No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Log Reference

This document provides the explanations, causes, and recommended actions of logs on the product.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
CM

CM

CM/3/ALLOCUSERFAIL

Message

CM/3/ALLOCUSERFAIL: The number of [STRING1] users reaches the upper limit.(UserIP:[STRING2],Mac:[STRING3],Interface:[STRING4])

Description

The number of NAC users exceeds the upper limit on the interface.

Parameters

Parameter Name Parameter Meaning
[STRING1] Indicates the user name.
UserIP Indicates the user IP address.
Mac Indicates the user MAC address.
Interface Indicates the number of the interface through which users go online.

Possible Causes

The number of NAC users who go online through the interface exceeds the upper limit.

Procedure

  1. Run the display access-user interface interface-type interface-number command to check whether NAC users are proper.

    • If so, replace the device with a higher-performance device.
    • If not, replan the network.

  2. Collect log information and contact technical support personnel.

CM/3/CM_ADDUCLGROUPIPFAIL

Message

CM/3/CM_ADDUCLGROUPIPFAIL: Add ucl-group ip failed.([STRING])

Description

Failed to add the IP address to a UCL group.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the fault cause.

Possible Causes

The IP address failed to be dynamically added to a UCL group when a user went online, or failed to be added to a static UCL group in the following situations:
  • The card did not support the function of adding an IP address to a UCL group.
  • Static UCL group resources were insufficient.
  • The number of UCL IDs on the card or device exceeded the upper limit.

Procedure

  1. Check whether the card supports the function of adding an IP address to a UCL group.

    • If so, go to step 2.
    • If not, replace the card with another one that supports the function.

  2. Check whether the authorized UCL group is proper.

    • If so, replace the card or device with a higher-performance one.
    • If not, plan a proper UCL group to be authorized.

  3. Collect log and configuration information, and contact technical support personnel.

CM/3/CM_DYN_IPGROUP_EXC_MAX

Message

CM/3/CM_DYN_IPGROUP_EXC_MAX: [STRING]

Description

The number of IP addresses added to the UCL group for dynamic user authorization exceeded the upper limit.

Parameters

Parameter Name Parameter Meaning
[STRING]
  • The UCL group IP feature is not supported.
  • The UCL group IP is referred by '%s'.
  • The UCL group IP exists.
  • The UCL group IP does not exist.
  • The UCL group IP is up to the max number %lu.
  • Invalid UCL group IP subnet.
  • Invalid UCL group IP subnet mask.
  • The UCL group subnet overlaps with another configuration.
  • The local-access-user's ip conflicts with another user.

Possible Causes

The number of IP addresses in the UCL group exceeded the upper limit.

Procedure

  1. Check whether the UCL group for dynamic user authorization is proper on the server.

    • If so, replace the device with a higher-performance device.
    • If not, plan a proper UCL group for dynamic user authorization on the server.

  2. Collect log and configuration information, and contact technical support personnel.

CM/6/CM_USER_QUIETTABLE_ADD

Message

CM/6/CM_USER_QUIETTABLE_ADD: The user is added to quiet-table.(MAC Address:[STRING])

Description

The MAC authentication user is added to the quiet table.

Parameters

Parameter Name Parameter Meaning
[STRING] MAC address of the MAC authentication user.

Possible Causes

After the quiet function is enabled, the number of authentication failures for the MAC authentication user exceeds the threshold within a configured quiet period.

NOTE:

There is a difference of no more than 15 seconds between the configured quiet period and the actual quiet period that takes effect.

Procedure

  • This log message indicates a normal situation, and no action is required.

CM/6/CM_USER_QUIETTABLE_DEL

Message

CM/6/CM_USER_QUIETTABLE_DEL: The user is deleted from quiet-table.(MAC Address:[STRING])

Description

The MAC authentication user is deleted from the quiet table.

Parameters

Parameter Name Parameter Meaning
[STRING] MAC address of the MAC authentication user.

Possible Causes

When the quiet timer expires, the device re-authenticates the user.

NOTE:

There is a difference of no more than 15 seconds between the configured quiet period and the actual quiet period that takes effect.

Procedure

  • This log message indicates a normal situation, and no action is required.

CM/6/MAC_MOVE_QUIETTABLE_ADD

Message

CM/6/MAC_MOVE_QUIETTABLE_ADD: The user is added to mac-move quiet-table.(MAC:[STRING];PreInterface:[STRING];PreOuterVlan:[ULONG];PreInnerVlan:[ULONG];Interface:[STRING];OuterVlan:[ULONG];InnerVlan:[ULONG];TriggerPkt:[STRING])

Description

The user is added to the MAC address migration quiet table.

Parameters

Parameter Name Parameter Meaning
MAC:[STRING] MAC address of a user.
PreInterface:[STRING] Access interface before migration.
PreOuterVlan:[ULONG] Outer VLAN before migration.
PreInnerVlan:[ULONG] Inner VLAN before migration.
Interface:[STRING] Access interface after migration.
OuterVlan:[ULONG] Outer VLAN after migration.
InnerVlan:[ULONG] Inner VLAN after migration.
TriggerPkt:[STRING] Packet type for triggering MAC address migration.

Possible Causes

  1. The MAC address migration function is enabled using the authentication mac-move enable vlan { all | { vlan-id1 [ to vlan-id2 ] } &<1–10> } command.
  2. The device is enabled to record logs about MAC address migration using the authentication mac-move quiet-log enable command.
  3. The user is added to the MAC address migration quiet table when the number of migration times within 60 seconds exceeds the value specified by authentication mac-move quiet-times times.

Procedure

  • This log message is informational only, and no action is required.

CM/6/MAC_MOVE_QUIETTABLE_DEL

Message

CM/6/MAC_MOVE_QUIETTABLE_DEL: The user is deleted from mac-move quiet-table.(MAC:[STRING];PreInterface:[STRING];PreOuterVlan:[ULONG];PreInnerVlan:[ULONG];Interface:[STRING];OuterVlan:[ULONG];InnerVlan:[ULONG];TriggerPkt:[STRING])

Description

The user is deleted from the MAC address migration quiet table.

Parameters

Parameter Name Parameter Meaning
MAC:[STRING] MAC address of a user.
PreInterface:[STRING] Access interface before migration.
PreOuterVlan:[ULONG] Outer VLAN before migration.
PreInnerVlan:[ULONG] Inner VLAN before migration.
Interface:[STRING] Access interface after migration.
OuterVlan:[ULONG] Outer VLAN after migration.
InnerVlan:[ULONG] Inner VLAN after migration.
TriggerPkt:[STRING] Packet type for triggering MAC address migration.

Possible Causes

  1. The MAC address migration function is enabled using the authentication mac-move enable vlan { all | { vlan-id1 [ to vlan-id2 ] } &<1–10> } command.
  2. The device is enabled to record logs about MAC address migration using the authentication mac-move quiet-log enable command.
  3. The user is added to the MAC address migration quiet table when the number of migration times within 60 seconds exceeds the value specified by authentication mac-move quiet-times times.
  4. The user is deleted from the MAC address migration quiet table when the user quiet time exceeds the value specified by authentication mac-move quiet-period quiet-value.

Procedure

  • This log message is informational only, and no action is required.

CM/5/TUNNELSTATE

Message

CM/5/TUNNELSTATE: The control channel between the access and control devices failed. AS-MAC: %s.

CM/5/TUNNELSTATE: The control channel between the access and control devices was set up successfully. AS-MAC: %s.

Description

The CAPWAP tunnel between the access and control devices is faulty.

The CAPWAP tunnel between the access and control devices is established successfully.

Parameters

Parameter Name Parameter Meaning
AS-MAC Indicates the MAC address of the access device.

Possible Causes

The CAPWAP tunnel between the access and control devices is established successfully or faulty.

Procedure

  • If the CAPWAP tunnel is established successfully, no action is required.
  • If the CAPWAP tunnel is faulty, perform the following operations to rectify the fault:
    1. Check whether the link is normal.

      • If so, go to step 2.
      • If not, restore the link.

    2. Run the display capwap configuration command to check whether the CAPWAP tunnel configuration is correct.

      • If so, go to step 3.
      • If not, correct the configuration.

    3. Collect log and configuration information, and contact technical support personnel.

CM/4/UCLGROUP_RESOURCE_FULL

Message

CM/4/UCLGROUP_RESOURCE_FULL:[STRING]

Description

The number of static resource groups created on the card exceeded the upper limit allowed by the card, or the IP addresses in the UCL group are incorrect.

Parameters

Parameter Name Parameter Meaning
[STRING]
  • The UCL group IP feature is not supported.
  • The UCL group IP is referred by '%s'.
  • The UCL group IP exists.
  • The UCL group IP does not exist.
  • The UCL group IP is up to the max number %lu.
  • Invalid UCL group IP subnet.
  • Invalid UCL group IP subnet mask.
  • The UCL group subnet overlaps with another configuration.
  • The local-access-user's ip conflicts with another user.

Possible Causes

  • The number of static resource groups created on the card exceeded the upper limit allowed by the card.
  • The IP addresses in the UCL group were incorrect.

Procedure

  • Run the display ucl-group all command to view information about all UCL groups that have been created. If the number of static resource groups reaches the upper limit allowed by the card, no more static resource group can be created. Adjust the UCL group configuration.
  • Run the display ucl-group ip command to view information about UCL groups, and ensure that the UCL groups are correctly configured.

CM/5/USER_ACCESSRESULT

Message

Common Mode:

CM/5/USER_ACCESSRESULT:[USER_INFO_AUTHENTICATION]DEVICEMAC:[CHAR1];DEVICENAME:[STRING1];USER:[STRING2];MAC:[CHAR2];IPADDRESS:[IPADDRESS1];TIME:[STRING3];ZONE:[STRING4];DAYLIGHT:false;ERRCODE:[STRING5];RESULT:[STRING6];USERGROUP:[STRING7];AUTHENPLACE:[STRING8];CIB ID:[STRING9];INTERFACE:[STRING10];ACCESS TYPE:[STRING11];

Unified Mode:

Wired users:

CM/5/USER_ACCESSRESULT:[USER_INFO_AUTHENTICATION]DEVICEMAC:[CHAR1];DEVICENAME:[STRING1];USER:[STRING2];MAC:[CHAR2];IPADDRESS:[IPADDRESS1];TIME:[STRING3];ZONE:[STRING4];DAYLIGHT:false;ERRCODE:[STRING5];RESULT:[STRING6];UclGroupName:[STRING7];UclGroupId:[STRING8];AUTHENPLACE:[STRING8];CIB ID:[STRING9];INTERFACE:[STRING10];ACCESS TYPE:[STRING11];

Wireless users:

CM/5/USER_ACCESSRESULT:[WLAN_STA_INFO_AUTHENTICATION]ACMAC:[CHAR1];ACNAME:[STRING1];APMAC:[CHAR2];APNAME:[STRING2];USER:[STRING3];MAC:[CHAR3];IPADDRESS:[IPADDRESS1];TIME:[STRING4];ZONE:[STRING5];DAYLIGHT:false;ERRCODE:[STRING6];RESULT:[STRING7];UclGroupName:[STRING8];UclGroupId:[STRING9];AUTHENPLACE:[STRING10];CIB ID:[STRING11];INTERFACE:[STRING12];ACCESS TYPE:[STRING13];

Description

A user is being authenticated.

