This article explains the steps to log traffic hitting an access list configured under the role in which the client falls.
Sometimes, customers need to view all the traffic hitting a specific ACL configured in the role for monitoring purpose. We can achieve this by enabling logging on that specific ACL.
We would need PEFNG license on the controller to achieve this.
Environment : This article applies to all the controller models and AOS versions.
- Navigate to Configuration> Access Control> Policy
- Edit existing policy or Click Add to create a new Policy
- Add the ACL and enable the Log checkbox.
4.Click Apply
5. Map the created Policy to the Role in which the client is supposed to fall.
In case there is a syslog server configured on the controller, the same logs can be seen on the syslog server as well.
In the example configuration, we have created a policy named “ICMP-Deny” and mapped it to the role Guest in which the client is falling.
(Aruba3400) #show user-table
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- ---------
172.16.0.9 7c:e9:d3:2d:3c:55 guest 00:00:00 6c:f3:7f:c3:07:bc Wireless Log-Test-SSID/6c:f3:7f:b0:7b:d0/a-HT default tunnel
User Entries: 1/1
Curr/Cum Alloc:1/7 Free:1/6 Dyn:2 AllocErr:0 FreeErr:0
Following command shows the logs in which we see the traffic hitting the ACL.
(Aruba3400) #show log all 10
Sep 27 10:18:26 authmgr[1577]: <124006> <WARN> |authmgr| {3} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7475, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:31 authmgr[1577]: <124006> <WARN> |authmgr| {4} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7476, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:35 authmgr[1577]: <124006> <WARN> |authmgr| {5} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7477, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:36 authmgr[1577]: <124006> <WARN> |authmgr| {6} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7478, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:36 authmgr[1577]: <124006> <WARN> |authmgr| {7} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7479, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:41 authmgr[1577]: <124006> <WARN> |authmgr| {8} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7480, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:45 authmgr[1577]: <124006> <WARN> |authmgr| {9} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7481, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:46 authmgr[1577]: <124006> <WARN> |authmgr| {10} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7482, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:47 authmgr[1577]: <124006> <WARN> |authmgr| {11} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7483, id=1, action=deny, role=guest, policy=ICMP-Deny
Sep 27 10:18:51 authmgr[1577]: <124006> <WARN> |authmgr| {12} ICMP srcip=172.16.0.9 dstip=172.16.0.254, type=8, code=0, sequence=7484, id=1, action=deny, role=guest, policy=ICMP-Deny