This guide details how to to enable support for CoA / Disconnect Message on the Cisco WLC. This is required in order to use the Tiered Bandwidth data cap and/or E-mail verification kick off feature.
Start by logging into your Cisco WLC device.
Click Security at the top and then AAA > Radius Authentication on the left menu. Click in to both the existing RADIUS servers you previously added and set the following :
Click Apply to save then edit the second RADIUS server in the same way. Be sure to click Save Configuration at the top.
IMPORTANT: CoA works by accepting inbound traffic from our RADIUS. We will send this request back to the same WAN IP of which your WLC uses for outbound traffic to our RADIUS. Therefore, you will need to forward port 3799 (UDP) on your firewall from this WAN IP to the internal Cisco WLC management IP on your local network.