Wired Intelligent Edge

How to debug ACL on the Aruba 3810 

I have an ACL and i want to debug the deny statement at the end and I am currently not getting any result.

If i use the command

show statistics aclv4 101 port trk1 

I get the hits,

but i was trying to get is log or screen outputs for the the packets allowed and denied.

i have used the following commands

debug acl

debug destination session

I dont get any output form the ACL's but i do see hits on the ACL's

Any ideas?

Hi,

I think you can do the following:

- Indeed add log to permit/deny ACE entry

- Configure Syslog server and facility logging

- Enable 

     - debug destination logging

     - debug destination session

- debug acl

What will happen is details will be forwarded for first packet that hits log ACE entry. Than a wait timer starts for around 5 minutes and summary will be forwarded. This timer can also be configured with access-list logtimer <seconds between 30-300>.

Hope this will help you!

Regards, Dobias

Fast forward to AOS-CX...

What are the comparable commands for an 8320 running AOS-CX !0.03+???

Thanks in advance.

debug destination {buffer | console | file | syslog}

debug acl {all | ipv4 | ipv6 | log | mac}

show debug {buffer | destination}