Replacing existing WLC5508 with WLC9800 (17.3.3). Using same Guest WiFi with existing external captive portal server.
End users devices connecting to the Guest WiFi for the first time are redirected to the external but the external portal is not displayed on the devices. When users disconnect from the Guest SSID and reconnect the re-direct is successful and captive portal page is displayed. The captive portal redirect works for a period, however when user come back the following day and try to connect again they experience the same issues.
WebAuth
External Web Server: http://portal.company.com/wifiportal
Web Auth intercept HTTPs: not enabled
WLAN Security L3 (no pre-auth ACLs applied at this time)
END USER EXPERIENCE IS ON FIRST TIME TO CONNECT TO THE GUEST SSID THE EXTERNAL WEB AUTHENTICATION REDIRECT FAILS. WE DO NOT SEE THE HTTP REQUEST FROM THE CLIENT ON THE WIRED NETWORK THROUGH THE END USER DEVICE IS REQUESTING, ie SYN but NOT SYN ACK. THE PACKET IS NOT BE PASSED BY THE WAP TO THE WIRED NETWORK. HOWEVER, IF USER DISCONNECTS FROM SSID AND THEN RECONNECTS THE CAPTIVE PORTAL REDIRECT IS SUCCESSFUL!
Subsequent connections works once you disconnect and reconnect to the Guest SSID
Potential bug: CSCvy91799:Flex local-sw COS-APs not plumbing preauth ACL for first client connection attempt for CWA and EWA (CSCvy77144). Known Affected Releases: ap-17.3.3.26
SOLVED: Upgraded to 17.3.4 Release
