Examples

The following example shows that debugging has been set to display information about server selection:

Router# debug aaa sg-server selection

The following two debug outputs display the behavior of RADIUS transactions within a server group with the server-reorder-on-failure feature configured.

Examples

Debug 1

In the following sample output, the RADIUS server-reorder-on-failure feature is configured. The server retransmits are set to 0 (so each server is attempted only once before failover to the next configured server), and the transmissions per transaction are set to 4 (the transmissions will stop on the third failover). The third server in the server group (192.0.2.118) has accepted the transaction on the third transmission (second failover).

00:38:35: %SYS-5-CONFIG-I: Configured from console by console 
00:38:53: RADIUS/ENCODE(OOOOOOOF) : ask "Username: " 
00:38:53: RADIUS/ENCODE (0000000F) : send packet; GET-USER 
00:38:58: RADIUS/ENCODE (0000000F) : ask "Password: " 
00:38:58: RADIUS/ENCODE(0000000F) : send packet; GET-PASSWORD 
00:38:59: RADIUS: AAA Unsupported [152] 4 
00:38:59: RADIUS: 7474 [tt] 
00:38:59: RADIUS (0000000F) : Storing nasport 2 in rad-db 
00:38:59: RADIUS/ENCODE(0000000F) : dropping service type, "radius-server
attribute 6 on-for-login-auth" is off 
00:38:59: RADIUS (0000000F) : Config NAS IP: 192.0.2.4 
00:38:59: RADIUS/ENCODE (0000000F) : acct-session-id: 15 
00:38:59: RADIUS (0000000F) : sending 
00:38:59: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.1 
00:38:59: RAPIUS(0000000F) : Send Access-Request to 192.0.2.1:1645 id 21645/11, len 78 
00:38:59: RADIUS:: authenticator 4481 E6 65 2D 5F 6F OA -lE F5 81 8F 4E 1478 9C 
00:38:59: RADIUS: User-Name [1] 7 "username" 
00:38:59: RADIUS: User-Password [2] 18 * 
00:38:59: RADIUS: NAS-Port fSl 6 2 
00:~8:59: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
00:38:59: RADIUS: Calling-Station-Id [31] 15 "192.0.2.23"
00:39:00: RADIUS: NAS-IP-Address [4] 6 192.0.2.130 
00:39:02: RADIUS: Fail-over to (192.0.2.2:1645,1646) for id 21645/11 
00:39:02: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.2
00:39:04: RADIUS: Fail-over to (192.0.2.118:1645,1646) for id 21645/11 
00:39:04: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server
192.0.2.118
00:39:05: RADIUS: Received from id 21645/11 192.0.2.118:1645, Access-Accept, len 26
00:39:05: RADIUS: authenticator 5609 56 F9 64 4E DF 19- F3 A2 DD 73 EE 3F 9826
00:39:05: RADIUS: Service-Type [6] 6 Login [1]

Examples

Debug 2

In the following sample output, the RADIUS server-reorder-on-failure feature is configured. The server retransmits are set to 0, and the transmissions per transaction are set to 8. In this transaction, the transmission to server 192.0.2.1 has failed on the eighth transmission.

