Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Apple Captive Portal Issues

This thread has been viewed 55 times
  • 1.  Apple Captive Portal Issues

    MVP GURU
    Posted Sep 25, 2023 10:32 AM
      |   view attached

    Looking for some non-TAC help here. I have been working with TAC for a couple months now, and can not seem to get this issue resolved. Windows/Android/MacOS devices all work fine, and yes we use a public signed certificate, following best practices for iOS devices. The captive portal page is hosted on ClearPass, and we are using a valid/trusted certificate as well. The apple device can launch the captive portal page when navigated to directly in a browser, but not with the CNA. The CNA popup will launch, but we either get a red background (its a color in the galleria skin we are using), or will display the message attached here. We have also tried using just a blank skin for the page, but still the same result. We will be trying DHCP option 114 next, but I'm looking to see if someone has run into this as well and came to a resolution. 

    Thanks! 



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------


  • 2.  RE: Apple Captive Portal Issues

    EMPLOYEE
    Posted Sep 25, 2023 10:44 AM

    What version of AOS are you running? Also, what version of ClearPass?

    I've recently set this up without issues, so initially suspect something with the configuration. I'm someone concerned about the mention of "hotspot" in the error message, but could just be a false flag.



    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: Apple Captive Portal Issues

    MVP GURU
    Posted Sep 25, 2023 11:13 AM

    8.6 on Gateways/Conductors (Need to support older AP models right now), and 8.10 on the ClearPass cluster.



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 4.  RE: Apple Captive Portal Issues

    MVP
    Posted Sep 25, 2023 11:23 AM

    Had similar case at two different end customers and there were two ways how it got solved:

    1. At a certain end customer, DNS was an issue. We had to fix some DNS problems for the Guest clients who were connected to the Guest SSID, and were receiving the DNS from the DHCP Server. This DNS was changed and we had to white-list it on the User-Role ACL.
    2. Had to Upload the Intermediate Certificate on Clearpass for the signed SSL



    ------------------------------
    Shpat | ACEP | ACMP | ACCP | ACDP |
    -Just an Aruba enthusiast and contributor by cases-
    ------------------------------



  • 5.  RE: Apple Captive Portal Issues

    MVP GURU
    Posted Sep 27, 2023 10:46 AM

    DNS is not an issue at this point. The device can manually browse to the captive portal URL without issues. We also made sure the intermediate certificate was installed and trusted on the ClearPass cluster.

    The CNA window will either error out with that hotspot warning, or only load the background color of the page. It's a strange one....lol



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 6.  RE: Apple Captive Portal Issues

    Posted Nov 07, 2023 11:47 AM

    Any traction on this issue - we're seeing the same challanges




  • 7.  RE: Apple Captive Portal Issues

    Posted Nov 08, 2023 10:45 AM

    Hi there.

    You can try:

    • Turn off the mobile Cellular Data (LTE, 5G) before connect to the wifi.
    • Change the DNS server to public DNS (like 8.8.8.8) in the pool for this SSID.