Wireless Access

Occasional Contributor II

Mobility Controller Firewall or Policy Hits

Hi all,


I did a brief search, so apologies if this is a repeat discussion, but is there a way on the MM (or maybe Clearpass?) to see how many times a certain role or policy is hit on the network?


Also, is there a way to export all roles and policies off the MM and MD via the GUI or CLI?


We are running if that matters at all.


Thanks for any and all input!

Guru Elite

Re: Mobility Controller Firewall or Policy Hits

For each MD, you could type "show acl hits" to see how many times a policy was hit.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Mobility Controller Firewall or Policy Hits

Awesome, thank you!

Frequent Contributor II

Re: Mobility Controller Firewall or Policy Hits

The 'show rights' command will display a list of all of the roles. Next to each role name is an ACL List which is just a listing of all of the policies assigned to each role.


'show rights <rolename>' will display the specified role, the policies assigned to it, and the rules assigned to each policy. I believe it is the only place you can see the whole picture; role - policies assigned to the role - rules assigned to each policy.


'show datapath acl id <id#>' display the line by line interpretation of the role. This output converts any aliases to their definition. If a single firewall rule references a netdestination alias that contains 4 hosts, this output shows 4 rules, one for each netdestination alias. This is the hardcore presentation of how the controller processes the firewall rules. The <id#> can be found from either of the previous commands i mentioned. You will need to go to the CLI reference guide and do some digging to understand how to interpret this output.


This doesn't give you exactly what you were looking for as far as exporting the roles, but it may help. A simple copy from the CLI will allow you paste any of these elsewhere.


I hope this helps,


Sr. Trainer and Author of "Understanding ArubaOS: Version 8.x" book
Search Airheads
Showing results for 
Search instead for 
Did you mean: