Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captive Portal issues for Apple iOS devices.

This thread has been viewed 6 times

  • 1.  Captive Portal issues for Apple iOS devices.

    Posted 2 days ago
      |   view attached

    Hi Everyone,

    I'm suspecting this is an issue with Apple devices themselves. But the last few days, we had a large number of users report that they cannot accept the "Terms of Use" captive portal page on our Guest Network. The page appears, but when the user clicks "Log in".. they get dumped back to the login screen. (See attached video). This works fine with Android and Windows devices. (And worked fine with apple devices before). 

    These are the symptoms:
    - Only impacting Apple iOS devices. Possibly newer and updated devices? Still trying to find a correlation. 
    - Only impacting locations that have AOS 8 based controllers.
    - Not impacting sites that have centrally managed access points.
    - Tested with multiple windows PCs, multiple Android devices. No issues.
    - No changes were made that we know of that would cause this.

    I currently have a rule in ClearPass that is bypassing the captive portal page for Apple iOS. Wondering if you have seen this? Anyone have any thoughts? 



  • 2.  RE: Captive Portal issues for Apple iOS devices.

    Posted 2 days ago

    Please work with TAC, I heard some more issues with Apple devices recently, so they may know what is going on.

    In access tracker, do you see the actual authentication happen (controller authenticating to ClearPass)? Does that process differ between these IOS devices and a Windows or Android that does work?

    The issue feels like a certificate problem, more specific the captive-portal certificate installed on the controllers. Is that from a well-known public CA? Has the certificate been correctly 'chained' with intermediate CAs, before importing it into the controller?

    You mention that it only happens on locations with AOS8 controllers. Do you have other locations where the portal authentication does work? What type of equipment is used in those locations?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: Captive Portal issues for Apple iOS devices.

    Posted 2 days ago

    Hi Herman,

    I actually don't see anything in ClearPass when the user clicks the Log In button. I see the original mac auth when they first connect which pushes back the redirect policy. It's really odd. Any other type of device, Android phone, Windows laptop, etc. works fine on the same AOS 8 AP, Controller, ClearPass, etc... 

    We have a mixed Enviromint right now. Some of our locations are on Aruba Central with AOS 10 and we cannot replicate the issue at those locations. We did replace the redirect cert about 3 weeks ago (sectigo cert) but we didn't see the issue till just a few days ago. And that same exact cert is used on the aos 8 controllers and aos 10 central sites. 

    I have a case opened on it. 


    Original Message