Blogs

Two Different Ways to Debug a User on Aruba and Why You Would Choose Either

By cjoseph posted Oct 16, 2013 12:17 AM

  

There are two distinct ways to debug users or stations.    One way is to enable debugging for ALL users.  The other is to enable debugging for only specific users.

 

1. To turn on debugging for all users:

config t
logging level debugging user

2.  To turn on debugging for only specific users:

config t
logging level debugging user-debug <mac address of user>

 You would repeat the second line above for each user that you want to add to the debug.  To see what users you have enabled debugging for using method 2, you would type "show debug":

(Aruba3600) #show debug 

DEBUG LEVELS
------------
Facility    Level      Debug Value        Sub Category  Process
--------    -----      -----------        ------------  -------
user-debug  debugging  9c:04:eb:75:5f:c0  N/A           N/A

 

To see the output of the first method, you would type "show log user all".  To see only a specific user from that output, you would type "show log user all | include <mac address of user>".  The drawback of using this first method, is that if this is a very busy controller, it is very possible that your debugging for that user will get "rolled" and you will not get to see everything.  The first method is good when you need to troubleshoot a specific circumstance that affects all users.  For example, to see who is being blacklisted you would turn user debugging on and then type "show log user all | include blacklist" to see who is being blacklisted and why.

 

 

To see the output of the second method, you would type "show log user-debug all" and it will show only debug messages for the mac addresses that you added.  Very good if you only want to see all the output for a subset of users who are having a problem.  A direct side effect of turning on user-debug (the second method) is that the "show auth-tracebuf" or authentication trace buffer that is typically used to troubleshoot radius traffic would ONLY be shown for users in the user-debug.  It will NOT be seen for any other users.  To see the auth-tracebuf for all users, you would have to remove all users out of the user-debug, by typing "show debug" to see your users, and then "config t no logging level debug user-debug <mac address of client>".

 

2 comments
11 views

Comments

Phillip Hichens
Sep 19, 2018 06:28 PM

Those living in post 2018 running AOS8 may want to try these commands.
Note: needs to be run from Mobility Master as you are changing configuration (if not standalone)

(MM) [mynode1] # cd <managed device>
(MM) [mac address] # conf t
(MM) [mac address] (config) # logging user level debugging
(MM) ^[mac address] (config) # logging user-debug <mac address of user> level debugging
(MM) ^[mac address] (config) # exit
(MM) ^[mac address] # wr mem
(MM) [mac address] #

kdisc98
Oct 16, 2013 12:31 AM

Nice Info - Saving as PDF :)

 

Have a great day !