Message Image

Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

Skip main navigation (Press Enter).

Wireless Access

View Only

last person joined: yesterday

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.

Back to discussions

Expand all | Collapse all

Traffic Blocked, but which policy did it?

This thread has been viewed 0 times

1. Traffic Blocked, but which policy did it?

0 Kudos
Harbor Billy
Posted 4 hours ago

Reply Reply Privately
I have a pair of clustered 7220s running 8.10. I have a role for authenticated users. But users in this role are having port 443 traffic denied to a specific website.

show datapath session table shows:

Source IP or MAC Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags CPU ID
----------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- ---------- ---------- --------------- -------
10.10.32.104 10.80.0.4 6 12079 443 0/0 0 0 0 tunnel 2994 5 2 104 FDYC 27
10.10.32.104 10.80.0.4 6 12078 443 0/0 0 0 0 tunnel 2994 5 2 104 FDYC 27

show rights includes allowall which should allow the traffic, correct?

allowall
--------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Denylist Mirror DisScan IPv4/6 Contract Mark Description
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- -------- ------ ------- ------ -------- ---- -----------
1 any any any permit Low 4
2 any any any-v6 permit Low 6

So how can I figure out what policy is causing the D?

------------------------------
-Bill
------------------------------

Powered by Higher Logic