Hello,
We are facing a serious issue on the Wi-Fi network where devices are browsing normally and with no apparent reason to load web pages.
From the same client it is possible to ping externally for IP and DNS, but the web pages do not load.
To get back to work it is necessary to disconnect from the Wi-Fi network and come back again.

Wi-FI Controller: Cisco 2500 Series Wireless LAN Controller (AIR-CT2504-K9)
Switches: Catalyst 2960X
Authentication method: 802.11x

I did a packet capture on the firewall and identified that the client is returning traffic through the wrong vlan.
This client is in VLAN 20, the firewall sends the packet in the correct VLAN, but the client returns the tag from VLAN 10, even if its IP is from VLAN 20.

Frame 8: 361 bytes on wire (2888 bits), 361 bytes captured (2888 bits)

Ethernet II, Src: WatchGua_MAC:Firewall (MAC Firewall), Dst: IntelCor_MAC:Client (MAC Client)

802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 20

000. .... .... .... = Priority: Best Effort (default) (0)

...0 .... .... .... = DEI: Ineligible

.... 0000 0001 0100 = ID: 20

Type: IPv4 (0x0800)

Internet Protocol Version 4, Src: 192.168.200.27, Dst: 10.2.20.53

User Datagram Protocol, Src Port: 3389, Dst Port: 63365

Data (315 bytes)

Frame 9: 64 bytes on wire (512 bits), 64 bytes captured (512 bits)

Ethernet II, Src: IntelCor_MAC:Client (MAC Client), Dst: WatchGua_Firewall (MAC Firewall)

802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 10

000. .... .... .... = Priority: Best Effort (default) (0)

...0 .... .... .... = DEI: Ineligible

.... 0000 0000 1010 = ID: 10

Type: IPv4 (0x0800)

Padding: 0000

Trailer: 00000000

Internet Protocol Version 4, Src: 10.2.20.53, Dst: 192.168.200.27

User Datagram Protocol, Src Port: 63365, Dst Port: 3389

Data (12 bytes)

I couldn't identify what might be causing the problem.