Hi All,
At last we got solution from TAC .
There is a interesting behavior with ios clients while integrating with WLC OS 7.2 and clearpass.
Following are the findings of TAC :
1. Web login did not work in my environment until I installed a trusted certificate in the WLC web auth page and configured my Web Login page in Clearpass Guest to use https to the hostname on my certificate.
2. The web login works perfectly with CNA disabled in the WLC. However, you need to manually open safari first to get the weblogin page instead of it opening automatically.
3. If the CNA is not disabled in the WLC, then you will get the web login page automatically. Once you login, it will take you to a page with the word "Success" on it and nothing else. To resolve this, a global configuration for a welcome page needs to be added in the WLC web auth config.
4. Even if the welcome page is configured, you are still in the CNA and the page you configured for welcome is displayed, but you cannot enter in a URL due to the CNA. The only thing you can do in the CNA is click done. Once you do that, your CNA goes away and you need to open Safari to continue web browsing. Obviously, this is not ideal, but there is nothing we can do about that. This is a cisco and apple issue.
" My recommendation is to get a 3rd party certificate for your WLC and make sure DNS resolves the name of that 3rd party certificate to the virtual IP address of the WLC. Once you have that done, you can do some testing to decide if you want the CNA enabled or disabled "