BYOD, Single SSID and i-Devices


Recently I’ve discovered that Apple i-Devices (iPhone’s and  iPad’s particularly) will not work well when provisioned for EAP-TLS with Single broadcasted SSID. In my case device would successfully complete provisioning for certificate based authentication but re-authenticate again as PEAP. One of the workarounds was to forget SSID after provisioning and add it back in with manual setting set to EAP-TLS.

Components:
Cisco ISE: 2.0.0.306 Patch 1

Permanent fix was in the Native Supplicant Profile setting found under Policy > Policy Elements > Results > Client Provisioning > Resources. This is iOS specific setting and must be unchecked if SSID is broadcasted.

BYOD iOS setting

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar