Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Access rule logs?

This thread has been viewed 5 times

  • 1.  Access rule logs?

    Posted Sep 28, 2020 09:27 AM
      |   view attached

    I've implemented some access rules on my wireless network to deny traffic by category.

     

    When the rule is matched and my clients are denied, is there a log where I can see the details on which rule was matched, long with client details (like iP and MAC)? I feel like there is, as the help for the access rule screen says the system will write to syslog when the rule it triggered. See attached screenshot.

     

    How do I access these syslogs? Can I see it locally on the AP, or do I have to configure syslogging to and external server?

     

    Any thoughts would be most appreciated. Thanks.

     

    Attachment(s)

    pdf
    screenshot.pdf   42 KB 1 version


  • 2.  RE: Access rule logs?
    Best Answer

    MVP
    Posted Oct 06, 2020 04:30 PM

    Did you check the box on the ACL to log it?

     

    I see from your screenshot that you chose to log the traffic. I haven't used an IAP in quite some time, but it should be in your security logs I believe, unless you have a syslog server defined, then it likely forwards via Syslog:

     

    show log security all

     

    Then if you find a matching rule, you can search again filtering just on that device:

     

    show log security all | include <device info like ip or mac>



  • 3.  RE: Access rule logs?

    Posted Oct 08, 2020 09:55 AM

    This is great, just what I was looking for, thanks!

     

    One more question - If I SSH into my Instant Virtual Controller, it only shows me the logs for the currrent master AP. Is there a way to see the logs for all AP's via SSH? Or do I have to use the GUI.

     

     



  • 4.  RE: Access rule logs?
    Best Answer

    MVP
    Posted Oct 08, 2020 10:06 AM

    I am not sure about the CLI, but in the GUI I know you can select which IAPs to view. Technically that's just running a CLI command so I'm sure you can, not sure the syntax or location though. Have you tried SSH to the APs actual IP instead of the VC's IP? I don't have any IAPs handy to test with, sorry. 



  • 5.  RE: Access rule logs?
    Best Answer

    Posted Oct 08, 2020 10:09 AM

    Individual AP's work fine to show their local logs via SSH. GUI works fine for seeing the logs across all AP's in separate tabs, this will suffice. Thanks again!



  • 6.  RE: Access rule logs?

    Posted Oct 09, 2020 01:47 AM

    Hi, good day.

    I'm quite new to this and need help...

    How do I configure and log all denied traffic on my Aruba switch?

    Thank you so much..



  • 7.  RE: Access rule logs?

    MVP GURU
    Posted Oct 09, 2020 06:28 AM
    If your talking about traffic denied by the ACLs, you would add a “log” statement at the end of each ACL policy line. For example,

    deny ip any any log



    Dustin Burns | Senior Mobility and Access Engineer | ACMX #509, ACCX #1272, ACSP, ACDA, ACEP, CCNP, CCDP, CCNA Wireless

    www.wei.com | dustin.burns@wei.com | Cell (860) 303-1231 | 43 Northwestern Drive Salem, NH 03079

    CLOUD SOLUTIONS | NETWORKING AND SECURITY | BIG DATA | MOBILITY AND END USER COMPUTING | DATA CENTER

    Sent from iPhone, please pardon any typos.


  • 8.  RE: Access rule logs?

    MVP GURU
    Posted Oct 09, 2020 06:28 AM
    If your talking about traffic denied by the ACLs, you would add a “log” statement at the end of each ACL policy line. For example,
     
    deny ip any any log