Was just wondering whether anyone else had seen this problem as it is defeating TAC right now…
We have a number of 4402 WLCs on various sites and another one in a DMZ acting as an anchor controller for the guest network. We’re using just the basic web auth built into the WLC for access out on to the Internet for visiting third parties. All the EOIP stuff is setup and working and all clients can associate and get an IP address.
All clients get redirected to the authentication page and all clients appear to authenticate successfully. With the exception of a few clients, at this stage most get stuck and cannot browse the web; the pages just time out. All other Internet traffic (SSH, TELNET, SMTP, ICMP) works fine once authenticated , just not HTTP/HTTPS.
We have upgraded the WLCs to the latest code on the advice of TAC (6.0.196) but this made no difference. The problem seems to happen on all OSs (Mac, XP, Vista, Windows 7, Ubuntu, iPhone) and all browsers (IE6, IE7, IE8, Safari, Firefox, Chrome). We have tried upgrading drivers and changing browser settings, but nothing seems to help. We have working XP laptops and non-working XP latops; it just doesn’t make any sense.
The attached packet capture shows a non-working laptop and the only thing I noticed was very large window sizes (512k) which seems a bit odd.
We had the same problem. After discovering altering the MTU size on the client machine would allow browsing we changed the tcp mss adjust setting to 1300. The setting is under Wireless -> Radios -> Global configuration. Default is 1363 when turned on but we had to use 1360 or less to work from all clients. HTTP worked after that.
Hope this helps