00:42:30: RADIUS(00000011): Received from id 21645/13 
00:43:34: RADIUS/ENCODE(00000012) : ask "Username: " 
00:43:34: RADIUS/ENCODE(00000012) : send packet; GET-USER
00:43:39: RADIUS/ENCODE(00000012) : ask "Password: " 
00:43:39: RADIUS/ENCODE(00000012) : send packet; GET-PASSWORD
00:43:40: RADIUS: AAA Unsupported [152] 4 
00:43:40: RADIUS: 7474 [tt]
00:43:40: RADIUS(00000012) : Storing nasport 2 in rad-db 
00:43:40: RADIUS/ENCODE(00000012): dropping service type, "radius-server attribute 6
on-for-login-auth" is off 
00:43:40: RADIUS(00000012) : Co~fig NAS IP: 192.0.2.4 
00:43:40: RADIUS/ENCODE(00000012) : acct-session-id: 18
00:43:40: RADIUS(00000012) : sending
00:43:40: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.118
00:43:40: RADIUS(00000012) : Send Access-Request to 192.0.2.118:1645 id 21645/14, len 78 
00:43:40: RADIUS: authenticator B8 OA 51 3A AF A6 0018 -B3 2E 94 5E 07 OB 2A
00:43:40: RADIUS: User-Name [1] 7 "username" 
00:43:40: RADIUS: User-Password [2] 18 *
00:43:40: RADIUS: NAS-Port [5] 6 2 
00:43:40: RADIUS: NAS-Port-Type [61] 6 Virtual [5] 
00:43:40: RADIUS: Calling-Station-]d [31] 15 "192.0.2.23" 
00:43:40: RADIUS: NAS-IP-Address [4] 6 192.0.2.130 
00:43:42: RADIUS: Fail-over to (192.0.2,1:1645,1646) for id 21645/14 
00:43:42: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.1
00:43:44: RADIUS: Fail-over to (192.0.2.2:1645,1646) for id 21645/14 
00:43:44: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.2
00:43:46: RADIUS: Fail-over to (192.0.2.118:1645,1646) for id 21645/14 
00:43:46: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.118
00:43:48: RADIUS: Fail-over to (192.0.2.1:1645,1646) for id 21645/14 
00:43:48: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.1
00:43:50: RADIUS: Fail-over to (192.0.2.2:1645,1646) for id 21645/14 
00:43:50: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.2
00:43:52: RADIUS: Fail-over to (192.0.2.118:1645,1646) for id 21645/14 
00:43:52: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.118
00:43:54: RADIUS: Fail-over to (192.0.2.1:1645,1646) for id 21645/14 
00:43:54: RADIUS/ENCODE: Best Local IP-Address 192.0.2.130 for Radius-Server 192.0.2.1
00:43:56: RADIUS: No response from (192.0.2.1:1645,1646) for id 21645/14 
00:43:56:RADIUS/DECODE: parse response no app start; FAIL 
00:43:56: RADIUS/DECODE: parse response;FAIL

The field descriptions are self-explanatory.

Examples

Debug 3

In the following sample output, the RADIUS server load balancing feature is enabled with a batch size of 3. The server selection, based on the load balancing algorithm, is shown as five access-requests that are being sent to the server group.

Router# debug aaa sg-server selection
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Obtaining least loaded server.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [3] transactions remaining in batch. Reusing server.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Obtaining least loaded server.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [2] transactions remaining in batch. Reusing server.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Obtaining least loaded server.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [1] transactions remaining in batch. Reusing server.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Obtaining least loaded server.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: No more transactions in batch. Obtaining a new server.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Obtaining a new least loaded server.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Server[0] load: 3
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Server[1] load: 0
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Server[2] load: 0
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Selected Server[1] with load 0
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [3] transactions remaining in batch.
Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Obtaining least loaded server.

Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [2] transactions remaining in batch. Reusing server.

The field descriptions are self-explanatory.

Examples

In the following sample output, the RADIUS server load balancing feature is enabled. The idle timer has expired.

Router# debug aaa test
Router# 
Jul 16 00:07:01: AAA/SG/TEST: Server (192.0.2.245:1700,1701) quarantined.
Jul 16 00:07:01: AAA/SG/TEST: Sending test request(s) to server (192.0.2.245:1700,1701)
Jul 16 00:07:01: AAA/SG/TEST: Sending 1 Access-Requests, 1 Accounting-Requests in current batch.
Jul 16 00:07:01: AAA/SG/TEST(Req#: 1): Sending test AAA Access-Request.
Jul 16 00:07:01: AAA/SG/TEST(Req#: 1): Sending test AAA Accounting-Request.
Jul 16 00:07:01: AAA/SG/TEST: Obtained Test response from server (192.0.2.245:1700,1701)
Jul 16 00:07:01: AAA/SG/TEST: Obtained Test response from server (192.0.2.245:1700,1701)
Jul 16 00:07:01: AAA/SG/TEST: Necessary responses received from server (192.0.2.245:1700,1701)
Jul 16 00:07:01: AAA/SG/TEST: Server (192.0.2.245:1700,1701) marked ALIVE. Idle timer set for 60 sec(s).
Jul 16 00:07:01: AAA/SG/TEST: Server (192.0.2.245:1700,1701) removed from quarantine.

