Meraki

Community

Splash-page doesn´t appear with iPhones since IOS 11.3 and 11.4 with Cisco ISE Guet-WiFi

Solved
redsector
Head in the Cloud
‎Jun 14 2018 6:37 AM
‎Jun 14 2018 6:37 AM

Splash-page doesn´t appear with iPhones since IOS 11.3 and 11.4 with Cisco ISE Guet-WiFi

Hello,

 

We have an problem with our guest WiFi. The splashpage from the ISE doesn´t appear for signing in.

With Windows notebooks, Android devices and Apple Notebooks it´s working well but not with Apple iPhones (from IOS 11.3 and 11.4).

 

Its working with the iPhones on Cisco Controller based wireless LAN conncted to the same ISE.

 

Has anybody problems with iPhones and Meraki and Cisco ISE?

 

0 Kudos
1 Accepted Solution
redsector
Head in the Cloud
‎Jul 4 2018 11:58 PM
‎Jul 4 2018 11:58 PM

After weeks spending with support and a Cisco Case Cisco made a patch on our Cisco-ISE.

It´s working better now, not perfect but better.

 

Now we have this ISE versions:

Version: 2.2.0.470
Patch Information: 1,2,7,8,9

 

View solution in original post

0 Kudos
7 Replies 7
Mikanator
Here to help
‎Jun 14 2018 11:41 AM
‎Jun 14 2018 11:41 AM

if you are using a self-signed cert in ISE, your users might be getting a warning on the cert before joining.  a good test would be to try to join via an android phone that either has never joined and or delete the ssid (and cert) and see if it give you a cert warning.

0 Kudos
ccnewmeraki
Getting noticed
‎Jun 25 2018 4:29 AM
‎Jun 25 2018 4:29 AM

Do you have *.apple.com in the walled garden list on your Guest WiFi? If you do, remove it.

 

If the iPhone can get to apple.com it doesn't show the splashpage until the user opens a browser and tries to go to a non-HTTPS website (which are surprisingly tricky to find these days).

 

I don't know why meraki added this as a default entry, it makes the experience worse for apple devices.

In response to ccnewmeraki
mo_unify
Getting noticed
‎Jun 25 2018 8:59 PM
‎Jun 25 2018 8:59 PM

Further to this, Apple's WiFi detection is simple, it'll try to connect to:

 

http://captive.apple.com/hotspot-detect.html

 

If it does not get a success reply, the captive web portal browser will appear which will redirect to either Meraki's Authentication splash or a customer Radius Authentication service.

 

So if your walled garden is allowing access to *.apple.com, the Apple device will think that you have access to the internet without authentication and continue as normal. However the user won't be prompted to authenticate until they try to visit a non https site. 

0 Kudos
In response to mo_unify
Mikanator
Here to help
‎Jun 26 2018 7:07 AM
‎Jun 26 2018 7:07 AM

You might want to also check the FW rules in the Meraki help section.  The Apple systems manager is listed there.

meraki fw rules.PNG

0 Kudos
redsector
Head in the Cloud
‎Jul 4 2018 11:58 PM
‎Jul 4 2018 11:58 PM

After weeks spending with support and a Cisco Case Cisco made a patch on our Cisco-ISE.

It´s working better now, not perfect but better.

 

Now we have this ISE versions:

Version: 2.2.0.470
Patch Information: 1,2,7,8,9

 

0 Kudos
In response to redsector
jjonessec
New here
‎Jun 10 2021 4:10 PM
‎Jun 10 2021 4:10 PM

running ISE 2.7, patch 1,2,3 

 

issue is back on apple iphone IOS 14.6, browser unsupported

Berkeleycowboy
Conversationalist
‎Oct 17 2022 11:28 PM
‎Oct 17 2022 11:28 PM

I'm running Cisco ISE 2.7.0.356 patch 7 with the same issue.  

 

Receiving "Your browser is currently unsupported" on a test iPhone running IOS 16.0.3

 

Will be opening a ticket with Cisco to hopefully shed light.  

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.