cancel
Showing results for 
Search instead for 
Did you mean: 

Most compatible iOS SSID configuration

Here to help

Most compatible iOS SSID configuration

Hey guys,

 

I know iOS is a pain, plenty of articles asking why they keep deauthenticating on the wireless. As you can see, out of the 5 device types and 26 client devices with issues, only 3 are non iOS:

 

iOS.PNG

 

I've done a little testing on one of my sites to see if I could find the most compatible iOS configuration for dashboard. At this point the guest wifi is in a simple NAT mode.

 

My plan, if the wireless health doesn't get any better, is to isolate a bridge mode SSID for guest wifi and enable 802.11r adaptive to see if it gets any better. Any thoughts on that? I don't see many incompatible devices on-site and, if it solves the iOS issues, it would be worth it.

 

I'd like to crowd source some answers. How have you handled iOS devices deauthenticating on the wireless and, if you're not experiencing any issues, what's your setup?

 

Thanks!


Autumn

12 REPLIES 12
Getting noticed

Re: Most compatible iOS SSID configuration

Are you using WPA2 Enterprise or PSK? If PSK then 802.11r, in any mode, is not recommended because it is a security issue. Dashboard will warn you if you deploy this type of config.

Here to help

Re: Most compatible iOS SSID configuration

I was under the impression this was only an issue if the PSK was something that needed to be secure, it's going to be for guest wifi where guests can just ask what the password is to get in.

 

From: https://meraki.cisco.com/blog/2018/08/protecting-your-networks-from-the-latest-wpa1-wpa2-psk-vulnera...

 

"allowing attackers to obtain the PSK being used for the particular SSID."

 

What would be the security risk in an isolated bridge mode SSID where the PSK is given out?

Sorry if it's a newbie question!

 

Autumn

Kind of a big deal

Re: Most compatible iOS SSID configuration

If there is more than one access point then bridge mode gives the best roaming experience.

 

NAT mode causes the users TCP sessions to be torn down every time a roam is done.

Here to help

Re: Most compatible iOS SSID configuration

The problem I’m having in particular is not the roaming but the initial association. Do you think there would be any improvement if I did try the bridge mode or is there something you’re using besides NAT mode that you would recommend?

Kind of a big deal

Re: Most compatible iOS SSID configuration

Whether you use bridge or NAT mode will have no impact on initial authentication.  It may have an impact on re-association due to roaming.

 

I don't see association issues like this normally (except when using 802.1x, the user has changed their password, but not updated it on their device yet).

 

What method of authentication (if any) are you using at the moment?

Here to help

Re: Most compatible iOS SSID configuration

WPA2 with PSK no splash page, RADIUS server or anything like that. 

Kind of a big deal

Re: Most compatible iOS SSID configuration

You shouldn't be having any authentication issues.

 

Any chance this is simply user error, and people typing in the PSK wrong the first couple of times?

Here to help

Re: Most compatible iOS SSID configuration

Sorry I meant association not authentification

Highlighted
Head in the Cloud

Re: Most compatible iOS SSID configuration

One thing to remember is that iOS versions are very important when it comes to WiFi connectivity. Apple has released multiple versions of iOS with WiFi issues and fixes recently so if a device is on one of these iOS versions it's not a surprise there is WiFi issues.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Here to help

Re: Most compatible iOS SSID configuration

Finally made the switch from NAT mode to Bridge 802.11r adaptive for the guest wifi, all association problems stopped as soon as I made the switch. Went from ~25% failing to associate to around ~1% failing.

 

Wooooooooooooooooooooooooooo

 

Now my only worry is that I misread that warning stating not to enable 802.11r on bridge mode for security risks.

 

Since this is for the guest wifi and anyone can get the password that walks up to the front desk, it's not an issue, right?

 

Any input would be appreciated!

Kind of a big deal

Re: Most compatible iOS SSID configuration

I would stick with 802.11r.  It's not an issue since you have not confidential to protect.

Here to help

Re: Most compatible iOS SSID configuration

Thanks for the reassurance Smiley Happy
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.