Technology Blog

Two Different Ways to Debug a User on Aruba and Why You Would Choose Either

Guru Elite Guru Elite
Guru Elite

There are two distinct ways to debug users or stations.    One way is to enable debugging for ALL users.  The other is to enable debugging for only specific users.


1. To turn on debugging for all users:

config t
logging level debugging user

2.  To turn on debugging for only specific users:

config t
logging level debugging user-debug <mac address of user>

 You would repeat the second line above for each user that you want to add to the debug.  To see what users you have enabled debugging for using method 2, you would type "show debug":

(Aruba3600) #show debug 

Facility    Level      Debug Value        Sub Category  Process
--------    -----      -----------        ------------  -------
user-debug  debugging  9c:04:eb:75:5f:c0  N/A           N/A


To see the output of the first method, you would type "show log user all".  To see only a specific user from that output, you would type "show log user all | include <mac address of user>".  The drawback of using this first method, is that if this is a very busy controller, it is very possible that your debugging for that user will get "rolled" and you will not get to see everything.  The first method is good when you need to troubleshoot a specific circumstance that affects all users.  For example, to see who is being blacklisted you would turn user debugging on and then type "show log user all | include blacklist" to see who is being blacklisted and why.



To see the output of the second method, you would type "show log user-debug all" and it will show only debug messages for the mac addresses that you added.  Very good if you only want to see all the output for a subset of users who are having a problem.  A direct side effect of turning on user-debug (the second method) is that the "show auth-tracebuf" or authentication trace buffer that is typically used to troubleshoot radius traffic would ONLY be shown for users in the user-debug.  It will NOT be seen for any other users.  To see the auth-tracebuf for all users, you would have to remove all users out of the user-debug, by typing "show debug" to see your users, and then "config t no logging level debug user-debug <mac address of client>".



Nice Info - Saving as PDF :)


Have a great day !



New Contributor

Those living in post 2018 running AOS8 may want to try these commands.
Note: needs to be run from Mobility Master as you are changing configuration (if not standalone)

(MM) [mynode1] # cd <managed device>
(MM) [mac address] # conf t
(MM) [mac address] (config) # logging user level debugging
(MM) ^[mac address] (config) # logging user-debug <mac address of user> level debugging
(MM) ^[mac address] (config) # exit
(MM) ^[mac address] # wr mem
(MM) [mac address] #

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Read all about it! If it’s happening now, it’s in the community.

Check out the latest blogs from your community team, the community experts and other industry sources.