Parameters

Parameter Name Parameter Meaning
USER_INFO_AUTHENTICATION Indicates authentication for a wired user.
WLAN_STA_INFO_AUTHENTICATION Indicates authentication for a wireless user.
DEVICEMAC Indicates the device MAC address.
DEVICENAME Indicates the device name.
ACMAC Indicates the MAC address of an AC.
ACNAME Indicates the name of an AC.
APMAC Indicates the MAC address of an AP.
APNAME Indicates the name of an AP.
USER Indicates the user name.
NOTE:

The user name can contain only letters, digits, and special characters. Chinese characters are not allowed.

MAC Indicates the MAC address of the user.
IPADDRESS

Indicates the IP address of the user.

NOTE:

If there is no IP address in user authentication, the value is -.

TIME Indicates the system time.
ZONE Indicates the time zone.
DAYLIGHT Indicates whether the daylight saving time is used.
ERRCODE Indicates the error code for user authentication failure.
NOTE:
When the error code is 255, the error field is meaningless.
RESULT Indicates the authentication result.
USERGROUP Indicates the user group.
UclGroupName Indicates the ucl group name.
UclGroupId Indicates the ucl group id.
AUTHENPLACE Indicates NAC user authentication place.
NOTE:

Currently only NAC users support this field, PPP and management users do not support this field.

CIB ID CIB ID.
INTERFACE Access interface.
NOTE:
  • For management users, the field is not recorded.
  • For other users, if the user access interface is invalid, the field is not recorded.
ACCESS TYPE Access Type.
NOTE:

If the users cannot successfully go online, the access type is recorded as None.

Possible Causes

A user initiates authentication, pre-authentication, or modification of user group authorization information.

Procedure

  • This log message is informational only, and no action is required.

CM/0/USER_ADDACLFAIL

Message

CM/0/USER_ADDACLFAIL: The ACL cannot be added for NAC users. Ensure that this ACL is supported by the NAC service or ACL resources are sufficient. ([STRING])

Description

A user fails to be authorized by ACL. Check whether the configured ACL is supported or whether ACL resources are sufficient.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the user ID and MAC address.

Possible Causes

  • The delivered ACL is not included in the RADIUS attribute document.
  • The ACL failed to be delivered to the physical chip because of the chip error.
  • The ACL failed to be delivered to the physical chip because ACL resources were insufficient.

Procedure

  1. Run the display access-user user-id user-number command to check whether the authorized ACL is supported according to the RADIUS attribute document.

    • If not, deliver the ACL included in the RADIUS attribute document to the user. Run the display access-user user-id user-number command to check whether the ACL is delivered successfully.
    • If so, the ACL fails to be delivered to the physical chip. Go to step 2.

  2. Run the display acl resource command to check whether ACL resources are sufficient.

    • If not, release ACL resources and run the display acl resource command to check whether ACL resources are successfully released.
    • If yes, the ACL fails to be delivered to the physical chip. Go to step 3.

  3. Collect log information and configuration information, and then contact technical support personnel. You can collect diagnostic information using the display diagnostic-information command.

CM/4/USER_ADDCOSFAIL

Message

CM/4/USER_ADDCOSFAIL:The class of service cannot be added for NAC users. Ensure that the system resource is sufficient. ([STRING])

Description

The service class cannot be set for a user. Check whether system resources are sufficient.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the user IP and MAC address.

Possible Causes

The COS failed to be delivered to the physical chip because of the chip error.

Procedure

  1. Run the display acl resource command to check whether ACL resources on the card where the user locates are sufficient.

    • If not, release some ACL resources.
    • If so, this fault is caused by other lower-layer causes. Go to Step 2.

  2. Collect log information and configuration information, and then contact technical support personnel. You can collect diagnostic information using the display diagnostic-information command.

CM/0/USER_ADDSERVICEFAIL

Message

CM/0/USER_ADDSERVICEFAIL: Failed to set the user ([STRING]) service. Please check whether ACL resources are sufficient.

