802.1X iOS client issue

smccloud1
Getting noticed

802.1X iOS client issue

We are running 802.1X with custom RADIUS for our corporate WiFi, no problems with our laptops and anyone with an Android phone.  However, anyone with an iPhone or iPad has to re-login every day.  I have followed the steps I've been able to find online (which aren't much) suck as make sure the APs have a static IP.  I would really like to be able to not have to have a WPA2-PSK network just for iOS devices.  Is there anyone that had this issue that was able to come up with a decent solution to it?

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

>APs have a static IP

 

There is no requirement for this.

 

I've never had an issue with iOS devices using WPA2-Enterprise mode.

smccloud1
Getting noticed

What are you using for the backend RADIUS server(s)?
smccloud1
Getting noticed

Does anyone have any suggestions as to what to look at to keep this from happening?

Felippe
Getting noticed

I even use Ubiquti USG as radius server and its working fine. 

colinster
Getting noticed

Hey @smccloud1 I don't believe this is a Meraki bug, and I would look into issues with your RADIUS server.

 

1. I would take a look at your RADIUS server and see what authentication type you are using. Most likely it's a mismatch on the EAP method being used. There are two EAP methods, inner and outer, and the iOS devices don't always use the same methods as other devices.

 

2. There are several Meraki settings that could impact you. 802.11r, 11w, and several RADIUS settings that are hidden. Give Meraki tech support a call and have a packet capture of your 802.1X authentication ready for them.

Colin Lowenberg
wireless engineer and startup founder, formerly known as "the API guy", now I run a Furapi, the therapy dog service, and Lowenberg Labs, an IT consulting company.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels