Wired Intelligent Edge

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

Hi,

The 'debug ip packet' on a Cisco switch will never give you the "all IP traffic going across the switch" as the switched traffic stays inside the ASIC and reaches the Supervisor only when it requires software processing, like packets with IP options, broadcast packets etc. Same for the Aruba - tcpdump will allow you to intercept only the traffic that the CPU of the switch sees, but as with Cisco example it is far from the 'all IP traffic' as you can guess.

What you can do is to configure a traffic mirroring, but even then I am not sure how you will resolve the oversubscription when you start mirroring let's say 5 x 10G interfaces to one 10G monitor interface... 

Whatever you are trying to do I believe there is a better way than capturing all traffic.

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

Thanks everyone for the responses!

Was looking for the debug all traffic option and not a span as it is a remote site. @Ariyap, will try that and see if that will provide any info.

Hi,

The 'debug ip packet' on a Cisco switch will never give you the "all IP traffic going across the switch" as the switched traffic stays inside the ASIC and reaches the Supervisor only when it requires software processing, like packets with IP options, broadcast packets etc. Same for the Aruba - tcpdump will allow you to intercept only the traffic that the CPU of the switch sees, but as with Cisco example it is far from the 'all IP traffic' as you can guess.

What you can do is to configure a traffic mirroring, but even then I am not sure how you will resolve the oversubscription when you start mirroring let's say 5 x 10G interfaces to one 10G monitor interface... 

Whatever you are trying to do I believe there is a better way than capturing all traffic.

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

Pretty sure there is an option to send a span port output to a remote switch port or even wireshark if needed.  I may be wrong but I'm  almost positive.

Thanks everyone for the responses!

Was looking for the debug all traffic option and not a span as it is a remote site. @Ariyap, will try that and see if that will provide any info.

Hi,

The 'debug ip packet' on a Cisco switch will never give you the "all IP traffic going across the switch" as the switched traffic stays inside the ASIC and reaches the Supervisor only when it requires software processing, like packets with IP options, broadcast packets etc. Same for the Aruba - tcpdump will allow you to intercept only the traffic that the CPU of the switch sees, but as with Cisco example it is far from the 'all IP traffic' as you can guess.

What you can do is to configure a traffic mirroring, but even then I am not sure how you will resolve the oversubscription when you start mirroring let's say 5 x 10G interfaces to one 10G monitor interface... 

Whatever you are trying to do I believe there is a better way than capturing all traffic.

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

Hi,

The 'debug ip packet' on a Cisco switch will never give you the "all IP traffic going across the switch" as the switched traffic stays inside the ASIC and reaches the Supervisor only when it requires software processing, like packets with IP options, broadcast packets etc. Same for the Aruba - tcpdump will allow you to intercept only the traffic that the CPU of the switch sees, but as with Cisco example it is far from the 'all IP traffic' as you can guess.

What you can do is to configure a traffic mirroring, but even then I am not sure how you will resolve the oversubscription when you start mirroring let's say 5 x 10G interfaces to one 10G monitor interface... 

Whatever you are trying to do I believe there is a better way than capturing all traffic.

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

Also,  does anyone know why there are alot of LOG_ERR in the show debug buffer even though there is no debug happening. The logs have "LOG_ERR" in them. Are there error seen in the switch (see example of a log entry below:

|ops-switchd|LOG_ERR|CDTR|1

Hi,

The 'debug ip packet' on a Cisco switch will never give you the "all IP traffic going across the switch" as the switched traffic stays inside the ASIC and reaches the Supervisor only when it requires software processing, like packets with IP options, broadcast packets etc. Same for the Aruba - tcpdump will allow you to intercept only the traffic that the CPU of the switch sees, but as with Cisco example it is far from the 'all IP traffic' as you can guess.

What you can do is to configure a traffic mirroring, but even then I am not sure how you will resolve the oversubscription when you start mirroring let's say 5 x 10G interfaces to one 10G monitor interface... 

Whatever you are trying to do I believe there is a better way than capturing all traffic.

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

That is expected on this platform - even if a module doesn't have a debugging enabled it still reports 'error' level debugging messages. Quite annoying, but it is what it is for the moment. Just keep in mind those 'errors' in 99% mean nothing to an administrator, so if no issues with your network, you can safely ignore them and focus on the debug that you explicitly enable for respective modules (processes).