Description

The user service (such as CAR or tariff) fails to be set.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the user's IP address and MAC address.

Possible Causes

The ACL resource is exhausted.

Procedure

  1. Check whether the ACL resources are proper.

    • If so, replace the device with a higher-performance device.
    • If not, delete unnecessary ACL resources.

  2. Collect log information and contact technical support personnel.

CM/6/USER_AUTHORIZE_NOT_SUPPORT

Message

CM/6/USER_AUTHORIZE_NOT_SUPPORT: User's(UserIP:[userip],UserMac:[usermac]) authorization([authorization-info]) is not supported.

Description

The attribute authorized to user is not supported by the device.

Parameters

Parameter Name Parameter Meaning
UserIP Indicates the user IP address.
UserMac Indicates the user MAC address.
authorization-info Indicates the attribute authorized to user.

Possible Causes

The attribute authorized to user is not supported by the device.

Procedure

  • Check whether the device supports this authorized attribute. If the device supports the attribute,collect log information and configuration information, and then contact technical support personnel. You can collect diagnostic information using the display diagnostic-information command.
Related Topics

CM/5/USER_OFFLINERESULT

Message

Common Mode:

CM/5/USER_OFFLINERESULT:[USER_INFO_OFFLINE]DEVICEMAC:[CHAR1];DEVICENAME:[STRING1];USER:[STRING2];MAC:[CHAR2];IPADDRESS:[IPADDRESS1];TIME:[STRING3];ZONE:[STRING4];DAYLIGHT:false;ERRCODE:[STRING5];RESULT:[STRING6];USERGROUP:[STRING7];AUTHENPLACE:[STRING8];CIB ID:[STRING9];INTERFACE:[STRING10];ACCESS TYPE:[STRING11];

Unified Mode:

Wired users:

CM/5/USER_OFFLINERESULT:[USER_INFO_OFFLINE]DEVICEMAC:[CHAR1];DEVICENAME:[STRING1];USER:[STRING2];MAC:[CHAR2];IPADDRESS:[IPADDRESS1];TIME:[STRING3];ZONE:[STRING4];DAYLIGHT:false;ERRCODE:[STRING5];RESULT:[STRING6];UclGroupName:[STRING7];UclGroupId:[STRING8];AUTHENPLACE:[STRING8];CIB ID:[STRING9];INTERFACE:[STRING10];ACCESS TYPE:[STRING11];

Wireless users:

CM/5/USER_OFFLINERESULT:[WLAN_STA_INFO_OFFLINE]ACMAC:[CHAR1];ACNAME:[STRING1];APMAC:[CHAR2];APNAME:[STRING2];USER:[STRING3];MAC:[CHAR3];IPADDRESS:[IPADDRESS1];TIME:[STRING4];ZONE:[STRING5];DAYLIGHT:false;ERRCODE:[STRING6];RESULT:[STRING7];UclGroupName:[STRING8];UclGroupId:[STRING9];AUTHENPLACE:[STRING10];CIB ID:[STRING11];INTERFACE:[STRING12];ACCESS TYPE:[STRING13];

Description

A user goes offline.

Parameters

Parameter Name Parameter Meaning
USER_INFO_OFFLINE Indicates that a wired user gets offline.
WLAN_STA_INFO_OFFLINE Indicates that a wireless user gets offline.
DEVICEMAC Indicates the device MAC address.
DEVICENAME Indicates the device name.
ACMAC Indicates the MAC address of an AC.
ACNAME Indicates the name of an AC.
APMAC Indicates the MAC address of an AP.
APNAME Indicates the name of an AP.
USER Indicates the user name.
NOTE:

The user name can contain only letters, digits, and special characters. Chinese characters are not allowed.

MAC Indicates the MAC address of the user.
IPADDRESS

Indicates the IP address of the user.

NOTE:

If there is no IP address when the user is offline, the value is -.

