cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2629
Views
0
Helpful
10
Replies

ACL-7-ENTRY_DONOT_EXIST

Hello,

From  a 4402 wireless controller (7.0.220.0) I get a lot of syslog messages like this:

*SNMPTask: Jan 19 17:03:25.485: %ACL-7-ENTRY_DONOT_EXIST: acl.c:301 Unable to find an ACL by name "none".

*Dot1x_NW_MsgTask_0: Jan 19 17:03:39.246: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

There are no ACL rules defined on the controller.

Any idea?

Thanks.

10 REPLIES 10
Stephen Rodriguez
Cisco Employee

Are you by chance configured to push back an ACL from AAA?

Steve

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Hmmm, what should it be? Authentication is provided by freeradius server.

Darren Lynn
Cisco Employee

Following on from Steve, check the free radius server authentication and authorization to see if you are allocation an ACL to authenticated users.

Sent from Cisco Technical Support iPhone App

I don't think so... What kind of radius attributes these ACLs should be carried by to the controller?

Definitely not...

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processIncomingMessages: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processRadiusResponse: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: b4:07:f9:71:72:e9 Access-Accept received from RADIUS server 10.129.0.244 for mobile b4:07:f9:71:72:e9 receiveId = 2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: AuthorizationResponse: 0x13c88408^M ^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   structureSize................................242^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   resultCode...................................0^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   protocolUsed.................................0x00000001^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   proxyState...................................B4:07:F9:71:72:E9-02:08^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   Packet contains 7 AVPs:^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[01] Tunnel-Medium-Type.......................0x00000006 (6) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[02] Tunnel-Type..............................0x0000000d (13) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[03] User-Name................................user12 (6 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[04] Microsoft / MPPE-Recv-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[05] Microsoft / MPPE-Send-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[06] EAP-Message..............................0x03090004 (50921476) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[07] Message-Authenticator....................DATA (16 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 2

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Applying new AAA override for station b4:07:f9:71:72:e9

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values for station b4:07:f9:71:72:e9      source: 4, valid bits: 0x0^M    qosLevel: -1, dscp: 0xffffffff, dot1pTag

: 0xffffffff, sessionTimeout: -1

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1         vlanIfName: '', aclName: ''

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: b4:07:f9:71:72:e9 Unable to apply override policy for station b4:07:f9:71:72:e9 - VapAllowRadiusOverride is FALSE

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 4

Stephen Rodriguez
Cisco Employee

so let me ask. Is this causing an issue or are you just wondering g what the message means?

To me it looks like the AAA is returning attributes ti the client but the WLAN is not allowing AAA override. So it ignores the attributes.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

I agree with Steve.  You have something setup in radius to send these back to the wlc:

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values for station b4:07:f9:71:72:e9 source: 4, valid bits: 0x0^M qosLevel: -1, dscp: 0xffffffff, dot1pTag

: 0xffffffff, sessionTimeout: -1

-Scott
*** Please rate helpful posts ***

I have a tcpdump trace in front of me... Nothing makes me beleive that these values come from the radius server... It is like they come from the controller...

Any answer on this? I have the same message over and over. I'm not even using RADIUS and I have no ACLS. is this a bug?

*SNMPTask: Feb 20 10:17:54.880: %ACL-7-ENTRY_DONOT_EXIST: acl.c:301 Unable to find an ACL by name "none".[...It occurred 4 times/sec!.]

*dot1xMsgTask: Feb 20 10:18:09.079: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

It is not really an issue (at least I can't see any relation with my actual issues ), just trying to clean up my logs...

You are right about the overwriting issue (I posted a similar message to the "Radius override disabled?" item), because "overwrited" attributes don't seem to be sent by the radius server...

Create
Recognize Your Peers
Content for Community-Ad