I am using fqdn , client can resolve any fqdn including node .
If it is dns issue atleast I could see the something like below on the broswer
In my case Ican't see anything like that above
Check wlc coa configuration on AAA Radius authentication,
Check SSID -- advance --- radius nac and aaa override
Check WLC preauth ACL pointing to the PSN on 8443
IF you are using an F5 solution, the static FQDN option does not work properly.
Here is the preauth acl
ip access-list extended redirect_acl
deny udp any any eq bootps
deny udp any any eq bootpc
deny udp any any eq domain
deny ip any host 192.168.5.41 (ise)
deny ip any host 192.168.5.42
permit tcp any any eq www
permit tcp any any eq 443
We are using hotspot portal, sponsor portal for guest account creation, guest webauth portal (WLC URL Redirect), etc with no issues. Try to keep it simple. AND Mohammed is correct.
The preauth acl is intended to keep the communication ONLY between enduser and ISE/DNS so no navigation is involved at all until your AUTHC/AUTHZ is completed (including AUP page accepted if it applies).
A few links that you could take a look: