Close

Two Different Ways to Debug a User on Aruba and Why You Would Choose Either

By Colin Joseph, Blog Contributor
Share Post

There are two distinct ways to debug users or stations.    One way is to enable debugging for ALL users.  The other is to enable debugging for only specific users.

1. To turn on debugging for all users:

config t logging level debugging user

2.  To turn on debugging for only specific users:

config t logging level debugging user-debug

You would repeat the second line above for each user that you want to add to the debug.  To see what users you have enabled debugging for using method 2, you would type "show debug":

(Aruba3600) #show debug   DEBUG LEVELS ------------ Facility    Level      Debug Value        Sub Category  Process --------    -----      -----------        ------------  ------- user-debug  debugging  9c:04:eb:75:5f:c0  N/A           N/A

To see the output of the first method, you would type "show log user all".  To see only a specific user from that output, you would type "show log user all | include ".  The drawback of using this first method, is that if this is a very busy controller, it is very possible that your debugging for that user will get "rolled" and you will not get to see everything.  The first method is good when you need to troubleshoot a specific circumstance that affects all users.  For example, to see who is being denylisted you would turn user debugging on and then type "show log user all | include denylist" to see who is being denylisted and why.

To see the output of the second method, you would type "show log user-debug all" and it will show only debug messages for the mac addresses that you added.  Very good if you only want to see all the output for a subset of users who are having a problem.  A direct side effect of turning on user-debug (the second method) is that the "show auth-tracebuf" or authentication trace buffer that is typically used to troubleshoot radius traffic would ONLY be shown for users in the user-debug.  It will NOT be seen for any other users.  To see the auth-tracebuf for all users, you would have to remove all users out of the user-debug, by typing "show debug" to see your users, and then "config t no logging level debug user-debug ".