Environment : Controller with AP's and users terminating on it
How do we check what are the datapath packets which are hitting any pre-configured deny ACL on the Aruba controller?
use the below commands to check the deny events:
#show log errorlog <no-of-lines-to-display> | include deny
#show log security all
Oct 11 01:35:04 :103062: <INFO> |ike| Starting cryptoPOST
Oct 11 02:02:01 :124006: <WARN> |authmgr| {0} ICMP srcip=172.16.0.253 dstip=17
2.16.0.254, type=8, code=0, sequence=1280, id=512, action=deny, role=logon, poli
cy=logon-control
Oct 11 02:02:06 :124006: <WARN> |authmgr| {1} ICMP srcip=172.16.0.253 dstip=17
2.16.0.254, type=8, code=0, sequence=1536, id=512, action=deny, role=logon, poli
cy=logon-control
Oct 11 02:02:12 :124006: <WARN> |authmgr| {2} ICMP srcip=172.16.0.253 dstip=17
2.16.0.254, type=8, code=0, sequence=1792, id=512, action=deny, role=logon, poli
cy=logon-control
Oct 11 02:02:17 :124006: <WARN> |authmgr| {3} ICMP srcip=172.16.0.253 dstip=17
2.16.0.254, type=8, code=0, sequence=2048, id=512, action=deny, role=logon, poli
cy=logon-control
Issue the following command to configure the controller to log the deny event of svc-icmp for a particular role:
(A3200)(config-sess-logon-control)#any any svc-icmp deny log