Wireless Access

Looking for some non-TAC help here. I have been working with TAC for a couple months now, and can not seem to get this issue resolved. Windows/Android/MacOS devices all work fine, and yes we use a public signed certificate, following best practices for iOS devices. The captive portal page is hosted on ClearPass, and we are using a valid/trusted certificate as well. The apple device can launch the captive portal page when navigated to directly in a browser, but not with the CNA. The CNA popup will launch, but we either get a red background (its a color in the galleria skin we are using), or will display the message attached here. We have also tried using just a blank skin for the page, but still the same result. We will be trying DHCP option 114 next, but I'm looking to see if someone has run into this as well and came to a resolution. 

Thanks! 

What version of AOS are you running? Also, what version of ClearPass?

I've recently set this up without issues, so initially suspect something with the configuration. I'm someone concerned about the mention of "hotspot" in the error message, but could just be a false flag.

Looking for some non-TAC help here. I have been working with TAC for a couple months now, and can not seem to get this issue resolved. Windows/Android/MacOS devices all work fine, and yes we use a public signed certificate, following best practices for iOS devices. The captive portal page is hosted on ClearPass, and we are using a valid/trusted certificate as well. The apple device can launch the captive portal page when navigated to directly in a browser, but not with the CNA. The CNA popup will launch, but we either get a red background (its a color in the galleria skin we are using), or will display the message attached here. We have also tried using just a blank skin for the page, but still the same result. We will be trying DHCP option 114 next, but I'm looking to see if someone has run into this as well and came to a resolution. 

Thanks! 

8.6 on Gateways/Conductors (Need to support older AP models right now), and 8.10 on the ClearPass cluster.

What version of AOS are you running? Also, what version of ClearPass?

I've recently set this up without issues, so initially suspect something with the configuration. I'm someone concerned about the mention of "hotspot" in the error message, but could just be a false flag.

Looking for some non-TAC help here. I have been working with TAC for a couple months now, and can not seem to get this issue resolved. Windows/Android/MacOS devices all work fine, and yes we use a public signed certificate, following best practices for iOS devices. The captive portal page is hosted on ClearPass, and we are using a valid/trusted certificate as well. The apple device can launch the captive portal page when navigated to directly in a browser, but not with the CNA. The CNA popup will launch, but we either get a red background (its a color in the galleria skin we are using), or will display the message attached here. We have also tried using just a blank skin for the page, but still the same result. We will be trying DHCP option 114 next, but I'm looking to see if someone has run into this as well and came to a resolution. 

Thanks! 

Had similar case at two different end customers and there were two ways how it got solved:

1. At a certain end customer, DNS was an issue. We had to fix some DNS problems for the Guest clients who were connected to the Guest SSID, and were receiving the DNS from the DHCP Server. This DNS was changed and we had to white-list it on the User-Role ACL.
2. Had to Upload the Intermediate Certificate on Clearpass for the signed SSL

8.6 on Gateways/Conductors (Need to support older AP models right now), and 8.10 on the ClearPass cluster.

What version of AOS are you running? Also, what version of ClearPass?

I've recently set this up without issues, so initially suspect something with the configuration. I'm someone concerned about the mention of "hotspot" in the error message, but could just be a false flag.

Looking for some non-TAC help here. I have been working with TAC for a couple months now, and can not seem to get this issue resolved. Windows/Android/MacOS devices all work fine, and yes we use a public signed certificate, following best practices for iOS devices. The captive portal page is hosted on ClearPass, and we are using a valid/trusted certificate as well. The apple device can launch the captive portal page when navigated to directly in a browser, but not with the CNA. The CNA popup will launch, but we either get a red background (its a color in the galleria skin we are using), or will display the message attached here. We have also tried using just a blank skin for the page, but still the same result. We will be trying DHCP option 114 next, but I'm looking to see if someone has run into this as well and came to a resolution. 

Thanks! 

DNS is not an issue at this point. The device can manually browse to the captive portal URL without issues. We also made sure the intermediate certificate was installed and trusted on the ClearPass cluster.

The CNA window will either error out with that hotspot warning, or only load the background color of the page. It's a strange one....lol

Had similar case at two different end customers and there were two ways how it got solved:

1. At a certain end customer, DNS was an issue. We had to fix some DNS problems for the Guest clients who were connected to the Guest SSID, and were receiving the DNS from the DHCP Server. This DNS was changed and we had to white-list it on the User-Role ACL.
2. Had to Upload the Intermediate Certificate on Clearpass for the signed SSL

8.6 on Gateways/Conductors (Need to support older AP models right now), and 8.10 on the ClearPass cluster.

What version of AOS are you running? Also, what version of ClearPass?

I've recently set this up without issues, so initially suspect something with the configuration. I'm someone concerned about the mention of "hotspot" in the error message, but could just be a false flag.

Looking for some non-TAC help here. I have been working with TAC for a couple months now, and can not seem to get this issue resolved. Windows/Android/MacOS devices all work fine, and yes we use a public signed certificate, following best practices for iOS devices. The captive portal page is hosted on ClearPass, and we are using a valid/trusted certificate as well. The apple device can launch the captive portal page when navigated to directly in a browser, but not with the CNA. The CNA popup will launch, but we either get a red background (its a color in the galleria skin we are using), or will display the message attached here. We have also tried using just a blank skin for the page, but still the same result. We will be trying DHCP option 114 next, but I'm looking to see if someone has run into this as well and came to a resolution. 

Thanks! 

Looking for some non-TAC help here. I have been working with TAC for a couple months now, and can not seem to get this issue resolved. Windows/Android/MacOS devices all work fine, and yes we use a public signed certificate, following best practices for iOS devices. The captive portal page is hosted on ClearPass, and we are using a valid/trusted certificate as well. The apple device can launch the captive portal page when navigated to directly in a browser, but not with the CNA. The CNA popup will launch, but we either get a red background (its a color in the galleria skin we are using), or will display the message attached here. We have also tried using just a blank skin for the page, but still the same result. We will be trying DHCP option 114 next, but I'm looking to see if someone has run into this as well and came to a resolution. 

Thanks!