See my post in this thread and give it a shot. Disable the captive portal with walled garden domains. https://community.meraki.com/t5/Wireless-LAN/Cisco-ISE-2-2-for-Guest-amp-BYOD-issues-with-Apple-IOS-devices/m-p/10777/highlight/false#M1811 I am on ISE 2.3 Patch 4 and it is still flaky sometimes, but it's been a lot better since we went this route. I started with ISE 2.2 and if you have not already I would recommend upgrading to 2.3. They keep integrating more and more.
... View more
You will want to have Meraki support enable Walled Garden domains so you can use URLs in the walled garden allowed list. This disables the captive portal detection and makes you manually open a webpage, or on Android you can just click the Wireless network after it's connected and it will take you to the redirect page. This worked for us. It is still flaky sometimes. On Apple devices, you still have to type http:// to force it to not use https to begin with. Once it's in your browser cache it sees it as https from then on and that is what is causing the issue. Follow the link below to see the domains to add and open a case with support to have Walled Garden Domains enabled. It's still in beta but does not hurt being turned on even if you do not use it. https://documentation.meraki.com/MR/Encryption_and_Authentication/Central_Web_Authentication_(CWA)_with_Cisco_ISE
... View more