Header Only - DO NOT REMOVE - Extreme Networks

Apple Devices lose Internet Connection w/ Captive Portal


Hey Everybody,

we use a WM3700 WLAN Controller and we have round about 500 Access Points (AP4600) in our Enviroment. (That are Schools and the Controller stands in our Company)

No we have some schools that use Apple Devices to connect to the Internet. For this Network we use the captive portal from the Controller. After they etablish a connection to the open WLAN they were redirected to the Captive Portal Website.

After the successfull login, they are able to surf but a few minutes later they have to login again.
We have configured a session Time about 1440 Minutes and they will be disconnected after 1D 0H 0M

Is this issue known? Do anybody know an issue with Apple Devices or some Settings to resolve this Problem?

If you have any question, i will be answer them asap.

Thank you very much!

We use the Wireless Mobility 5.4.

14 replies

Userlevel 4
Dennis,

Do the Apple devices go to sleep before disconnecting? Also, what kind of Apple devices face these issues? (iPhone, MacBook, iMac, etc.)

Andrew
Hi Andrew,

thank you for your fast reply.

The Devices are Apple iPads (mixed generations)

No, they doesnt. You can surf a Website and in the next moment you browse another URL the Captive Portal shows up and you have to relogin before you can use it further.

The Time between the disconnects are different. Its up to 1 Minute until a half hour...

I have no idea anymore....
Userlevel 4
Dennis,

Does this happen when the customer is trying to roam or does it also occur when they are standing still and surfing the web?

Andrew
I've opened the customers Ticket. He wrotes:

"When i leave the Room, i few minutes later, i have to log in again"

I think, its happen while roaming.
Userlevel 4
Dennis,

It sounds like the user authentication isn't synchronizing between the access points. This is typically seen when there is a misconfiguration but if it is only being seen on Apple devices there could be something else going on.

Andrew
Userlevel 5
Dennis, I would like to add to this discussion. This may be due to Apple device power management features. The following article may help. Increasing the hold-time and activity timeout for clients have helped in the past. Please review the article and let us know if it helps.

https://gtacknowledge.extremenetworks.com/articles/Solution/Apple-iOS-devices-losing-connectivity-wh...
Hi Andrew,

thank you for that information.
The SSID / WLAN ist just for these Apple Devices. (its complicated...)

Can you tell me what for a configuration i have to check?
Maybe we find the solution...

Thank you so much.

Dennis
Dennis K wrote:

Hi Andrew,

thank you for that information.
The SSID / WLAN ist just for these Apple Devices. (its complicated...)

Can you tell me what for a configuration i have to check?
Maybe we find the solution...

Thank you so much.

Dennis

Maybe its a failure in NTP Configuration?
Userlevel 4
Dennis K wrote:

Hi Andrew,

thank you for that information.
The SSID / WLAN ist just for these Apple Devices. (its complicated...)

Can you tell me what for a configuration i have to check?
Maybe we find the solution...

Thank you so much.

Dennis

Dennis,

One thing to check would be to verify the access points they are attempting to roaming between are within the same RF-Domain. I'm not certain NTP can cause this issue but if the access points are showing different time it would be good to address.

Andrew
Hi Andrew,

we just have two (2) RF-Domains. The AP's for the schools are all in the same RF-Domain.

I've read the Documentation a little bit further. NTP can cause data loss and unsynchronization.

Now i've checked the "AP-Profiles" and have seen that no "Key" was set.
Thats not dramatical but the option "Autokey" was disabled too. I dont know, whehter the NTP Sync is really correctly configured.

I have Autokey enabled now. Maybe...it will help...
Furhter ideas?

best regards

Another Fact:

Apple Devices first of all try to contact the www.apple.com Website. They need a reply from www.apple.com after that, they go to the next Step and get the Captive Portal.

I mean, they get the Captive Portal, but who knows what for "Security Features" Apple has as well...

Maybe the first contact to Apple.com ist OK...then they move through the Building and after that there are issues between Apple.com contact and Captive Portal.

I have created a DNS Whitelist with www.apple.com as Entry. maybe it is a possible reason...
Userlevel 7
Dennis K wrote:

Another Fact:

Apple Devices first of all try to contact the www.apple.com Website. They need a reply from www.apple.com after that, they go to the next Step and get the Captive Portal.

I mean, they get the Captive Portal, but who knows what for "Security Features" Apple has as well...

Maybe the first contact to Apple.com ist OK...then they move through the Building and after that there are issues between Apple.com contact and Captive Portal.

I have created a DNS Whitelist with www.apple.com as Entry. maybe it is a possible reason...

One thing that I've learned in the NAC/BYOD training class was to remove apple.com from the allowed domain lists in NAC.

From the BYOD student guide....


So that's the way I do it in my NAC portal deployments and I never had any problems with it.

-Ron
Hi, thank you for your reply.

I tried this:
- remove the whitelist with Apple.com entries.
- install a second Accespoint in my enviroment (for testing)
- connect to the SSID "TEST"
- try to surf apple.com (or any other website); i get the captive portal
- sign on with my credentials
- i can surf the web

next step:

- i disconnect the Accesspoint where i am connected to ..
- the iPAD connects to the second accesspoint
- i try to surf and i get the captive portal
- i sign on again and can surf the web and get the next Error: i try to surf apple.com and get the captive portal
- all other Websites are reachable as well.
- a few minutes later, the apple.com Website is reachable fine.

i think that issue is, that the Apple Device send a inital "whisper" packet to the Apple.com Server and then start the process to show up the Captive Portal. After a few minutes, all is synchronized, im able to surf normally.

So i have two errors:

Captive Portal at roaming and synchronize Error between iPAD and Controller...

I hope you understand my Brainstorm ...
Update: Romaing Error is not on Apple Devices only.

I've opened a Case...

Hope Support can help to fix it.

On Thursday we will Upgrade the Firmware of WM3700.

Reply