Security

Reply
paw
Contributor I

iOS WLAN Enrollment

Hello together. I now have configured Amigopod to serve iOS devices with certficates. So far everything is working fine. But there is one open questions:

When I connect to my guest WLAN using aruba integrated captiveportal, an iOS device directly open the browser windows and want to authenticate against the cap. How is this working? Doese the iOS an HTTP request wich is directly redirected, or is this managed by the wlan configuration provided by the controller?

For my iOS provisioning I use a completly seperated network where just aruba and amigopod is placed into. There is no dns and no web browsing.

I there a way redirect a new device to the ios provisioning captive portal of the amigopod, in this scenario?


And I also want to note the following:
- A manual for configuring iOS enrollment with amigopod would be very nice :-)
- Pushing a proxy for the WLAN configuration would be very very nice

best regards

Re: iOS WLAN Enrollment



Speak to Aruba TAC about this as there are lots of variables and different configurations available. I'm not aware of an MDAC manual as yet.



There are a few option for pushing proxy settings. Methods to use DHCP or the controller firewall have been covered in these forums.

Enforce proxying via controller firewall with transparent proxy. Link
Deploy proxy.pac via DHCP on controller. Link

Can you elaborate on your other question please?

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
paw
Contributor I

Re: iOS WLAN Enrollment

Thank you for your answer whitehead.


Now I have the problem that I cannot get dhcp working with option 252. Here is my DHCP configuration:

ip dhcp pool Mobile_DHCP
default-router 10.137.11.254
dns-server 10.137.15.8 10.137.15.9
domain-name de.customer.dns
lease 1 0 0 0
option 252 text "http//10.137.15.254/proxy/proxy.pac"
network 10.137.11.0 255.255.255.0
authoritative
!

The pac file dose not relie von the aruba controller in this try. I also used \n in the end the string.

Im using the 6.1.2.2 ArubaOS and the client is an iPhone 4.

As i know iPhone should support proxy pac per dhcp.

Thanks in advance
Guru Elite

Re: iOS WLAN Enrollment


Thank you for your answer whitehead.


Now I have the problem that I cannot get dhcp working with option 252. Here is my DHCP configuration:

ip dhcp pool Mobile_DHCP
default-router 10.137.11.254
dns-server 10.137.15.8 10.137.15.9
domain-name de.customer.dns
lease 1 0 0 0
option 252 text "http//10.137.15.254/proxy/proxy.pac"
network 10.137.11.0 255.255.255.0
authoritative
!

The pac file dose not relie von the aruba controller in this try. I also used \n in the end the string.

Im using the 6.1.2.2 ArubaOS and the client is an iPhone 4.

As i know iPhone should support proxy pac per dhcp.

Thanks in advance




You need to set the proxy setting to Automatic on the i-device to get this to work.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

paw
Contributor I

Re: iOS WLAN Enrollment

I used automatic discovery. With an iPad and an iPhone.
Guru Elite

Re: iOS WLAN Enrollment

Did you attempt to browse to the page http//10.137.15.254/proxy/proxy.pac to see if you canretrieve the file?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Moderator

Re: iOS WLAN Enrollment

On the point of your existing guest WLAN automatically displaying the internal captive portal, this is a result of the iOS devices supporting a usuablilty feature called Apple's Captive Network Assistant. We have some interesting information regarding this feature posted on the following link:

 

Apple Captive Network Assistant

 

In terms of how to get your iOS devices to be redirected to the device provisioning page in your isolated network, this will require some local DNS resolution. If you can imagine when the iOS device connects to the WLAN, it will DHCP its IP Address settings and then based on the above Captive Network Assistant feature will attempt to resolve an IP address for the www.apple.com domain name. When this fails the Captive Network Assistant will also fail and no mini browser or web sheet will be displayed.

 

This will require the user to open the safari browser manually and then either browse to the device provisioning page manually or due to the lack of DNS browse via an IP address such as http://1.1.1.1 

 

Ideally for a clean user experience it will be best to enable some DNS resolution in your provisioining network.

 

Hope this helps.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: