I have had a guest VLAN running for a few weeks and today after a scheduled reload of our systems we had a wireless problem.
Our configuration has clients authentication on the WLC web portal, and then have access to Internet only. This access is controlled with an ACL on the core switch.
The only change to the system that we know of is that the WLC was reloaded over the weekend, and then this morning users are unable to access the net, although they get an IP from DHCP.
After some troubleshooting I suspected an ACL, so I took out the ACL on the core switch, to no effect. So I looked at the WLC, and I found an unused ACL that I created a few weeks ago - I verified that both our WLANs have no ACL configued (in pre-auth and in override ACL) but I wasn't able to remove the ACL totally as the system says "Error! ACL is in use".
So I created an ACL on the WCL for open access, and applied it to the guest WLAN and users were then able to have access.
I suspect that somehow the WLC was applying this old ACL, even though the interface did not display this. This is going to be a bit of a tricky one to reproduce, but I'll try when I get some time and then I will report it to TAC.