You are here: Home > CLI Commands > Just_CLI_Topics > show aaa debug

show aaa debug

show aaa debug

age {dev-id-cache [mac <A:B:C:D:E:F>]|key-cache [mac <A:B:C:D:E:F>]|pmk-cache [mac <A:B:C:D:E:F>]}

pmk bss-table [<A:B:C:D:E:F>]

role user {ip <A.B.C.D>|ipv6 <ipv6addr>|mac <A:B:C:D:E:F>}

vlan user {ip <A.B.C.D>|ipv6 <ipv6addr>|mac <A:B:C:D:E:F>}

Description

This command shows AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. related debug information.

Syntax

Parameter

Description

age

dev-id-cache

key-cache

pmk-cache

Displays the age of the GSM entry since the previous refresh (in seconds) based on:

dev-id-cache—Device ID information in memory.

key-cache—Key cache information in memory.

pmk-cache—Pairwise Master Key (PMKPairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. ) cache information in memory.

pmk bss-table

Displays PMKPairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. related debug information based on the BSSIDBasic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. address.

role user

ip

ipv6

mac

Displays role derivation related debug information based on:

ip—IPv4 address of the client.

ipv6—IPv6 address of the client.

macMACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the client.

vlan user

ip

ipv6

mac

Displays VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. derivation related debug information based on:

ip—IPv4 address of the client.

ipv6—IPv6 address of the client.

macMACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the client.

Usage Guidelines

This command shows AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. related debug information.

Example

The following example shows the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. derivation debug information of an user with IPv4 address.

(host) [mynode] #show aaa debug vlan user ip 192.0.2.1

 

VLAN types present for this User

================================

Default VLAN : 3

Initial Role Contained : 1

User Dot1x Role Contained : 5

Dot1x Server Rule : 5

 

VLAN Derivation History

=======================

VLAN Derivation History Index : 8

1. VLAN 1 for Default VLAN

2. VLAN 1 for Current VLAN updated

3. VLAN 0 for Reset VLANs for Station up

4. VLAN 3 for Default VLAN

5. VLAN 1 for Initial Role Contained

6. VLAN 5 for Dot1x Server Rule

7. VLAN 5 for User Dot1x Role Contained

8. VLAN 5 for Current VLAN updated

 

Current VLAN : 5 (Dot1x Server Rule)

Command History

Command

Description

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/