug per se, but a controller issue due to iOS 7 changes.
Workaround: Create an pre-auth ACL on the WLC that allows for the IP address that resolve from "www.appleiphonecell.com" and "captive.apple.com" FQDNs.
IMPORTANT NOTE:These IP addresses are associated with the FQDNs of "www.appleiphonecell.com" and "captive.apple.com" and are subject to change by the entities hosting those domains. If the IP addresses do change, the ACL would need to reflect that.