This document describes how to add a feature to a Cisco Wireless LAN Controller (WLC) that bypasses the Apple Captive Network Assistant (CNA) on iDevices and OS X machines. This feature solves the problem of a redirect page that does not appear.
Cisco recommends that you have knowledge of these topics:
The information in this document is based on these software and hardware versions:
- Apple iDevices and Apple OS X machines on version 7.1 or higher
- Cisco WLC, Version 220.127.116.11 or higher
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for information on document conventions.
When an Apple iDevice (such as an iPad, iPod, or iPhone) or an Apple OS X machine (on version 7.1 or higher) connects to a wireless network, it sends a request to a success page on the Apple website.
- If the success page is returned, the device assumes it has network connectivity and no action is taken.
- If the success page is not returned, an Apple feature called the Captive Network Assistant (CNA) assumes there is a captive portal. CNA then launches a browser to prompt the user with the login page from the captive portal. The CNA browser is limited in function and, when closed, disconnects the device from the wireless network.
The user does not see the configured captive portal page when connected through the Cisco WLC. Instead, the user sees this blank page from the Apple website:
The captive portal can be hosted on either the WLC or on an external server such as a Cisco Identity Services Engine (ISE). Due to the limited capability of the CNA browser, the content of the page cannot be displayed, and a blank page is shown instead. When the blank page is displayed and the CNA browser is closed, the device disconnects from the wireless network and the user cannot open the full browser page and log in.
Version 18.104.22.168 or higher of the Cisco WLC contains a feature that bypasses the CNA feature on Apple devices. This feature is only available in the command-line interface (CLI).
config network web-auth captive-bypass enable
Reboot the controller for this feature to take effect. The next time a device logs onto the wireless network, the user must manually open a browswer to be redirected to the captive portal.