06-07-2019 07:38 AM
I did a brief search, so apologies if this is a repeat discussion, but is there a way on the MM (or maybe Clearpass?) to see how many times a certain role or policy is hit on the network?
Also, is there a way to export all roles and policies off the MM and MD via the GUI or CLI?
We are running 22.214.171.124 if that matters at all.
Thanks for any and all input!
Solved! Go to Solution.
06-07-2019 09:19 AM
For each MD, you could type "show acl hits" to see how many times a policy was hit.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Re: Mobility Controller Firewall or Policy Hits
06-07-2019 11:49 AM
The 'show rights' command will display a list of all of the roles. Next to each role name is an ACL List which is just a listing of all of the policies assigned to each role.
'show rights <rolename>' will display the specified role, the policies assigned to it, and the rules assigned to each policy. I believe it is the only place you can see the whole picture; role - policies assigned to the role - rules assigned to each policy.
'show datapath acl id <id#>' display the line by line interpretation of the role. This output converts any aliases to their definition. If a single firewall rule references a netdestination alias that contains 4 hosts, this output shows 4 rules, one for each netdestination alias. This is the hardcore presentation of how the controller processes the firewall rules. The <id#> can be found from either of the previous commands i mentioned. You will need to go to the CLI reference guide and do some digging to understand how to interpret this output.
This doesn't give you exactly what you were looking for as far as exporting the roles, but it may help. A simple copy from the CLI will allow you paste any of these elsewhere.
I hope this helps,
Sr. Trainer and Author of "Understanding ArubaOS: Version 8.x" book