There are two distinct ways to debug users or stations. One way is to enable debugging for ALL users. The other is to enable debugging for only specific users.
1. To turn on debugging for all users:
config t logging level debugging user
2. To turn on debugging for only specific users:
config t logging level debugging user-debug <mac address of user>
You would repeat the second line above for each user that you want to add to the debug. To see what users you have enabled debugging for using method 2, you would type "show debug":
(Aruba3600) #show debug DEBUG LEVELS ------------ Facility Level Debug Value Sub Category Process -------- ----- ----------- ------------ ------- user-debug debugging 9c:04:eb:75:5f:c0 N/A N/A
To see the output of the first method, you would type "show log user all". To see only a specific user from that output, you would type "show log user all | include <mac address of user>". The drawback of using this first method, is that if this is a very busy controller, it is very possible that your debugging for that user will get "rolled" and you will not get to see everything. The first method is good when you need to troubleshoot a specific circumstance that affects all users. For example, to see who is being blacklisted you would turn user debugging on and then type "show log user all | include blacklist" to see who is being blacklisted and why.
To see the output of the second method, you would type "show log user-debug all" and it will show only debug messages for the mac addresses that you added. Very good if you only want to see all the output for a subset of users who are having a problem. A direct side effect of turning on user-debug (the second method) is that the "show auth-tracebuf" or authentication trace buffer that is typically used to troubleshoot radius traffic would ONLY be shown for users in the user-debug. It will NOT be seen for any other users. To see the auth-tracebuf for all users, you would have to remove all users out of the user-debug, by typing "show debug" to see your users, and then "config t no logging level debug user-debug <mac address of client>".
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.