Document ID: 116041
Updated: Apr 09, 2013
Contributed by Jesse Dubois, Cisco TAC Engineer.
Contents
Introduction
This document describes how to add a feature to a Cisco Wireless LAN Controller (WLC) that bypasses the Apple Captive Network Assistant (CNA) on iDevices and OS X machines. This feature solves the problem of a redirect page that does not appear.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Cisco WLC
- Apple CNA
Components Used
The information in this document is based on these software and hardware versions:
- Apple iDevices and Apple OS X machines on version 7.1 or higher
- Cisco WLC, Version 7.2.110.0 or higher
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for information on document conventions.
Background Information
When an Apple iDevice (such as an iPad, iPod, or iPhone) or an Apple OS X machine (on version 7.1 or higher) connects to a wireless network, it sends a request to a success page on the Apple website.
- If the success page is returned, the device assumes it has network connectivity and no action is taken.
- If the success page is not returned, an Apple feature called the Captive Network Assistant (CNA) assumes there is a captive portal. CNA then launches a browser to prompt the user with the login page from the captive portal. The CNA browser is limited in function and, when closed, disconnects the device from the wireless network.
Problem
The user does not see the configured captive portal page when connected through the Cisco WLC. Instead, the user sees this blank page from the Apple website:
The captive portal can be hosted on either the WLC or on an external server such as a Cisco Identity Services Engine (ISE). Due to the limited capability of the CNA browser, the content of the page cannot be displayed, and a blank page is shown instead. When the blank page is displayed and the CNA browser is closed, the device disconnects from the wireless network and the user cannot open the full browser page and log in.
Solution
Version 7.2.110.0 or higher of the Cisco WLC contains a feature that bypasses the CNA feature on Apple devices. This feature is only available in the command-line interface (CLI).
config network web-auth captive-bypass enable
Reboot the controller for this feature to take effect. The next time a device logs onto the wireless network, the user must manually open a browswer to be redirected to the captive portal.
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.