08-26-2012 04:43 PM
What is the best way to troubleshoot session ACLs ? (for both cases when associated to a role or on an interface)
Is it possible to log only hits from a specific IP/MAC ?
08-26-2012 05:17 PM - edited 08-26-2012 05:18 PM
Each session ACL has a "log" parameter that you can enable. You have to delete then recreate the ACL to enable this, however. After you enable it, type "show log security 50" to see if you see any hits.
The best way is probably to type "show acl hits" and see if the counts go up.
To see what traffic is coming to/from a particular ip address, type "show datapath session table <ip address of client or target> to see that.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base