Examples

The following example shows sample output from the debug authentication command when the feature and events keywords are configured:

Device# debug authentication feature mda events
Auth Manager mda events debugging is on

Examples

The following example shows how to enable debugging of an EIGRP address-family neighbor at 10.0.0.0:

Router# debug eigrp address-family ipv4 neighbor 10.0.0.0
Neighbor target enabled on AS 3 for 10.0.0.0
*Mar 17 15:50:53.244: EIGRP: 10.0.0.0/24 - do advertise out Serial1/2
*Mar 17 15:50:53.244: EIGRP: Int 10.0.0.0/24 metric 20512000 -20000000 512000
*Mar 17 15:50:53.244: EIGRP: 10.0.0.0/24 - do advertise out Serial1/2
*Mar 17 15:50:53.244: EIGRP: Int 10.0.0.0/24 metric 28160 - 256002560
*Mar 17 15:50:53.244: EIGRP: 10.0.0.0/24 - do advertise out Serial1/2
*Mar 17 15:50:53.244: EIGRP: 10.0.0.0/24 - do advertise out Serial1/2
*Mar 17 15:50:53.244: EIGRP: Int 10.0.0.0/24 metric 28160 - 25600256
*Mar 17 15:50:53.668: EIGRP: Processing incoming UPDATE packet
*Mar 17 15:50:54.544: EIGRP: 10.0.0.0/24 - do advertise out Serial1/1

Examples

The following example shows how to enable EIGRP event notification debugging:

Router# debug eigrp address-family ipv4 notifications
*Mar 17 15:58:07.144: IP-EIGRP: Callback: reload_iptable
*Mar 17 15:58:08.148: IP-EIGRP: iptable_redistribute into eigrp AS 1
*Mar 17 15:58:12.144: IP-EIGRP: Callback: redist frm static AS 0 10.0.0.0/24
*Mar 17 15:58:12.144: into: eigrp AS 1 event: 1
*Mar 17 15:58:12.144: IP-EIGRP: Callback: redist frm static AS 0 172.16.0.0/24
*Mar 17 15:58:12.144: into: eigrp AS 1 event: 1

Examples

The following example shows how to enable the Enhanced Interior Gateway Routing Protocol (EIGRP) NSF debugging and display information about neighbor devices:

Device# debug eigrp nsf
 
EIGRP NSF debugging is on
Device# show ip eigrp neighbors detail

EIGRP-IPv4 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.1.2.1                 Et1/0             11 00:00:25   10   200  0  5
   Version 5.1/3.0, Retrans: 2, Retries: 0, Prefixes: 1
   Topology-ids from peer - 0 
!
*Sep 23 18:57:19.423: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.1.2.1 (Ethernet1/0) is resync: peer graceful-restart
*Sep 23 18:57:19.423: EIGRP: NSF: AS100, NSF or GR initiated by 10.1.2.1, flags 0x4:(RS)
*Sep 23 18:57:36.028: EIGRP: NSF: AS100, Receive EOT from 10.1.2.1, Flags 0x8:(EOT)
*Sep 23 18:57:36.028: EIGRP: NSF: route hold timer set to flush stale routes
*Sep 23 18:57:36.038: EIGRP: NSF: AS100. route hold timer expiry
*Sep 23 18:57:36.038: EIGRP: NSF: EIGRP-IPv4: Search for stale routes from 10.1.2.1
!
Device# show ip eigrp neighbors detail

EIGRP-IPv4 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.1.2.1                 Et1/0             11 00:02:31   12   200  0  6
   Time since Restart 00:01:34
   Version 5.1/3.0, Retrans: 2, Retries: 0, Prefixes: 1
   Topology-ids from peer - 0 

The following sample output is displayed when a router is unable to handle an event with NSF-Awareness:

*Jan 23 18:59:56.040: EIGRP: NSF: AS100: Checking if Graceful Restart is possible with neighbor 1.1.2.1, peer_down reason 'peer restarted'
*Jan 23 18:59:56.040: EIGRP: NSF: Not possible: 'peer_down was called with a HARD resync flag'
*Jan 23 18:59:56.040: %DUAL-5-NBRCHANGE: EIGRP-IPv6 100: Neighbor 10.1.2.1 (Ethernet1/0) is down: peer restarted
*Jan 23 19:00:00.170: %DUAL-5-NBRCHANGE: EIGRP-IPv6 100: Neighbor 10.1.2.1 (Ethernet1/0) is up: new adjacency
*Jan 23 19:00:00.170: EIGRP: NSF: Enqueuing NULL update to 10.1.2.1, flags 0x1:(INIT)

