Hi Shane, We have a comparable setup with a hidden SSID without encryption and a more secure broadcasted SSID (not WPA2 yet, still using dynamic per-user WEP keying with 802.1x). I haven't heard any complaints from iPhone 3G users; perhaps there is a difference between their behaviour on a WPA2 or a WEP encrypted network or it might be related to IOS version or settings. One detail raised my attention: the fact that the hidden SSID shows up and disappears again. Since moving from the IOS 12.2 to 12.3 release, Cisco changed some details in the way beacons are created. We had to explicitly configure "beacon privacy guest-mode" on all wireless interfaces, otherwise some clients had trouble connecting and software like Netstumbler would switch between showing the network as encrypted and unencrypted. Could you try that setting or is it already enabled? By the way, we're currently running IOS 12.3(8)JEA which has proven to be quite stable. Newer versions seem to introduce problems with Radius timeouts and accounting.
Best regards, Jeroen van Ingen ICT Service Centre University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Shane Godmere Sent: woensdag 8 april 2009 22:04 To: [email protected] Subject: [WIRELESS-LAN] Cisco WPA-Enterprise / Apple iPhones Wanted to touch base with the list to see if anyone else has seen an odd problem between Apple iPhones and Cisco 1200 APs? We have a configuration that works with almost everything we can test except for iPhones and the older iPod Touch. (2G iPods work fine) Here is a cross-post of our details, any suggestions or ideas would be most welcome. ----------------- We have a WPA/WPA2 Enterprise (PEAP) network and are having trouble with our users iPhones. (They work fine on the open network SSID, but would like to migrate to the somewhat more secure WPA or WPA2 model.) Apple iPhones 2.2.1 5H111 <http://discussions.apple.com/> Apple iPods 2.2.1 5H11a <http://discussions.apple.com/> Cisco 1231b/g APs 12.3(8)JA2 or 12.3(3)JEC2 (same results) (WPA TKIP and AES support enabled) OUR STANDARD AP CONFIG: and our results OPEN SSID (hidden) = iPhones works fine, but fail to reconnect after sleep WPA2 SSID (broadcast) = iPhones fail to connect (occasionally after certificate) (BUT iPod 2G work just fine, as does Ubuntu, XP, etc.) TESTED config 1: (but this setup is incompatible with our network design) OPEN SSID (broadcast) = iPhone works WPA2 SSID (broadcast) = iPhone works TESTED config2: (not desired configuration) OPEN SSID (broadcast) = iPhone Works WPA2 SSID (hidden) = iPhone works, but fails to reconnect after sleep The Standard config needs to be implemented and supported for a variety of reasons. (We use .1X to move clients to various VLANs behind that SSID so can't enable multi-broadcast on our equipment.) We prefer to broadcast our WPA network SSID instead of the OPEN SSID, but are having issues. As this problem ONLY seems to impact our iPhone users, and not newer iPods, (with the same version of software) suspect there may be a simple setting on the phones or APs that we are missing. Anyone else ran into this and have any pointers? --------------- On of our users summed the problem up best: There are two problems (either one will leave us with a workable solution): 1) An iPhone 3G connecting to a hidden SSID on a Cisco 1200AP will be able to connect, but as soon as the phone goes to sleep it will drop the connection. Once that the phone is woken back up it will not reestablish the connection to the hidden SSID unless you go to Settings->Wi-Fi and wait for it to show up on the list of available network. If you fire up safari before doing this you will be presented with only SSIDs that are broadcast, canceling from that list will cause the iPhone to not look for a wi-fi network and use the Edge network instead. It's worth noting that in the Settings->Wi-Fi available networks list that the hidden SSID (once learned) will show up every couple of seconds and then disappear only to show back up a few seconds later (this is not the standard iPhone behavior for hidden SSIDs) 2) An iPhone 3G does not seem to be able to connect to a broadcasted beacon on a Cisco 1200AP if the Cisco is set for single beacon broadcast mode. The phone can connect to hidden SSIDs (see #1 for problems with this) and can also connect to broadcasted beacons if there are more than one. The iTouch does not show this problem in newer hardware (older iTouchs do show this problem) -------------------- Thanks for any suggestions or recommendations. -- Shane Allan Godmere Senior Telecommunications Engineer II Michigan Technological University 1400 Townsend Dr. EERC-B30 Houghton, MI 49931 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
