I have an issue with my guest access, when they access the ssid from the wifi, they try to go to www.google.com and the login portal (126.96.36.199) is not showing.
If I put manually 188.8.131.52 some times the web page will open and some times it will not open.
If it connects to IP but will not resolve a name means its definitely a DNS problem.
Check the cleints are getting DNS server details that its pingable and that the WLC/firewall etc are passing DNS traffic etc..
The version I have is 184.108.40.206 and the issue is that sometime the 220.127.116.11 will work manually and sometimes it will not even open.
using the web gui, check into "Controller > Interfaces > virtual" if "DNS Host Name" is filled or not. If it is, then the guest clients will have to be able to resolve that name with 18.104.22.168 (usually with an A record in the provided DNS).
In the WLAN configuration, are you using a "Preauthentication ACL"? If so, please put 22.214.171.124 as allowed.
Have you tried with different browsers? The page at 126.96.36.199 is an https resource, with a self signed certificate that some browsers could not love so much :)
On WLC versions earlier than 188.8.131.52, you must manually enter https://184.108.40.206/login.html in order to navigate to the web authentication window.
The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client connects to a WLAN configured for web authentication, the client obtains an IP address from the DHCP server. The user opens a web browser and enters a website address. The client then performs the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web authentication login page.
Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On Windows, choose Start > Run, enter CMD in order to open a command window, and do a “nslookup www.cisco.com"; and see if the IP address comes back.
On Macs/Linux: open a terminal window and do a “nslookup www.cisco.com"; and see if the IP address comes back.
If you believe the client is not getting DNS resolution, you can either:
Enter either the IP address of the URL (for example, http://www.cisco.com is http://220.127.116.11)
Try to directly reach the controller's webauth page with https://<Virtual_interface_IP_Address>/login.html. Typically this is http://18.104.22.168/login.html.
Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also be a certificate problem. The controller, by default, uses a self-signed certificate and most web browsers warn against using them.
Try changing method list for CWA to dot1x/group
Enable Fast SSID Change
On the Wlan Advanced tab: disable client timeout, client exclusion, MFP, Aironet IE