APs are sending Disconnect-Ack without disconnecting clients

Comes here often

APs are sending Disconnect-Ack without disconnecting clients

So i've run into an interesting issue.  We have a guest portal configured on ClearPass, which sends a COA disconnect request on port 3799.  Yesterday, we noticed that guests were still locked within the walled garden after authenticating.  After looking at a packet capture, the connection looks as expected: Guest signs in, CPPM send disconnect, AP sends disconnect-ACK... but the client is still locked.  Reauthenticating manually works, since the client is already registered.  


My question is: Why are my APs all of a sudden unable to disconnect clients via COA, and most importantly, why are they sending the disconnect-ACK, when the client is clearly still connected?

Kind of a big deal
Kind of a big deal

Have you had a recent firmware update?

No updates.  I'm thinking meraki may suggest one.

A model citizen

Open a case with Cisco Meraki. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.