Hi Shane,
We are not a Cisco shop, but I use an iPhone on our WPA2-Enterprise network every day without issue, including reconnecting after sleep. Do you have the ability to get an over the air capture of this behavior? I am curious what kind of traffic you could see when it is failing to connect. Matt Barber Network Analyst Morrisville State College 315-684-6053 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Shane Godmere Sent: Wednesday, April 08, 2009 4:04 PM To: [email protected] Subject: [WIRELESS-LAN] Cisco WPA-Enterprise / Apple iPhones Wanted to touch base with the list to see if anyone else has seen an odd problem between Apple iPhones and Cisco 1200 APs? We have a configuration that works with almost everything we can test except for iPhones and the older iPod Touch. (2G iPods work fine) Here is a cross-post of our details, any suggestions or ideas would be most welcome. ----------------- We have a WPA/WPA2 Enterprise (PEAP) network and are having trouble with our users iPhones. (They work fine on the open network SSID, but would like to migrate to the somewhat more secure WPA or WPA2 model.) Apple iPhones 2.2.1 5H111 <http://discussions.apple.com/> Apple iPods 2.2.1 5H11a <http://discussions.apple.com/> Cisco 1231b/g APs 12.3(8)JA2 or 12.3(3)JEC2 (same results) (WPA TKIP and AES support enabled) OUR STANDARD AP CONFIG: and our results OPEN SSID (hidden) = iPhones works fine, but fail to reconnect after sleep WPA2 SSID (broadcast) = iPhones fail to connect (occasionally after certificate) (BUT iPod 2G work just fine, as does Ubuntu, XP, etc.) TESTED config 1: (but this setup is incompatible with our network design) OPEN SSID (broadcast) = iPhone works WPA2 SSID (broadcast) = iPhone works TESTED config2: (not desired configuration) OPEN SSID (broadcast) = iPhone Works WPA2 SSID (hidden) = iPhone works, but fails to reconnect after sleep The Standard config needs to be implemented and supported for a variety of reasons. (We use .1X to move clients to various VLANs behind that SSID so can't enable multi-broadcast on our equipment.) We prefer to broadcast our WPA network SSID instead of the OPEN SSID, but are having issues. As this problem ONLY seems to impact our iPhone users, and not newer iPods, (with the same version of software) suspect there may be a simple setting on the phones or APs that we are missing. Anyone else ran into this and have any pointers? --------------- On of our users summed the problem up best: There are two problems (either one will leave us with a workable solution): 1) An iPhone 3G connecting to a hidden SSID on a Cisco 1200AP will be able to connect, but as soon as the phone goes to sleep it will drop the connection. Once that the phone is woken back up it will not reestablish the connection to the hidden SSID unless you go to Settings->Wi-Fi and wait for it to show up on the list of available network. If you fire up safari before doing this you will be presented with only SSIDs that are broadcast, canceling from that list will cause the iPhone to not look for a wi-fi network and use the Edge network instead. It's worth noting that in the Settings->Wi-Fi available networks list that the hidden SSID (once learned) will show up every couple of seconds and then disappear only to show back up a few seconds later (this is not the standard iPhone behavior for hidden SSIDs) 2) An iPhone 3G does not seem to be able to connect to a broadcasted beacon on a Cisco 1200AP if the Cisco is set for single beacon broadcast mode. The phone can connect to hidden SSIDs (see #1 for problems with this) and can also connect to broadcasted beacons if there are more than one. The iTouch does not show this problem in newer hardware (older iTouchs do show this problem) -------------------- Thanks for any suggestions or recommendations. -- Shane Allan Godmere Senior Telecommunications Engineer II Michigan Technological University 1400 Townsend Dr. EERC-B30 Houghton, MI 49931 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
