WLC9800 <client-mac> deauthenticate, via RESTCONF

WOW-it-suporte · ‎03-26-2025

Hello,

Did someone already have this need or know how to send a restconf query to deauthenticate an mac-address in WLC9800 via RESTCONF

This give us the mac address connected,

curl -k -X GET "https://172.17.0.52/restconf/data/Cisco-IOS-XE-wireless-client-oper:client-oper-data" \
-H "Content-Type: application/yang-data+json" \
-H "Authorization: Basic ...."

But when we try do patch or delete this mac-address

curl -k -X POST or PATCH or DELETE \
"https://172.17.0.52 /restconf/data/Cisco-IOS-XE-wireless-client-oper:client-oper-data" \
-H "Content-Type: application/yang-data+json" \
-H "Accept: application/yang-data+json" \
-H "Authorization: Basic ..." \
--data '{
"input": {
"mac-address": "a2:dd:36:be:a1:92"
}

"ietf-restconf:errors": {
"error": [
{
"error-type": "application",
"error-tag": "operation-not-supported",
"error-path": "/Cisco-IOS-XE-wireless-client-oper:client-oper-data",
"error-message": "The datastore running is not writable."

The ideia of all this is to send via RESTCONF the cli command, wireless client mac-address <client-mac> deauthenticate

Thanks in advance for all the help given,

bigevilbeard · ‎03-26-2025

I think you are getting this error due to trying to modify operational data (client-oper-data), which is read only, so you would need to
use the appropriate RPC endpoint to perform actions like deauthentication. You could try this

curl -k -X POST \
"https://hostname/restconf/operations/Cisco-IOS-XE-wireless-client-oper:deauthenticate-client" \
-H "Content-Type: application/yang-data+json" \
-H "Accept: application/yang-data+json" \
-H "Authorization: Basic ..." \
--data '{
  "Cisco-IOS-XE-wireless-client-oper:input": {
    "mac-address": "[add mac address here"
  }
}'

If this does not work it might be worth looking what your devices supports and search the output for "client" or "deauthenticate" to figure which is the right endpoint here.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

WOW-it-suporte · ‎03-31-2025

Hello @bigevilbeard , "big" thanks but no luck with that,

{
"error-type": "application",
"error-tag": "malformed-message",
"error-message": "invalid path"
}

nevertheless I get all the operations,

and I can find with client,

<wireless-client-rpc:clear-sisf-binding-state xmlns:wireless-client-rpc="http://cisco.com/ns/yang/Cisco-IOS-XE-wireless-client-rpc">/restconf/operations/Cisco-IOS-XE-wireless-client-rpc:clear-sisf-binding-state</wireless-client-rpc:clear-sisf-binding-state>
<wireless-client-rpc:clear-sisf-binding-ip xmlns:wireless-client-rpc="http://cisco.com/ns/yang/Cisco-IOS-XE-wireless-client-rpc">/restconf/operations/Cisco-IOS-XE-wireless-client-rpc:clear-sisf-binding-ip</wireless-client-rpc:clear-sisf-binding-ip>

but nothing with deauthenticate - deauth

Thanks

Marcel Zehnder · ‎03-31-2025

Hi, I don't know WLAN, but by looking at the modules, maybe this one could do the trick?

module: Cisco-IOS-XE-wireless-client-rpc

  rpcs:
    +---x clear-sisf-binding-state
    |  +---w input
    |     +---w entry-mac-address    yang:mac-address
    |     +---w binding-state        wireless-enum-types:enm-sisf-binding-state
    +---x clear-sisf-binding-ip
       +---w input
          +---w entry-mac-address    yang:mac-address
          +---w ip-addr              inet:ip-address

So, try do do a POST to "/operations/Cisco-IOS-XE-wireless-client-rpc:clear-sisf-binding-ip" or "/operations/Cisco-IOS-XE-wireless-client-rpc:clear-sisf-binding-state" with the following payload:

{
  "Cisco-IOS-XE-wireless-client-rpc:input":  {
      "entry-mac-address": "<MAC-ADDRESS>"
    }
}