Symptom
%CTS-2-AUTHZ_POLICY_SGACL_ACE_FAILED: Failed to download ACEs for SGACL 'TCP_SGACL_101' for SGT=164-69:Server164 due to ACE 'missing/incomplete' error
Conditions
On the fresh device directly download 20*100 matrix with CoA operation
Once all the policies being downloaded perform "no cts role-based enforcement" / "cts role-based enforcement"
Further Problem Description
FF-9200#show debugging
General OS:
AAA CoA packet processing debugging is on
Packet Infra debugs:
Ip Address Port
------------------------------------------------------|----------
CTS:
CTS CoA event debugging is on
Radius protocol debugging is on
Radius packet protocol debugging is on
Radius table debugging is on
FF-9200#
FF-9200#show run | s enfor
cts role-based enforcement
cts role-based enforcement vlan-list 1041,2041
FF-9200#
FF-9200#show cts role-based sgt-map summ
-IPv4-
IP-SGT Active Bindings Summary
============================================
Total number of CLI bindings = 104
Total number of LOCAL bindings = 1001
Total number of INTERNAL bindings = 5
Total number of active bindings = 1110
-IPv6-
IP-SGT Active Bindings Summary
============================================
Total number of active bindings = 0
FF-9200#show cts ro per | c IPv4 Role-based permissions
Number of lines which match regexp = 2001
FF-9200#
FF-9200#show logg | in missing/incomplete
May 7 14:22:57.975: %CTS-2-AUTHZ_POLICY_SGACL_ACE_FAILED: Failed to download ACEs for SGACL 'TCP_SGACL_101' for SGT=164-69:Server164 due to ACE 'missing/incomplete' error
FF-9200#
