Security

Reply
Contributor I
Posts: 78
Registered: ‎03-18-2013

IOS 7 Problems on guest network.

I just upgraded a 3600 controller to 6.2.1.2. We have a guest access where we use our own user acceptance page. Once the user clicks an "Agree" button they are redirected to our home page. Apple iPads and iPhones on IOS 7 are not redirecting to the home page. The user acceptance page just comes back. The user will eventually connect to the guest network after about a minute. This doesn't happen on IOS 6 devices or Androids or laptops. Has anyone seen anything like this. Any help would be appreciated.

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: IOS 7 Problems on guest network.


dglav60 wrote:

I just upgraded a 3600 controller to 6.2.1.2. We have a guest access where we use our own user acceptance page. Once the user clicks an "Agree" button they are redirected to our home page. Apple iPads and iPhones on IOS 7 are not redirecting to the home page. The user acceptance page just comes back. The user will eventually connect to the guest network after about a minute. This doesn't happen on IOS 6 devices or Androids or laptops. Has anyone seen anything like this. Any help would be appreciated.


IOS 6's CNA (Captive Portal Network Assistant) breaks the ability to redirect a user to an external home page.  In ArubaOS 6.1 and 6.2..x we worked around it by allowing traffic to *.apple.com.  IOS7 randomizes the URL that the traffic is sent to so this is no longer possible.  ArubaOS 6.3.1.0 and above have the CNA bypass feature in the Captive Portal authentication profile that identifies this random URL and allows the proper redirect.

Long Story short, for now you would need to upgrade to ArubaOS 6.3.1.0 to gain this capability.

 

1.PNG

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 78
Registered: ‎03-18-2013

Re: IOS 7 Problems on guest network.

Thanks for the info Colin. Do you know of any fixes coming down the road for version 6.2. My hand are kind of tied when its comes to upgrading firmware. We have medical devices that are FDA controlled and the vendor has to validate the firmware before we can upgrade.

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: IOS 7 Problems on guest network.


dglav60 wrote:

Thanks for the info Colin. Do you know of any fixes coming down the road for version 6.2. My hand are kind of tied when its comes to upgrading firmware. We have medical devices that are FDA controlled and the vendor has to validate the firmware before we can upgrade.


Not that I know of.  If there is an outside chance that the company uses clearpass for guest access, the CNA bypass is built into the latest ClearPass, as well...

 

If you go to the support site and request it using the ideas portal, they will know that there is interest...

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 470
Registered: ‎05-11-2011

Re: IOS 7 Problems on guest network.

On a sidenote - until you can upgrade to 6.3.x you have the option of adding apple.com to allowed sites in the logon role. That does the trick of not triggering CNA - since the device is trying to reach http://www.apple.com/library/test/success.html (I believe thats the correct URL). Of course - sideeffect is apple.com is allowed without registration ;)

 

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: IOS 7 Problems on guest network.


jsolb wrote:

On a sidenote - until you can upgrade to 6.3.x you have the option of adding apple.com to allowed sites in the logon role. That does the trick of not triggering CNA - since the device is trying to reach http://www.apple.com/library/test/success.html (I believe thats the correct URL). Of course - sideeffect is apple.com is allowed without registration ;)

 


if i understand the situation correctly that does NOT help. apple changed the way CNA works in iOS 7 and it uses several more hosts / URLs now.

Aruba
Posts: 1,520
Registered: ‎06-12-2012

Re: IOS 7 Problems on guest network.


boneyard wrote:

if i understand the situation correctly that does NOT help. apple changed the way CNA works in iOS 7 and it uses several more hosts / URLs now.

Boneyard,
It will work if you use Clearpass with the IOS7 patch using the landing.php

 

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 26
Registered: ‎09-17-2012

Re: IOS 7 Problems on guest network.

Hello,

 

I have AOS 6.3.1.1 and still have some issuse with CNA:

 

"Bypass Apple CNA" is DISABLED

-There is no automatically slide up of CP (all iPad iOS 7.04) - iPhone works fine. 

 

"Bypass Apple CNA" is ENABLED

-There is no automatically slide up of CP (all iPad iOS 7.04) - There is no automatically slide up of CP even on iPhone

 

I'm not sure that this feature is helping att all. Or?

Contributor I
Posts: 55
Registered: ‎09-05-2011

Re: IOS 7 Problems on guest network.

We have a local Aruba deployment for a multi-national company that uses AOS 5.0.4.14 at all sites and we have been denied permission to upgrade the AOS past 5.0.4.x.

 

Everything was working great until the company iPads were upgraded to 7.0.4 and now the Captive Portal splash screen does not appear.  It does appear for Windows clients.

 

Is the only way to get the Captive Portal working with iOS 7.0.x clients to upgrade the AOS to a 6.3.1.x version?

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: IOS 7 Problems on guest network.


crowdie wrote:

We have a local Aruba deployment for a multi-national company that uses AOS 5.0.4.14 at all sites and we have been denied permission to upgrade the AOS past 5.0.4.x.

 

Everything was working great until the company iPads were upgraded to 7.0.4 and now the Captive Portal splash screen does not appear.  It does appear for Windows clients.

 

Is the only way to get the Captive Portal working with iOS 7.0.x clients to upgrade the AOS to a 6.3.1.x version?


For now, yes, unless the customer uses ClearPass for guest access.  I would check with support to see if there is another workaround.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: