Wired Intelligent Edge

hopefully in right area...

have an ACL on 3810 which is assigned to locked down WiFi Vlan.  Have issue accessing devices on this wifi for support, I'm on 10.10.20.x

The log server is only getting "Router ACL v200-in, seq#80 denied 2122 packets, direction in"

I can't seem to see the packet details being blocked - what am I missing ?

ACL (basic version)

ip access-list extended "v200-in"
     deny tcp 10.10.10.0 0.0.0.255 10.10.1.0 0.0.0.255 eq 21
     deny tcp 10.10.10.0 0.0.0.255 10.10.1.0 0.0.0.255 eq 22
     deny tcp 10.10.10.0 0.0.0.255 10.10.1.0 0.0.0.255 eq 23
     remark support
     permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
     remark services
     permit ip 10.10.10.0 0.0.0.255 192.168.210.0 0.0.0.255
     remark monitoring
     permit ip 10.10.10.0 0.0.0.255 host 35.233.9.1
     permit ip 10.10.10.0 0.0.0.255 host 35.233.10.135
     permit ip 10.10.10.0 0.0.0.255 host 35.233.15.27
     deny ip 10.10.10.0 0.0.0.255 0.0.0.0 255.255.255.255 log
   exit

vlan 200
   name "RF-Devices"
   ip address 10.10.10.1 255.255.255.0
   ip helper-address 192.168.210.154
   ip access-group "v200-in" in
   exit

debug destination logging

debug acl

logging severity debug

From what I can tell between your post above and examining the Aruba 3810 / 5400R Access Security Guide for ArubaOS-Switch 16.06, specifically the section ACL Logging Operation, the result that includes only a hit count (and not packet details) may be occurring in cases where an initial log message has previously been generated for the ACL entry. It seems your configuration is appropriate, but perhaps the initial message has cycled out or not been received by the syslog server. It may be worth trying a show log locally on the switch, or perhaps toggling no debug acl / debug acl to force another initial log message to be generated.