Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎03-04-2020 11:21 AM Edited on ‎07-15-2025 12:15 AM By Staff

Article Id 195545

Technical Tip: Unable to disconnect clients from Cisco 9800 wireless controllers

Description

 
This article describes how to connect wireless clients are disconnected/de-authenticated from Cisco WLC controllers via SNMP OID bsnMobileStationDeleteAction.
 
There is currently a known issue where the C9800 model does not honor the SNMP method to disconnect.
Symptoms of this behavior include connected clients unable to switch VLANs after successful registration. If the client disconnects from the wireless and reconnects, the new VLAN is assigned.

For details, refer to Cisco Bug ID: CSCvv58252 "WLC 9800 Ignores Disconnect Request from RADIUS Server"


Scope

 

FortiNAC v8.6.2 and higher
 


Solution

 

Solution 1:
Cisco has indicated the issue is planned to be addressed in firmware version 17.5 of the C9800. Contact Cisco for details.
 
Solution 2:
  1. Upgrade the appliance to v8.7.2 or higher.
  2. Configure the appliance to use Change of Authentication (CoA) to disconnect clients (SNMP remains the default method). For instructions, refer to the Cisco Wireless Controller Integration reference manual in the Fortinet Document Library

 

Related document:
Labels:
2278
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.