Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How do you see denied traffic

This thread has been viewed 13 times

  • 1.  How do you see denied traffic

    Posted Aug 06, 2019 12:18 PM

    More roles testing issues. I am using the show datapath session table command and the show acl hits command, but do not see any denied traffic, but the traffic is not getting out. There are no restrictions beyond the controller, so it appears to be the roadblock.

     

    It appears the traffic is hitting the implicit deny in the policy, but I can't prove that. Is there something I am missing?



  • 2.  RE: How do you see denied traffic

    EMPLOYEE
    Posted Aug 06, 2019 04:23 PM

    show datapath session table <ip address of device>



  • 3.  RE: How do you see denied traffic

    Posted Aug 06, 2019 04:55 PM

    I have tried that. Doesn't show any denied traffic, nothing flagged with D



  • 4.  RE: How do you see denied traffic

    Posted Jun 16, 2020 10:04 AM

    Hello Chris,

    As you know, if there is a matching rule with the action deny, you should see the session with the command below:

     

    show datapath session table | include D

     

    I didn't find a way to see logs regarding the implied deny all applied when no rule matches the traffic.