Controller Based WLANs

How do I see the traffic hitting a specific ACL in the controller logs?

Aruba Employee

This article explains the steps to log traffic hitting an access list configured under the role in which the client falls.

 

Sometimes, customers need to view all the traffic hitting a specific ACL configured in the role for monitoring purpose. We can achieve this by enabling logging on that specific ACL.

We would need PEFNG license on the controller to achieve this.

 

 

Environment : This article applies to all the controller models and AOS versions.

 

  1. Navigate to Configuration> Access Control> Policy
  2. Edit existing policy or Click Add to create a new Policy
  3. Add the ACL and enable the Log checkbox.

rtaImage.png

 

 

4.Click Apply
5. Map the created Policy to the Role in which the client is supposed to fall.

In case there is a syslog server configured on the controller, the same logs can be seen on the syslog server as well.

 

In the example configuration, we have created a policy named “ICMP-Deny” and mapped it to the role Guest in which the client is falling.

 

(Aruba3400) #show user-table
 
Users
-----
    IP           MAC            Name     Role      Age(d:h:m)  Auth  VPN link  AP name            Roaming   Essid/Bssid/Phy                       Profile  Forward mode  Type  Host Name
----------  ------------       ------    ----      ----------  ----  --------  -------            -------   ---------------                       -------  ------------  ----  ---------
172.16.0.9  7c:e9:d3:2d:3c:55            guest     00:00:00                    6c:f3:7f:c3:07:bc  Wireless  Log-Test-SSID/6c:f3:7f:b0:7b:d0/a-HT  default  tunnel       
 
User Entries: 1/1
 Curr/Cum Alloc:1/7 Free:1/6 Dyn:2 AllocErr:0 FreeErr:0

 

Following command shows the logs in which we see the traffic hitting the ACL.

 

(Aruba3400) #show log all 10
 
Sep 27 10:18:26  authmgr[1577]: <124006> <WARN> |authmgr|  {3} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7475, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:31  authmgr[1577]: <124006> <WARN> |authmgr|  {4} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7476, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:35  authmgr[1577]: <124006> <WARN> |authmgr|  {5} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7477, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:36  authmgr[1577]: <124006> <WARN> |authmgr|  {6} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7478, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:36  authmgr[1577]: <124006> <WARN> |authmgr|  {7} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7479, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:41  authmgr[1577]: <124006> <WARN> |authmgr|  {8} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7480, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:45  authmgr[1577]: <124006> <WARN> |authmgr|  {9} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7481, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:46  authmgr[1577]: <124006> <WARN> |authmgr|  {10} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7482, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:47  authmgr[1577]: <124006> <WARN> |authmgr|  {11} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7483, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:51  authmgr[1577]: <124006> <WARN> |authmgr|  {12} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7484, id=1, action=deny, role=guest, policy=ICMP-Deny

 

 

Version history
Revision #:
1 of 1
Last update:
‎07-14-2014 09:39 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.