Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
2627
Views
0
Helpful
10
Replies
Konstantin Kabassanov
Beginner
Beginner
‎01-19-2012 08:07 AM
‎01-19-2012 08:07 AM

ACL-7-ENTRY_DONOT_EXIST

Hello,

From  a 4402 wireless controller (7.0.220.0) I get a lot of syslog messages like this:

*SNMPTask: Jan 19 17:03:25.485: %ACL-7-ENTRY_DONOT_EXIST: acl.c:301 Unable to find an ACL by name "none".

*Dot1x_NW_MsgTask_0: Jan 19 17:03:39.246: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

There are no ACL rules defined on the controller.

Any idea?

Thanks.

Labels:
2 people had this problem
0 Helpful
10 REPLIES 10
Stephen Rodriguez
Cisco Employee
Cisco Employee
‎01-19-2012 11:02 AM
‎01-19-2012 11:02 AM

Are you by chance configured to push back an ACL from AAA?

Steve

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful
Konstantin Kabassanov
Beginner
Beginner
In response to Stephen Rodriguez
‎01-19-2012 12:23 PM
‎01-19-2012 12:23 PM

Hmmm, what should it be? Authentication is provided by freeradius server.

0 Helpful
Darren Lynn
Cisco Employee
Cisco Employee
‎01-20-2012 03:36 PM
‎01-20-2012 03:36 PM

Following on from Steve, check the free radius server authentication and authorization to see if you are allocation an ACL to authenticated users.

Sent from Cisco Technical Support iPhone App

0 Helpful
Konstantin Kabassanov
Beginner
Beginner
In response to Darren Lynn
‎01-21-2012 05:52 AM
‎01-21-2012 05:52 AM

I don't think so... What kind of radius attributes these ACLs should be carried by to the controller?

0 Helpful
Konstantin Kabassanov
Beginner
Beginner
In response to Darren Lynn
‎01-24-2012 09:54 AM
‎01-24-2012 09:54 AM

Definitely not...

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processIncomingMessages: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processRadiusResponse: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: b4:07:f9:71:72:e9 Access-Accept received from RADIUS server 10.129.0.244 for mobile b4:07:f9:71:72:e9 receiveId = 2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: AuthorizationResponse: 0x13c88408^M ^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   structureSize................................242^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   resultCode...................................0^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   protocolUsed.................................0x00000001^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   proxyState...................................B4:07:F9:71:72:E9-02:08^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   Packet contains 7 AVPs:^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[01] Tunnel-Medium-Type.......................0x00000006 (6) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[02] Tunnel-Type..............................0x0000000d (13) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[03] User-Name................................user12 (6 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[04] Microsoft / MPPE-Recv-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[05] Microsoft / MPPE-Send-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[06] EAP-Message..............................0x03090004 (50921476) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[07] Message-Authenticator....................DATA (16 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 2

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Applying new AAA override for station b4:07:f9:71:72:e9

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values for station b4:07:f9:71:72:e9      source: 4, valid bits: 0x0^M    qosLevel: -1, dscp: 0xffffffff, dot1pTag

: 0xffffffff, sessionTimeout: -1

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1         vlanIfName: '', aclName: ''

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: b4:07:f9:71:72:e9 Unable to apply override policy for station b4:07:f9:71:72:e9 - VapAllowRadiusOverride is FALSE

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 4

0 Helpful
Stephen Rodriguez
Cisco Employee
Cisco Employee
‎01-24-2012 09:57 AM
‎01-24-2012 09:57 AM

so let me ask. Is this causing an issue or are you just wondering g what the message means?

To me it looks like the AAA is returning attributes ti the client but the WLAN is not allowing AAA override. So it ignores the attributes.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful
Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to Stephen Rodriguez
‎01-24-2012 09:59 AM
‎01-24-2012 09:59 AM

I agree with Steve.  You have something setup in radius to send these back to the wlc:

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values for station b4:07:f9:71:72:e9 source: 4, valid bits: 0x0^M qosLevel: -1, dscp: 0xffffffff, dot1pTag

: 0xffffffff, sessionTimeout: -1

-Scott
*** Please rate helpful posts ***
0 Helpful
Konstantin Kabassanov
Beginner
Beginner
In response to Scott Fella
‎01-24-2012 10:11 AM
‎01-24-2012 10:11 AM

I have a tcpdump trace in front of me... Nothing makes me beleive that these values come from the radius server... It is like they come from the controller...

0 Helpful
JESSICA Walsh
Beginner
Beginner
In response to Konstantin Kabassanov
‎02-20-2013 08:17 AM
‎02-20-2013 08:17 AM

Any answer on this? I have the same message over and over. I'm not even using RADIUS and I have no ACLS. is this a bug?

*SNMPTask: Feb 20 10:17:54.880: %ACL-7-ENTRY_DONOT_EXIST: acl.c:301 Unable to find an ACL by name "none".[...It occurred 4 times/sec!.]

*dot1xMsgTask: Feb 20 10:18:09.079: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

0 Helpful
Konstantin Kabassanov
Beginner
Beginner
In response to Stephen Rodriguez
‎01-24-2012 10:07 AM
‎01-24-2012 10:07 AM

It is not really an issue (at least I can't see any relation with my actual issues ), just trying to clean up my logs...

You are right about the overwriting issue (I posted a similar message to the "Radius override disabled?" item), because "overwrited" attributes don't seem to be sent by the radius server...

0 Helpful
Latest Contents
Cisco Prime Infrastructure log4j Security Patch Upgrade Proc...
Created by sridhkri on 04-25-2022 10:00 PM
0
0
0
0
What is Log4j? The Log4j vulnerability allows malicious attackers to execute code remotely on any targeted computer, the Apache Software Foundation disclosed a security vulnerability in a widely-used Java software library called Log4j. What is t... view more
Prime 3.10.1 upgrade procedure
Created by sridhkri on 03-22-2022 03:06 AM
0
0
0
0
Below procedure for installing from prime 3.10 to 3.10.1   Pre-requisite for any MR release upgrade   Take the backup of prime db on external tftp server (recommended). If you are running on VM than take a snap-shop of prime VM so you can resto... view more
Use Case Based Comparison of Prime Infrastructure and DNA Ce...
Created by rajktiwa on 03-02-2022 02:12 AM
0
10
0
10
Overview This article compares Prime Infra (PI) and DNA Center for a wireless user of Catalyst 9800 controller. As a Quality assurance test engineer for Prime Infra, there was always an inquisitiveness to compare Prime Infra with DNA Center for a specific... view more
How To Add Wireless Guest User via Powershell and RESTCONF
Created by remi_at on 02-02-2022 03:26 AM
0
15
0
15
SymptomsYou want to automate guest-user creation on your Cisco 9800 Wireless LAN Controller SolutionSince new WLCs do not allow adding guest users via SNMP, I have created a new script that uses RESTCONF via HTTPS.Tested on Cisco 9800-CL virtual wire... view more
AP1815, AP1830, AP1850... can't be converted to Mobility Exp...
Created by Rps-Cheers on 12-16-2021 12:25 AM
3
5
3
5
In some cases, there may be an abnormality in one of the part files of these COS APs, which makes it impossible to convert to Mobility Express. At this time, you will encounter the following error.##########################################################... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad