Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ACL-7-ENTRY_DONOT_EXIST

Hello,

From  a 4402 wireless controller (7.0.220.0) I get a lot of syslog messages like this:

*SNMPTask: Jan 19 17:03:25.485: %ACL-7-ENTRY_DONOT_EXIST: acl.c:301 Unable to find an ACL by name "none".

*Dot1x_NW_MsgTask_0: Jan 19 17:03:39.246: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

There are no ACL rules defined on the controller.

Any idea?

Thanks.

10 REPLIES

Re: ACL-7-ENTRY_DONOT_EXIST

Are you by chance configured to push back an ACL from AAA?

Steve

Sent from Cisco Technical Support iPad App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: ACL-7-ENTRY_DONOT_EXIST

Hmmm, what should it be? Authentication is provided by freeradius server.

New Member

Re: ACL-7-ENTRY_DONOT_EXIST

Following on from Steve, check the free radius server authentication and authorization to see if you are allocation an ACL to authenticated users.

Sent from Cisco Technical Support iPhone App

Re: ACL-7-ENTRY_DONOT_EXIST

I don't think so... What kind of radius attributes these ACLs should be carried by to the controller?

Re: ACL-7-ENTRY_DONOT_EXIST

Definitely not...

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processIncomingMessages: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processRadiusResponse: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: b4:07:f9:71:72:e9 Access-Accept received from RADIUS server 10.129.0.244 for mobile b4:07:f9:71:72:e9 receiveId = 2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: AuthorizationResponse: 0x13c88408^M ^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   structureSize................................242^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   resultCode...................................0^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   protocolUsed.................................0x00000001^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   proxyState...................................B4:07:F9:71:72:E9-02:08^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   Packet contains 7 AVPs:^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[01] Tunnel-Medium-Type.......................0x00000006 (6) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[02] Tunnel-Type..............................0x0000000d (13) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[03] User-Name................................user12 (6 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[04] Microsoft / MPPE-Recv-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[05] Microsoft / MPPE-Send-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[06] EAP-Message..............................0x03090004 (50921476) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[07] Message-Authenticator....................DATA (16 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 2

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Applying new AAA override for station b4:07:f9:71:72:e9

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values for station b4:07:f9:71:72:e9      source: 4, valid bits: 0x0^M    qosLevel: -1, dscp: 0xffffffff, dot1pTag

: 0xffffffff, sessionTimeout: -1

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1         vlanIfName: '', aclName: ''

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: b4:07:f9:71:72:e9 Unable to apply override policy for station b4:07:f9:71:72:e9 - VapAllowRadiusOverride is FALSE

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 4

Re: ACL-7-ENTRY_DONOT_EXIST

so let me ask. Is this causing an issue or are you just wondering g what the message means?

To me it looks like the AAA is returning attributes ti the client but the WLAN is not allowing AAA override. So it ignores the attributes.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Hall of Fame Super Silver

Re: ACL-7-ENTRY_DONOT_EXIST

I agree with Steve.  You have something setup in radius to send these back to the wlc:

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values for station b4:07:f9:71:72:e9 source: 4, valid bits: 0x0^M qosLevel: -1, dscp: 0xffffffff, dot1pTag

: 0xffffffff, sessionTimeout: -1

-Scott
*** Please rate helpful posts ***

Re: ACL-7-ENTRY_DONOT_EXIST

I have a tcpdump trace in front of me... Nothing makes me beleive that these values come from the radius server... It is like they come from the controller...

New Member

Re: ACL-7-ENTRY_DONOT_EXIST

Any answer on this? I have the same message over and over. I'm not even using RADIUS and I have no ACLS. is this a bug?

*SNMPTask: Feb 20 10:17:54.880: %ACL-7-ENTRY_DONOT_EXIST: acl.c:301 Unable to find an ACL by name "none".[...It occurred 4 times/sec!.]

*dot1xMsgTask: Feb 20 10:18:09.079: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

Re: ACL-7-ENTRY_DONOT_EXIST

It is not really an issue (at least I can't see any relation with my actual issues ), just trying to clean up my logs...

You are right about the overwriting issue (I posted a similar message to the "Radius override disabled?" item), because "overwrited" attributes don't seem to be sent by the radius server...

1458
Views
0
Helpful
10
Replies