The issue is likely caused by the CPU ACL on the controller, which is blocking HTTP/HTTPS traffic from the guest clients. When a WLAN with Web Authentication is used, the wireless client’s browser is redirected to a web page for authentication. If the CPU ACL is configured to only allow controller web management traffic from the IT subnet, it may inadvertently block the necessary HTTP/HTTPS traffic for the Web Authentication process, leading to a timeout on the wireless client browser. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide, specifically the sections discussing CPU ACLs and their impact on network traffic.