Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4501
Views
0
Helpful
7
Replies

WLC logs Authentication failed for client xxx ACL override mismatch from AAA server

Not applicable

‎07-09-2017 01:39 PM - last edited on ‎07-05-2021 07:18 AM by Community Manager

Hi,

 

Have simple setup where the wlc uses ISE for Radius for AAA , and get this message 

%APF-3-CLIENT_NO_ACCESS: Authentication failed for client: 74:8d:08:6a:f1:43. ACL override mismatch from AAA server

The authC policy checks wireless MAB and default network access and continue if user not found.

At this point the from the ISE does not show an error, but the wlc displays the above error in the log, and the user is not able to connect to the WLAN .

Any useful suggestions would be great 

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Francesco Molino
VIP Alumni
VIP Alumni

‎07-09-2017 02:34 PM

Hi 

Is there a firewall between your ise and wlc? 

They communicate for CoA over udp/1700.

What are the logs on ISE? 

Was it working before? 

Does the acl name between ISE  profile and wlc are exactly the same (case sensitive).

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Not applicable
In response to Francesco Molino

‎07-09-2017 03:20 PM

Hi Franceso,

no f/w. yes it was working before. Will double check the acl names 

thanks

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to

‎07-10-2017 03:01 AM

Ok let us know. Otherwise gives us the full ISE log for that specific authentication into a text file. 

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Not applicable
In response to Francesco Molino

‎07-10-2017 06:25 AM

Hi Franceso,

I've attached the log but no issues here but get this error in the wlc

*apfReceiveTask: Jul 10 13:14:36.368: %APF-3-CLIENT_NO_ACCESS: apf_80211.c:4395 Authentication failed for client: 74:8d:08:6a:f1:43. ACL override mismatch from AAA server.

when you try to associate to the ssid it disconnects you very quickly

Cheers

Tony

 

Preview file
4 KB
0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to

‎07-10-2017 10:55 AM

Hi Tony

This log is the 1st step when your user is redirected to the portal. 

Are you redirected well to the portal? 

The issue occurs after portal login right? 

Do you have any logs on ISE regarding that step? 

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Not applicable
In response to Francesco Molino

‎07-10-2017 04:49 PM

Hi Franceso,

now resolved ! 

It was the acl on the wlc under 

All APs > ap1 >External WebAuth ACL Mappings that had not been applied

Can you believe that !

I well good learning curve for me on this one 

ciao

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to

‎07-11-2017 08:41 AM

Hi 

Nice to hear that everything is good now. 

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card