Controller Based WLANs

How do I check which ACLs are hit in bridge or split-tunnel mode APs?

 

 

Product and Software:This article applies to all Aruba controllers and ArubaOS versions.

 

To check which ACLs are hit in bridge or split-tunnel mode APs, issue the following commands.

 

(Aruba) #show datapath user ap-name 00:0b:86:66:14:01

 

Datapath User Table Entries

---------------------------

Flags: P - Permanent, W - WEP, T- TKIP, A - AESCCM, G - AESGCM, V - ProxyArp to/for MN(Visitor),

       N - VPN, L - local, Y - Any IP user, R - Routed user, M - Media Capable,

       S - Src NAT with VLAN IP, E - L2 Enforced, F - IPIP Force Delete, O - VOIP user

FM(Forward Mode): S - Split, B - Bridge, N - N/A

 

       IP                        MAC                   ACLs    Contract   Location  Age    Sessions   Flags   Vlan   FM

---------------     -----------------  -------  ---------  --------  ---    ---------  -----   ----   --

10.6.50.149         00:21:6A:4A:08:EC    78/0     0/0          0             190     70/65535               3      S

10.3.67.2             00:0B:86:F0:20:F4  2703/0     0/0          0          1323     0/65535     P        0      N

10.3.67.1              00:0B:86:F0:20:B8  2703/0     0/0          0        1326     0/65535     P         0      N

192.168.177.1     00:0B:86:66:14:01  2700/0     0/0          0        50879    0/65535     P      177      N

0.0.0.0                   00:23:14: D4: D6:5C    78/0     0/0           0             0        0/65535     P        3      S

10.3.102.170        00:23:14 : D4: D6:5C    78/0     0/0          0              1       70/65535              3      S

0.0.0.0                   00:24: D6:64: DA: DE    78/0     0/0          0              0        0/65535     P        3      S

10.3.102.250        00:24: D6:64: DA: DE    78/0     0/0          0              1       28/65535              3      S

173.228.72.251    00:0B:86:66:14:01  2700/0     0/0          0            6        1/65535     P        3      N


(Aruba) #show datapath acl 78 ap-name 00:0b:86:66:14:01

 Datapath ACL 78 Entries

-----------------------

Flags: P - permit, L - log, E - established, M/e - MAC/etype filter

       S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror

       I - Invert SA, i - Invert DA, H - high prio, O - set prio

       A - Disable Scanning, T - set TOS, 4 - IPv4, 6 - IPv6

       C - Classify Media

----------------------------------------------------------------

1: any  any 17  0-65535  67-68  PLm4  hits  1008

2: user  10.0.0.0 255.0.0.0  any  PLm4  hits  682805

3: user  172.18.0.0 255.255.0.0  any  PLm4

4: 10.0.0.0 255.0.0.0  user  any  PLm4  hits  5333

5: 172.18.0.0 255.255.0.0  user  any  PLm4

6: user  any  any  PSR4  hits  37873

7: any  any  any  46  hits  17

Version History
Revision #:
3 of 3
Last update:
‎07-02-2014 05:33 PM
Updated by:
 
Labels (1)
Contributors
Comments
Aruba Aruba

The command syntax seems to have changed in 6.4.3.2

 

 #show datapath acl id 203 ?
verbose                 Prints expanded ACL
|                       Output Modifiers
<cr>

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.