I was recently out at a site working through an 802.1x wired implementation, their site runs all Aruba Networking gear running older style ArubaOS (or AOS) which is basically the ProCurve/ProVision with a mix of 2930f, 3810m switches and 5406zl chassis. The hard work of certificates has already been done sine we earlier did a 802.1x EAP-TLS deployment for them. After doing the initial build out (I’ll do a post on this soon) I needed to see the traffic between our test switch and their RADIUS server.
While these commands are useful, there are a few gotcha’s. First, you need to ensure you output it to the correct terminal, so depending if your connected via Console/Serial or SSH you’ll just need to tweak your debug command. Secondly, debug commands can have a significant impact on performance, so use them when you need them and turn them off when you’re done.
Firstly, setup your session so the debug output hits our console window
debug destination session
The following is a list of debug commands that can be issues, these will vary slightly based on the model/series of the switch you are on. The easiest thing I can tell you to confirm whether it’s valid is just to tab complete the command.
Following is a list of all available debug commands
acl Displays debug messages for access control lists.
all Display all debug messages.
cdp Display CDP information.
cfg-restore Display cfg-restore debug messages.
cppm Display CPPM debug Messages.
cwmp Enable or disable CWMP events debug messages.
destination Select destination for debug messages.
dfp Display DFP debug Messages.
dhcp-server Display DHCP server debug messages.
dldp Enable DLDP debug messages.
est Display EST debug messages.
event Display event log messages.
hpe-anw-central Display HPE ANW Central server debug information.
ip Display debug messages for IPv4.
ip-sla Enable debug logs for IP SLA.
ipv6 Enable debug messages for IPv6.
lacp Display LACP information.
lldp Display LLDP information.
mdns Display mDNS debug messages.
mstp Display MSTP debug messages.
mvrp Enable MVRP debug messages.
ntp Display debug messages for NTP.
openflow Display all OpenFlow packets.
openflow-traffic Enable logging of OpenFlow debug packets for a specific flow table for an instance.
papi Displays PAPI exchange messages.
policy Display policy debug messages.
rest-interface Display REST debug information.
rpvst Display RPVST debug messages.
security Display all Security messages.
smart-link Display Smart link debug messages.
snmp Display SNMP debug messages.
time-stamp Enable/disable system-time to be associated with debug messages.
tunnel Display tunnel debug messages.
udld Display UDLD debug messages.
uplink-failure-det... Display UFD debug messages.
usertn Displays authentication module log messages for user-based tunneled node
vrrp Display VRRP debug messages.
ztp Display ZTP debug messages.
For my example, we need to look at radius server messages, so I issued this command
debug security radius-server
Once you’re done, we simply cancel out the debug with no.
no debug all
I’ll repeat that tab complete works wonders if you’re stuck. Hope that helps.
Leave a Reply