iPad wpa2 enterprise management with Cisco Ap

Question

Level 1

0 points

iPad wpa2 enterprise management with Cisco Ap

II'm using a Cisco 891 router with an imbedded Access Point for Wi-fi service on a corporate network. My ipads are being configured by MDM Airwatch. The Ipads are associating with a private hidden SSID using WPA2 Enterprise. I am using a Cisco ACS Radius server for authentication. The ipads associate at first attempt however after about 24 hours the ipads drop off the network and cannot reconnect. The message I see on the router logs is that the ipads associate and then is deauthenticated. The reason message says "previous authentication has expired or failed". I am not sure whether the message is being generated from the ACS Server or the PEAP protocol. I am approaching this issue in an unbiased approach. One of my colleagues is convinced that this is a known apple issue with WPA2 Enterprise. Personally I cannot believe that Apple Ipads are not designed to work on enterprise network. If anyone can provide some suggestions I would greatly appreciate it.

Tech

iPad 2, iOS 6

Posted on Oct 26, 2013 11:42 AM

Reply

Answer 1

Best reply

Robert600

Level 1

20 points

Oct 28, 2013 2:19 PM in response to Hudsontech

Do you see the same behavoir if you manually connect to the SSID on a device and do not push the settings from your MDM? Can you provide the settings you are using from the profile you are using besides any you want to remove for security purposes?

What version of iOS are you running on the devices? Is it 6 as in your signature of have these devices been updated?

Is the certificate used for EAP expired in ACS? What version of ACS are you running? Is it up to date?

In your profile are you installing the certificate and setting the server names to trust? Have you tried creating a profile with Apple Configurator or the iPhone Configuration utility and using it to set up the wireless to rule out any MDM issues?

Do you have other devices that are working with this hidden SSID and working correctly? Do you need the network to be hidden? There are lots of articles about hidden SSIDs and their merit vs the problems they cause. Here is a link to one. http://www.howtogeek.com/howto/28653/debunking-myths-is-hiding-your-wireless-ssi d-really-more-secure/

Hang in there. Keep trying to narrow it down. Try one thing at a time. I am in the same boat with an issue we are having. Fingers crossed the problem with eventually reveal itself.

Reply

Answer 2

Hudsontech Author

Level 1

0 points

Oct 29, 2013 8:16 AM in response to Robert600

Thanks Robert, Your response was very helpful and is greatly appreciated. Now I have a couple areas of areas to focus and can ask the right questions to the right people. The SSID works because the IPADS establish a connection and sync's up with the external web application. However after about 24 hours they deauthenticate and can't reauthenticate successfully. I don't know too much about the ACS but if I think if there was an issue on the ACS the IPADS would not authenticate in the first place.

Reply