Guest

Preview Tool

Cisco Bug: CSCuq52347 - Invalidate TCAM entry failed ID = 4 log when DACL is downloaded on int

Last Modified

Sep 16, 2017

Products (1)

  • Cisco 800 Series Routers

Known Affected Releases

15.4(2.17)T

Description (partial)

Symptom:
A DACL is downloaded as part of the Authorization profile and is applied on the interface correctly. User also gets access as defined in the DACL. However, the following log message appears over and over again which can be quite disruptive and misleading to the customer.

*Jul  3 20:35:06.843:  Invalidate TCAM entry failed ID = 4
*Jul  3 20:35:06.843:  Invalidate TCAM entry failed ID = 4
*Jul  3 20:35:06.843:  Invalidate TCAM entry failed ID = 4
*Jul  3 20:35:06.843:  Invalidate TCAM entry failed ID = 4
*Jul  3 20:35:06.843:  Invalidate TCAM entry failed ID = 4
*Jul  3 20:35:06.843:  Invalidate TCAM entry failed ID = 4
*Jul  3 20:35:06.843:  Invalidate TCAM entry failed ID = 4
*Jul  3 20:35:06.843:  Invalidate TCAM entry failed ID = 4

Conditions:
887 router running version 15.4(2)T1 and ISE running version 1.2
An authorization profile with a "permit ip any any" DACL is defined on the ISE. The interface is set up for dot1x and the user is authenticating via PEAP.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.