Wireless Access

Reply
Highlighted
Contributor I

How do you see denied traffic

More roles testing issues. I am using the show datapath session table command and the show acl hits command, but do not see any denied traffic, but the traffic is not getting out. There are no restrictions beyond the controller, so it appears to be the roadblock.

 

It appears the traffic is hitting the implicit deny in the policy, but I can't prove that. Is there something I am missing?

Highlighted
Guru Elite

Re: How do you see denied traffic

show datapath session table <ip address of device>


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: How do you see denied traffic

I have tried that. Doesn't show any denied traffic, nothing flagged with D

Highlighted
Aruba Employee

Re: How do you see denied traffic

Hello Chris,

As you know, if there is a matching rule with the action deny, you should see the session with the command below:

 

show datapath session table | include D

 

I didn't find a way to see logs regarding the implied deny all applied when no rule matches the traffic.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: