Wireless Access

Reply
PVS
Occasional Contributor II

RAP with split tunnel ACLs

Hi,

 

RAP with split tunnel ACLs and dot1x auth.

I configured RAP with split tunnel and the traffics are routed just fine.

 

I checked it by tracert, show datapath session table <client's IP> shows the tunneled traffics alone, Also #show datapath session ap-name <name of the AP> shows the tunneled traffic and not the local traffic.

 

However, I am unable to see any acl hits when I execute the command #show acl hits and #show acl hits role <default-role>.

 

When I give the forward mode as tunnel, I see the acl hits but with split-tunnel it doesn't. 

 

#show acl hits and #show acl hits role <default-role> doesn't show the split-tunnel acls at all. I would like to know why it doesn't show.

 

Thanks in advance.

 

Regards,

 

Sandeep.

 

 

Highlighted
Guru Elite

Re: RAP with split tunnel ACLs

When you have a split tunnel ACL, all the traffic is managed by a firewall on the AP.  The "show datapath session ap-name <name of ap> table" should show you everything on the split tunneled ACL.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
PVS
Occasional Contributor II

Re: RAP with split tunnel ACLs

Thank you colin for that quick response. I see the traffic in "show datapath session ap-name <name of ap> table" but I would like to know why am I unable to see it in show acl hits and show acl hits role <role_name>.

Guru Elite

Re: RAP with split tunnel ACLs

Those commands only monitor when the controller's firewall is enforcing the traffic.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
PVS
Occasional Contributor II

Re: RAP with split tunnel ACLs

Thank you colin.

 

Could you please send us a document regarding this? - Split tunnel acl - Those commands only monitor when the controller's firewall is enforcing the traffic.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: