iOS 9 with DPSK bug

  • 2
  • Question
  • Updated 2 years ago
We have DPSK set up with Roles and are using the Specify OS Types option and have the Apple iOS selected it seems that devices recently upgraded to iOS 9 experience difficulty connecting to WLAN - it shows up as Authorized(Deny) under Active Clients. By changing to Allow All OS this problem disappears. Anyone else run into this?
Photo of Greg Ashe

Greg Ashe

  • 12 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 2
Photo of Andrew Bailey

Andrew Bailey

  • 15 Posts
  • 8 Reply Likes
Greg,

Yes, I've seen this too.

I've not got any "Specify OS Types" enabled but I can see that all my iOS devices no longer have their OS recognized following the upgrade to iOS9. The Pie charts on the dashboard are also showing them as "unknown" devices.

I've updated today to 9.12 MR1 and the behavior hasn't changed- possibly something for next release? I guess Apple may have changed the OS "signature" in some way?

Kind Regards, Andy.
Photo of Martin Kane

Martin Kane

  • 72 Posts
  • 7 Reply Likes
Ditto - except I'm stuck with 9.8 because of EOL for 7962  :(
Photo of Anusha V V L

Anusha V V L

  • 27 Posts
  • 14 Reply Likes
Hi All,

iOS9 devices are not sending the OS related information in the DHCP discover/request packet and our Controllers(ZD/vSCG/SCG-200/SZ-100) are unable to detect the iOS devices with version 9. So, these devices as being considered as Other 'OS' type devices.

There is no Vendor Class Identifier packet in DHCP discover/request packet with DHCP option 60.

- If users are being assigned with a Role where RBAC(Role Based Access Control) is selected to allow specific OS type users, then choose the "Others" options also under OS types in that particular Role.

- If Device Access Policy is tagged on the WLAN, then change the Default Mode to "Allow all by default" on that particular Device Access Policy Rule.

- Anusha
Photo of trung ngheu

trung ngheu

  • 2 Posts
  • 0 Reply Likes
Can you tell me the soure support ruckus wireless ?
I also have problems related to this issue with the hidden SSID & L2MAC. :(
Photo of Andrew Bailey

Andrew Bailey

  • 15 Posts
  • 8 Reply Likes
Anusha,

Thanks for describing the workarounds for this issue.

Is there likely to be (or is there) a plan to somehow resolve this issue?

Obviously iDevices represent the bulk of mobile devices in a lot of networks. Having them identified as "unknown" is clearly not great.....

Kind Regards,



Andy.
(Edited)
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 759 Posts
  • 162 Reply Likes
andy

its unlikely as Ruckus employs Passive fingerprinting which is currently dependent on DHCP requests from the host to share the info on their OS

they may have overhaul this feature and go for multiple techniques. Other techniques may involve sniffing:
  • IP TTL values;
  • IP ID values;
  • TCP Window size;
  • TCP Options (generally, in TCP SYN and SYN+ACK packets);
  • ICMP requests;
  • HTTP packets (generally, User-Agent field).
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 759 Posts
  • 162 Reply Likes
btw this is not really BUG on the Ruckus side, its just that apple is not sending info which is needed for OS fingerprinting to work. this must have impacted other OEMs too
Photo of Ken Yeh

Ken Yeh

  • 24 Posts
  • 1 Reply Like
This is troublesome for us as well, as we are unable to use device access policies for any iOS9 devices. It seems that this is certainly something that Ruckus can fix as iOS devices do send OS fingerprinting info using DHCP Option 55 parameters 1,121,3,6,15,119,252. From this Ruckus KB it appears that Ruckus supports DHCP Option 55 for client fingerprinting.

https://support.ruckuswireless.com/answers/000001668

I've seen that other competing products are able to ID iOS9 devices using DHCP Option 55; it just seems like the proper parameters have to be added for the recognition to occur.
Photo of trung ngheu

trung ngheu

  • 2 Posts
  • 0 Reply Likes
Can you tell me the soure support ruckus wireless ?
I also have problems related to this issue with the hidden SSID & L2MAC. :(