TIME Indicates the system time.
ZONE Indicates the time zone.
DAYLIGHT Indicates whether the daylight saving time is used.
ERRCODE Indicates the error code for the user offline event.
RESULT Indicates the result of the user offline event.
USERGROUP Indicates the user group.
UclGroupName Indicates the ucl group name.
UclGroupId Indicates the ucl group id.
AUTHENPLACE Indicates NAC user authentication place.
CIB ID Indicates the CIB ID.
INTERFACE Indicates the access interface.
NOTE:
  • For management users, the field is not recorded.
  • For other users, if the user access interface is invalid, the field is not recorded.
ACCESS TYPE Indicates the access Type.
NOTE:

If the users cannot successfully go online, the access type is recorded as None.

Possible Causes

A user goes offline.

Procedure

  • This log message is informational only, and no action is required.

CM/3/USERSPECFULL

Message

CM/3/USERSPECFULL: The number of access users reaches the upper limit on the device.

Description

The number of access users exceeds the upper limit on the device.

Parameters

Parameter Name Parameter Meaning
None None

Possible Causes

The number of access users exceeds the upper limit on the device.

Procedure

  1. Run the display access-user command to check whether access users are proper.

    • If so, replace the device with a higher-performance device.
    • If not, replan the network.

  2. Collect log information and contact technical support personnel.

CM/6/USER_COA_AUTHORIZE_COMMAND

Message

CM/6/USER_COA_AUTHORIZE_COMMAND: The command([STRING]) is authorized to the user(UserIP:[STRING],UserMac:[STRING],UserInterface:[STRING]).

Description

User-command field in the RADIUS attribute carried in a CoA packet.

Parameters

Parameter Name Parameter Meaning
command User-command. The value can be Bounce or Down.
UserIP IP address of the authorized user.
UserMac MAC address of the authorized user.
UserInterface Access interface of the authorized user.

Possible Causes

When the value of the user-command field in the RADIUS attribute HW-Ext-Specific(26-238) carried in a CoA packet is 2 or 3 and the radius-server authorization hw-ext-specific command bounce-port disable or radius-server authorization hw-ext-specific command down-port disable command is not configured, the CM/6/USER_COA_AUTHORIZE_COMMAND log is recorded. If the value of the user-command field is 2, the port where the authorized user resides is intermittently interrupted. If the value of the user-command field is 3, the port where the authorized user resides is disabled.

Procedure

  • This log records the reason why the current port is disabled or intermittently interrupted, and no action is required.

CM/6/USER_NAME_COUNT_FAIL

Message

CM/6/USER_NAME_COUNT_FAIL: User's username count operation failed.(CIB ID:[ULONG],ACCESS TYPE:[STRING],OPERTYPE:[STRING],MAXNUM:[ULONG],CURNAME:[STRING],EXISTNAME:[STRING])

Description

The number of user names failed to be count.

Parameters

Parameter Name Parameter Meaning
CIB ID:[ULONG] Indicates the user ID.
ACCESS TYPE:[STRING] Indicates the access type.
OPERTYPE:[STRING] Indicates the operation type.
MAXNUM:[ULONG] Indicates the maximum number of user connections.
CURNAME:[STRING] Indicates the current user name.
EXISTNAME:[STRING] Indicates the existing user name.

Possible Causes

The device failed to get username.

Procedure

  • This log message is informational only, and no action is required.

CM/3/NOT_SUPPORT_CONTROL_POINT

Message

CM/3/NOT_SUPPORT_CONTROL_POINT: The authentication control-point configuration cannot take effect on [STRING], because it resides on a non-X series card.

Description

The authentication control-point command cannot take effect on [STRING].

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates an interface.

Possible Causes

When the interfaces on some models or cards function as the control point, they can only directly forward user traffic. That is, only the authentication control-point open command can be configured.

Procedure

  • Reconfigure this command based on the precautions in the authentication control-point command.
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065665

Views: 5492

Downloads: 15

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next