Wired Intelligent Edge

 View Only
  • 1.  Debug ACL 's on Aruba 3810

    Posted Dec 12, 2017 08:54 AM

     

    How to debug ACL on the Aruba 3810 

     

    I have an ACL and i want to debug the deny statement at the end and I am currently not getting any result.

    If i use the command

     

    show statistics aclv4 101 port trk1 

     

    I get the hits,

     

    but i was trying to get is log or screen outputs for the the packets allowed and denied.

     

    i have used the following commands

    debug acl

    debug destination session

     

     

    I dont get any output form the ACL's but i do see hits on the ACL's

     

    Any ideas?

     



  • 2.  RE: Debug ACL 's on Aruba 3810
    Best Answer

    Posted Dec 21, 2017 08:29 AM

    Hi,

     

    I think you can do the following:

    - Indeed add log to permit/deny ACE entry

    - Configure Syslog server and facility logging

    - Enable 

         - debug destination logging

         - debug destination session

    - debug acl

     

    What will happen is details will be forwarded for first packet that hits log ACE entry. Than a wait timer starts for around 5 minutes and summary will be forwarded. This timer can also be configured with access-list logtimer <seconds between 30-300>.

     

    Hope this will help you!

     

    Regards, Dobias

     



  • 3.  RE: Debug ACL 's on Aruba 3810

    Posted Sep 29, 2019 02:06 PM

    Fast forward to AOS-CX...

     

    What are the comparable commands for an 8320 running AOS-CX !0.03+???

     

    Thanks in advance.



  • 4.  RE: Debug ACL 's on Aruba 3810

    Posted Sep 30, 2019 05:08 AM

    debug destination {buffer | console | file | syslog}

    debug acl {all | ipv4 | ipv6 | log | mac}

    show debug {buffer | destination}