vSZ-E version 220.127.116.11.496. I've just created a WLAN that's using Hotspot (WISPr) as the Authentication Type, Authentication Method is set to Open, and Encryption is set to None.
The WISPr portal is configured to include Walled Garden access to the AP subnet, vSZ-E subnet, and the DHCP/DNS server. It also has Smart Client Support enabled, the Logon URL is set to "Internal", and HTTPS Redirect is "ON".
Bypass CNA is set to "ON" with the default Portal Detection & Suppression.
The Authentication Server is configured and has been tested/verified on other WLANs.
When I join the WLAN with an iPad (iOS 12.2), I am not automatically sent to a browser to log in. It seems that the Bypass CNA feature is not working. I can launch Safari and manually navigate to an HTTP website, get redirected to the WISPr login page, and log in successfully.
When I join the WLAN with my Google Pixel 2 (Android 9) I get the little notification that says "tap here to sign in to network", which launches some kind of system screen that is blank. The title just says "Sign in to DEVICEWLAN", where that last part is the SSID. Strangely enough, I am able to ignore this and begin browsing the internet freely. This Pixel 2 bypasses the authentication requirements completely. User Traffic Profiles are still applied, though, as I am not able to ping any of the networks that have a Deny ACL. If I look at the client within vSZ it is listed as "Unauthorized" and the Username is "N/A".
The idea for this WLAN is to be our IoT network, so I'd like to require RADIUS authentication to register each device that attempts to join the network so that we have a record of who each device belongs to. Has anyone else seen this? Should I just open a support ticket?
CNA bypass allows your iPads to not rely on "Captive Network Assistant", the Apple mini-browser. You do still need to use Safari (or other browser) to get redirected to your WiSPr login page.
Sounds like a problem with Android redirect screen, if you aren't getting to the login page correctly, and I don't know how you're getting Internet but ACL filtering, if showing Unauthorized on the SZ. This might be worth a ticket with TS.
Thanks for the clarification on CNA, I am still learning. I'll go ahead and open a ticket. Seems like a bug for sure.
The devices themselves shouldn't require 802.1x support since the authentication is open and runs through a web portal, correct? The only requirement for an IoT device would be a web browser and domain user account credentials.