Properly and safely collect debugs on Aruba OS switches

Debugs can be run safely in almost all environments as soon as you don’t enable a “debug all” command on the equipment.

Enabling debug on Aruba OS is pretty straightforward. Example below is to see messages regarding 802.1X and Mac-based authentication on switch port :

security port-access authenticator include port 7
security port-access mac-based include port 7
security port-access supplicant include port 7

As you can see, you can add a filter, it will be easier to understand output after. You can decide to print output to several destinations:

CSP_NB_2# debug destination
logging Send debug messages to syslog server.
session Print debug messages to terminal.
buffer Print debug messages to a buffer in memory.

I usually use session destination to begin and test the right debug command, then I switch to buffer or syslog, so I can disconnect and reconnect later to see logs. Note that the buffer is cleared after reload, so use syslog if you want to debug something related to hardware issue.

To print buffer :

CSP_NB_2# sho debug buff
0256:23:19:06.54 1X m8021xCtrl:Port 7: connection terminated.
0256:23:19:06.54 MAC mWebAuth:Port: 7 now off-line.
0256:23:19:10.40 MAC mWebAuth:Port: 7 now being monitored for mac-based authentication.

Author: Kévin SAS

I am Kévin SAS and live in France. I am an engineer in network and security. I worked for a lot of customers in these domains : Wireless, LAN, Datacenter, VoIP with several brands like Cisco, HPE, Aruba, Palo Alto amongst others. Previously working for a service provider. I currently work for an integrator while giving me lots of opportunity to learn. This blog stores some technicals notes I wanted to share.

Leave a Reply

Your email address will not be published. Required fields are marked *