Question: How do I configure the controller to log the deny event by creating an ACL?
Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
You might have a user that is pinging the server continuously. If you view the logs, you can see which restricted user is pinging the server and you can log the deny event.
Issue the following command to check the deny events:
# show log errorlog < no> | include deny
#show log security all
Oct 11 01:35:04 :103062: <INFO> |ike| Starting cryptoPOST
Oct 11 02:02:01 :124006: <WARN> |authmgr| {0} ICMP srcip=172.16.0.253 dstip=17
2.16.0.254, type=8, code=0, sequence=1280, id=512, action=deny, role=logon, poli
cy=logon-control
Oct 11 02:02:06 :124006: <WARN> |authmgr| {1} ICMP srcip=172.16.0.253 dstip=17
2.16.0.254, type=8, code=0, sequence=1536, id=512, action=deny, role=logon, poli
cy=logon-control
Oct 11 02:02:12 :124006: <WARN> |authmgr| {2} ICMP srcip=172.16.0.253 dstip=17
2.16.0.254, type=8, code=0, sequence=1792, id=512, action=deny, role=logon, poli
cy=logon-control
Oct 11 02:02:17 :124006: <WARN> |authmgr| {3} ICMP srcip=172.16.0.253 dstip=17
2.16.0.254, type=8, code=0, sequence=2048, id=512, action=deny, role=logon, poli
cy=logon-control
Issue the following command to configure the controller to log the deny event of svc-icmp for a particular role:
(Aruba)(config-sess-logon-control)#any any svc-icmp deny log