I did a brief search, so apologies if this is a repeat discussion, but is there a way on the MM (or maybe Clearpass?) to see how many times a certain role or policy is hit on the network?
Also, is there a way to export all roles and policies off the MM and MD via the GUI or CLI?
We are running 126.96.36.199 if that matters at all.
Thanks for any and all input!
For each MD, you could type "show acl hits" to see how many times a policy was hit.
Awesome, thank you!
The 'show rights' command will display a list of all of the roles. Next to each role name is an ACL List which is just a listing of all of the policies assigned to each role.
'show rights <rolename>' will display the specified role, the policies assigned to it, and the rules assigned to each policy. I believe it is the only place you can see the whole picture; role - policies assigned to the role - rules assigned to each policy.
'show datapath acl id <id#>' display the line by line interpretation of the role. This output converts any aliases to their definition. If a single firewall rule references a netdestination alias that contains 4 hosts, this output shows 4 rules, one for each netdestination alias. This is the hardcore presentation of how the controller processes the firewall rules. The <id#> can be found from either of the previous commands i mentioned. You will need to go to the CLI reference guide and do some digging to understand how to interpret this output.
This doesn't give you exactly what you were looking for as far as exporting the roles, but it may help. A simple copy from the CLI will allow you paste any of these elsewhere.
I hope this helps,
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.