03-26-2025 02:09 AM - edited 03-31-2025 01:29 AM
Hello,
Did someone already have this need or know how to send a restconf query to deauthenticate an mac-address in WLC9800 via RESTCONF
This give us the mac address connected,
curl -k -X GET "https://172.17.0.52/restconf/data/Cisco-IOS-XE-wireless-client-oper:client-oper-data" \
-H "Content-Type: application/yang-data+json" \
-H "Authorization: Basic ...."
But when we try do patch or delete this mac-address
curl -k -X POST or PATCH or DELETE \
"https://172.17.0.52/restconf/data/Cisco-IOS-XE-wireless-client-oper:client-oper-data" \
-H "Content-Type: application/yang-data+json" \
-H "Accept: application/yang-data+json" \
-H "Authorization: Basic ..." \
--data '{
"input": {
"mac-address": "a2:dd:36:be:a1:92"
}
"ietf-restconf:errors": {
"error": [
{
"error-type": "application",
"error-tag": "operation-not-supported",
"error-path": "/Cisco-IOS-XE-wireless-client-oper:client-oper-data",
"error-message": "The datastore running is not writable."
The ideia of all this is to send via RESTCONF the cli command, wireless client mac-address <client-mac> deauthenticate
Thanks in advance for all the help given,
03-26-2025 02:30 AM
I think you are getting this error due to trying to modify operational data (client-oper-data), which is read only, so you would need to
use the appropriate RPC endpoint to perform actions like deauthentication. You could try this
curl -k -X POST \
"https://hostname/restconf/operations/Cisco-IOS-XE-wireless-client-oper:deauthenticate-client" \
-H "Content-Type: application/yang-data+json" \
-H "Accept: application/yang-data+json" \
-H "Authorization: Basic ..." \
--data '{
"Cisco-IOS-XE-wireless-client-oper:input": {
"mac-address": "[add mac address here"
}
}'
If this does not work it might be worth looking what your devices supports and search the output for "client" or "deauthenticate" to figure which is the right endpoint here.
Hope this helps.
03-31-2025 12:48 AM
Hello @bigevilbeard , "big" thanks but no luck with that,
{
"error-type": "application",
"error-tag": "malformed-message",
"error-message": "invalid path"
}
nevertheless I get all the operations,
and I can find with client,
<wireless-client-rpc:clear-sisf-binding-state xmlns:wireless-client-rpc="http://cisco.com/ns/yang/Cisco-IOS-XE-wireless-client-rpc">/restconf/operations/Cisco-IOS-XE-wireless-client-rpc:clear-sisf-binding-state</wireless-client-rpc:clear-sisf-binding-state>
<wireless-client-rpc:clear-sisf-binding-ip xmlns:wireless-client-rpc="http://cisco.com/ns/yang/Cisco-IOS-XE-wireless-client-rpc">/restconf/operations/Cisco-IOS-XE-wireless-client-rpc:clear-sisf-binding-ip</wireless-client-rpc:clear-sisf-binding-ip>
but nothing with deauthenticate - deauth
Thanks
03-31-2025 08:04 AM - edited 03-31-2025 08:07 AM
Hi, I don't know WLAN, but by looking at the modules, maybe this one could do the trick?
module: Cisco-IOS-XE-wireless-client-rpc
rpcs:
+---x clear-sisf-binding-state
| +---w input
| +---w entry-mac-address yang:mac-address
| +---w binding-state wireless-enum-types:enm-sisf-binding-state
+---x clear-sisf-binding-ip
+---w input
+---w entry-mac-address yang:mac-address
+---w ip-addr inet:ip-address
So, try do do a POST to "/operations/Cisco-IOS-XE-wireless-client-rpc:clear-sisf-binding-ip" or "/operations/Cisco-IOS-XE-wireless-client-rpc:clear-sisf-binding-state" with the following payload:
{
"Cisco-IOS-XE-wireless-client-rpc:input": {
"entry-mac-address": "<MAC-ADDRESS>"
}
}
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide