Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
CM/0/USER_ADDACLFAIL
Message
CM/0/USER_ADDACLFAIL: The ACL cannot be added for NAC users. Ensure that this ACL is supported by the NAC service or ACL resources are sufficient. ([STRING])
Description
A user fails to be authorized by ACL. Check whether the configured ACL is supported or whether ACL resources are sufficient.
Possible Causes
- The delivered ACL is not included in the RADIUS attribute document.
- The ACL failed to be delivered to the physical chip because of the chip error.
- The ACL failed to be delivered to the physical chip because ACL resources were insufficient.
Procedure
- Run the display access-user user-id user-number command to check whether the authorized
ACL is supported according to the RADIUS attribute document.
- If not, deliver the ACL included in the RADIUS attribute document to the user. Run the display access-user user-id user-number command to check whether the ACL is delivered successfully.
- If so, the ACL fails to be delivered to the physical chip. Go to step 2.
- Run the display acl resource command
to check whether ACL resources are sufficient.
- If not, release ACL resources and run the display acl resource command to check whether ACL resources are successfully released.
- If yes, the ACL fails to be delivered to the physical chip. Go to step 3.
- Collect log information and configuration information, and then contact technical support personnel. You can collect diagnostic information using the display diagnostic-information command.