Wireless Access

Hi,

RAP with split tunnel ACLs and dot1x auth.

I configured RAP with split tunnel and the traffics are routed just fine.

I checked it by tracert, show datapath session table <client's IP> shows the tunneled traffics alone, Also #show datapath session ap-name <name of the AP> shows the tunneled traffic and not the local traffic.

However, I am unable to see any acl hits when I execute the command #show acl hits and #show acl hits role <default-role>.

When I give the forward mode as tunnel, I see the acl hits but with split-tunnel it doesn't. 

#show acl hits and #show acl hits role <default-role> doesn't show the split-tunnel acls at all. I would like to know why it doesn't show.

Thanks in advance.

Regards,

Sandeep.

When you have a split tunnel ACL, all the traffic is managed by a firewall on the AP.  The "show datapath session ap-name <name of ap> table" should show you everything on the split tunneled ACL.

Thank you colin for that quick response. I see the traffic in "show datapath session ap-name <name of ap> table" but I would like to know why am I unable to see it in show acl hits and show acl hits role <role_name>.

Those commands only monitor when the controller's firewall is enforcing the traffic.