You may add an ACL entry at the bottom with deny + log:
sw01-12p(config-ext-nacl)# deny ip any any log
That should send logs of denied traffic to the switch log and possibly to a configured syslog server. Not 100% sure if a 2530 supports this, the example is from a 2930F.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 24, 2024 10:07 AM
From: andriuka
Subject: How to debug which traffic is denied of authenticated device by user-roles policy?
Hello community,
Client has a AOS-S 2530 switches through which printers are authenticated and clearpass returns printers local use role name. This printer user role has a policy with few classes configured. There are some problems with those printers, and there is a need to understand what specific class or classes should be added to allow printers work correctly.
Is there a way to debug which traffic is blocked by current user-role policy?
Thank you for your support.