Also,  does anyone know why there are alot of LOG_ERR in the show debug buffer even though there is no debug happening. The logs have "LOG_ERR" in them. Are there error seen in the switch (see example of a log entry below:

|ops-switchd|LOG_ERR|CDTR|1

Hi,

The 'debug ip packet' on a Cisco switch will never give you the "all IP traffic going across the switch" as the switched traffic stays inside the ASIC and reaches the Supervisor only when it requires software processing, like packets with IP options, broadcast packets etc. Same for the Aruba - tcpdump will allow you to intercept only the traffic that the CPU of the switch sees, but as with Cisco example it is far from the 'all IP traffic' as you can guess.

What you can do is to configure a traffic mirroring, but even then I am not sure how you will resolve the oversubscription when you start mirroring let's say 5 x 10G interfaces to one 10G monitor interface... 

Whatever you are trying to do I believe there is a better way than capturing all traffic.

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

Thanks Ivan for the quick repsonse.

Yes, we are having to reboot the switch every 40-44 hours or so and just noticed the show lldp neigh is showing a lot of entries deleted and aged-out, see below:

switch#   show lldp neigh

LLDP Neighbor Information
=========================

Total Neighbor Entries          : 12
Total Neighbor Entries Deleted  : 2100
Total Neighbor Entries Dropped  : 0
Total Neighbor Entries Aged-Out : 2100

just wondering if those errors are related to that and why it is happening.  thanks!

That is expected on this platform - even if a module doesn't have a debugging enabled it still reports 'error' level debugging messages. Quite annoying, but it is what it is for the moment. Just keep in mind those 'errors' in 99% mean nothing to an administrator, so if no issues with your network, you can safely ignore them and focus on the debug that you explicitly enable for respective modules (processes).

Also,  does anyone know why there are alot of LOG_ERR in the show debug buffer even though there is no debug happening. The logs have "LOG_ERR" in them. Are there error seen in the switch (see example of a log entry below:

|ops-switchd|LOG_ERR|CDTR|1

Hi,

The 'debug ip packet' on a Cisco switch will never give you the "all IP traffic going across the switch" as the switched traffic stays inside the ASIC and reaches the Supervisor only when it requires software processing, like packets with IP options, broadcast packets etc. Same for the Aruba - tcpdump will allow you to intercept only the traffic that the CPU of the switch sees, but as with Cisco example it is far from the 'all IP traffic' as you can guess.

What you can do is to configure a traffic mirroring, but even then I am not sure how you will resolve the oversubscription when you start mirroring let's say 5 x 10G interfaces to one 10G monitor interface... 

Whatever you are trying to do I believe there is a better way than capturing all traffic.

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!

Ok, what we noticed is that this switch has its mgmt port connected to another switch (switch02)'s mgmt interface and another SFP uplink connected to the same port (i.e., 1/1/47 - sfp 10G transceiver on that switch 1/1/47 too). Would that cause any issues to have two ports (one mgmt and one regular sfp 10G port) connected to it?

Thanks Ivan for the quick repsonse.

Yes, we are having to reboot the switch every 40-44 hours or so and just noticed the show lldp neigh is showing a lot of entries deleted and aged-out, see below:

switch#   show lldp neigh

LLDP Neighbor Information
=========================

Total Neighbor Entries          : 12
Total Neighbor Entries Deleted  : 2100
Total Neighbor Entries Dropped  : 0
Total Neighbor Entries Aged-Out : 2100

just wondering if those errors are related to that and why it is happening.  thanks!

That is expected on this platform - even if a module doesn't have a debugging enabled it still reports 'error' level debugging messages. Quite annoying, but it is what it is for the moment. Just keep in mind those 'errors' in 99% mean nothing to an administrator, so if no issues with your network, you can safely ignore them and focus on the debug that you explicitly enable for respective modules (processes).

Also,  does anyone know why there are alot of LOG_ERR in the show debug buffer even though there is no debug happening. The logs have "LOG_ERR" in them. Are there error seen in the switch (see example of a log entry below:

|ops-switchd|LOG_ERR|CDTR|1

Hi,

The 'debug ip packet' on a Cisco switch will never give you the "all IP traffic going across the switch" as the switched traffic stays inside the ASIC and reaches the Supervisor only when it requires software processing, like packets with IP options, broadcast packets etc. Same for the Aruba - tcpdump will allow you to intercept only the traffic that the CPU of the switch sees, but as with Cisco example it is far from the 'all IP traffic' as you can guess.

What you can do is to configure a traffic mirroring, but even then I am not sure how you will resolve the oversubscription when you start mirroring let's say 5 x 10G interfaces to one 10G monitor interface... 

Whatever you are trying to do I believe there is a better way than capturing all traffic.

Hey everyone,

Does anyone know how to check all IP traffic going across the Aruba 6300M switch? Can't seen to locate debug ip packet or similar (that is the equivalent of Cisco debug ip packet).  thanks in advance!