Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
scitlak
Staff
Staff

Created on ‎08-17-2025 08:01 AM

Article Id 404872

Technical Tip: How to send CoA re-authentication request to Cisco WLC

Description This article describes how to configure FortiNAC to send a custom CoA request to Cisco WLC for re-authentication.
Scope FortiNAC -F 7.4, FortiNAC -F 7.6.
Solution

In some circumstances, while Cisco WLC receives a CoA disconnect (RFC 5176) message, Cisco WLC disconnects the host; however, it does not send any new RADIUS authentication requests for the same host. In these circumstances, FortiNAC can be configured to send a CoA Re-Authentication request with the required RADIUS VSA.

 

  1. Create a new RFC Attribute group under Network -> RADIUS -> Attribute Groups by using the Cisco RADIUS VSAs below. In addition to the Cisco VSAs shown below, add the 'Calling-Station-id' attribute as a session identifier that is required by Cisco.

Cisco:Avpair=“subscriber:command=reauthenticate”
Cisco:Avpair=“subscriber:reauthenticate-type=rerun”


04.08.2025_15.08.00_REC.png

 

  1. Navigate to SSID configuration and change the RFC5176 Mode to Custom and select the RFC5176 Attribute Group for the newly created RFC Group.


04.08.2025_15.13.35_REC.png

 

  1. Create a circumstance so that FortiNAC can send a CoA Disconnect message, like Guest Self-Registration, and test the CoA disconnect message.


04.08.2025_15.15.54_REC.png
203
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.