Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Apple CNA and Onboarding

This thread has been viewed 12 times

  • 1.  Apple CNA and Onboarding

    Posted Sep 27, 2013 11:32 AM

    Does the CNA bypass fix by using the landing.php work for onboarding iOS devices as well since that pops a login page?  I've attempted to use it but the device appear to still be using CNA and the device is being presented with a generic guest login page.  The reason I was even bothering to look into it is that I'm having issues with iPhone 5 and 5s devices where when you attempt to onboard them you're presented with an error of 'Profile Installation Failed.  A server with the specified hostname could not be found'.  I believe the problem is that the device is disconnecting from the wireless somewhere during the process because I can see it switch to LTE and therefore it can't resolve the hostname.  I can get the onboard to complete if I go through the process of:

    1)Click cancel on the CNA window that pops up

    2)From the options that pop up after hitting cancel choose the one that says to continue without internet connection

    3)Open web browser and get redirected to the onboard login page

    4)Complete onboarding.

     

    any ideas?  anyone else having issues?



  • 2.  RE: Apple CNA and Onboarding

    EMPLOYEE
    Posted Sep 27, 2013 02:38 PM

    You should not see the CNA popup page if you are using the bypass. 

     

    What wireless equipment/firmware are you using?

     

    http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=12002

     

     



  • 3.  RE: Apple CNA and Onboarding

    Posted Sep 27, 2013 03:35 PM

    3600 controller and Aruba 105 APs.  the phones are iphone 5 and 5s



  • 4.  RE: Apple CNA and Onboarding

    EMPLOYEE
    Posted Sep 27, 2013 03:44 PM
    Firmware?


  • 5.  RE: Apple CNA and Onboarding

    Posted Sep 27, 2013 03:56 PM

    sorry i missed that.  6.2.1.1



  • 6.  RE: Apple CNA and Onboarding

    EMPLOYEE
    Posted Sep 27, 2013 05:07 PM
    One note is that you need to be on the latest CPPM 6.2.1.55992 for the IOS 7 CNA bypass to work.


  • 7.  RE: Apple CNA and Onboarding

    Posted Sep 27, 2013 05:17 PM

    good catch. I will work onscheduling an upgrade next week.  I'm expecting that will resolve the issue.



  • 8.  RE: Apple CNA and Onboarding

    Posted Sep 27, 2013 05:20 PM

    I'm not seeing that code version as an available download



  • 9.  RE: Apple CNA and Onboarding

    EMPLOYEE
    Posted Sep 27, 2013 05:34 PM

    patch.png

     

     



  • 10.  RE: Apple CNA and Onboarding

    Posted Sep 27, 2013 05:37 PM

    yep i'm on CPPM 6.2.1.55992.  The controller is on 6.2.1.1



  • 11.  RE: Apple CNA and Onboarding

    EMPLOYEE
    Posted Sep 27, 2013 05:38 PM
    and the iOS7 Captive patch is applied?


  • 12.  RE: Apple CNA and Onboarding

    Posted Sep 27, 2013 05:47 PM

    yes i applied it when we were on 6.0.2 and then i upgraded to the lastest version so I assume the patch sticks through upgrades.  i'm not seeing it as an available patch any longer



  • 13.  RE: Apple CNA and Onboarding

    EMPLOYEE
    Posted Sep 27, 2013 05:52 PM

    I will check with engineering but I dont believe that should be an issue. I would double check your settings per the app note in this post.

     

    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-OnBoard-and-IOS-7/td-p/97457

     



  • 14.  RE: Apple CNA and Onboarding

    EMPLOYEE
    Posted Sep 27, 2013 06:01 PM
    If you already applied it it won't show up