Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎03-04-2020 11:21 AM

Article Id 195545

Technical Note: Unable to disconnect clients from Cisco 9800 wireless controllers

Description
Connected wireless clients are disconnected/de-authenticated from Cisco WLC controllers via SNMP OID bsnMobileStationDeleteAction.  There is currently a known issue where the C9800 model does not honor the SNMP method to disconnect.   

Symptoms of this behavior include connected clients unable to switch VLANs after successful registration.  If the client disconnects from the wireless and reconnects, the new VLAN is assigned.

For details, refer to Cisco Bug ID: CSCvv58252 "WLC 9800 Ignores Disconnect Request from RADIUS Server"

Scope
Version: 8.6.2 and higher
 

Solution
Solution 1:  Cisco has indicated the issue is planned to be addressed in firmware version 17.5 of the C9800.  Contact Cisco for details.


Solution 2: 
1. Upgrade appliance to version 8.7.2 or higher.
2. Configure appliance to use Change of Authentication (CoA) to disconnect clients (SNMP remains the default method).  For instructions, refer to the Cisco Wireless Controller Integration reference manual in the Fortinet Document Library.
 


ID 0598661

Labels:
1347
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.