Interesting. I know that guest users will not get the splash page if their home page is an https site, but from my experience, after logging in via webauth, you are allowed to go to any site unless filtered by something else. Best test is to connect a wired pc to the guest vlan and see if a wired device can or can't access an https site. Make sense?
I presume there are no ACLs in place for this WLAN? If so, please post them here so we can take a look.
What's in between your WLC/Clients and your ISP? Firewall, Proxy/Web Filer, IDS, etc?
If you take a packet capture from the WLC switchport (port-channel if lag), do you see a proper TCP handshake take place? I would find out what's going on with the flow of traffic if you don't see any indication from a device like listed above. As long as you can verify that the Client traffic has left the WLC, then you should investigate why it's not coming back.
Scott's suggestion above of testing a wired client would be your best bet to start with.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...