Examples

The following is sample output from the debug events command:

Router# debug events
RESET(4/0): PLIM type is 1, Rate is 100Mbps
aip_disable(4/0): state=1
config(4/0)
aip_love_note(4/0): asr=0x201
aip_enable(4/0)
aip_love_note(4/0): asr=0x4000
aip_enable(4/0): restarting VCs: 7
aip_setup_vc(4/0): vc:1 vpi:1 vci:1
aip_love_note(4/0): asr=0x200
aip_setup_vc(4/0): vc:2 vpi:2 vci:2
aip_love_note(4/0): asr=0x200
aip_setup_vc(4/0): vc:3 vpi:3 vci:3
aip_love_note(4/0): asr=0x200
aip_setup_vc(4/0): vc:4 vpi:4 vci:4
aip_love_note(4/0): asr=0x200
aip_setup_vc(4/0): vc:6 vpi:6 vci:6
aip_love_note(4/0): asr=0x200
aip_setup_vc(4/0): vc:7 vpi:7 vci:7
aip_love_note(4/0): asr=0x200
aip_setup_vc(4/0): vc:11 vpi:11 vci:11
aip_love_note(4/0): asr=0x200

The below table describes the significant fields shown in the display.

The following line indicates that the AIP was reset. The PLIM detected was 1, so the maximum rate is set to 100 Mbps.

RESET(4/0): PLIM type is 1, Rate is 100Mbps

The following line indicates that the AIP was given a shutdown command, but the current configuration indicates that the AIP should be up:

aip_disable(4/0): state=1

The following line indicates that a configuration command has been completed by the AIP:

aip_love_note(4/0): asr=0x201

The following line indicates that the AIP was given a no shutdown command to take it out of the shutdown state:

aip_enable(4/0)

The following line indicates that the AIP detected a carrier state change. It does not indicate that the carrier is down or up, only that it has changed.

aip_love_note(4/0): asr=0x4000

The following line of output indicates that the AIP enable function is restarting all permanent virtual circuits (PVCs) automatically:

aip_enable(4/0): restarting VCs: 7

The following lines of output indicate that PVC 1 was set up and a successful completion code was returned:

aip_setup_vc(4/0): vc:1 vpi:1 vci:1
aip_love_note(4/0): asr=0x200

Examples

The following example output shows that the NSF-aware router has received the restart notification. The NSF-aware router will now wait for end of transmission (EOT) to be sent from the restarting neighbor (NSF-capable).

Router# debug ip eigrp notifications
*Oct  4 11:39:18.092:EIGRP:NSF:AS2. Rec RS update from 135.100.10.1,
00:00:00. Wait for EOT.
*Oct  4 11:39:18.092:%DUAL-5-NBRCHANGE:IP-EIGRP(0) 2:Neighbor
135.100.10.1 (POS3/0) is up:peer NSF restarted

Examples

For sample output and field descriptions of this command, see the documentation of the commands listed in the “Usage Guidelines” section.

Examples

The following example shows sample debugging output for a failed copy transfer operation when the host name resolution fails:

Router# debug ip http client all
2w4d: Cache ager called
Router# copy http://www.example.com/index.html flash:index.html
 
Destination filename [index.html]? 
Erase flash: before copying? [confirm] no
 
Translating "www.example.com"
% Bad IP address for host www.example.com
%Error opening http://www.example.com/index.html (I/O error)
Router#
2w4d: http_client_request:
2w4d: httpc_setup_request:
2w4d: http_client_process_request:
2w4d: HTTPC: Host name resolution failed for www.example.com
2w4d: http_transaction_free:

2w4d: http_transaction_free: freed httpc_transaction_t

The following example shows sample debugging output for a failed copy transfer operation when the source file is not available:

Router# copy http://example.com/hi/file.html flash:/file.html
Destination filename [file.html]?
%Error opening http://example.com/hi/file.html (No such file or directory)
Router#
2w4d: http_client_request:
2w4d: httpc_setup_request:
2w4d: http_client_process_request:
2w4d: httpc_request:Dont have the credentials
Thu, 17 Jul 2003 07:05:25 GMT  http://209.168.200.225/hi/file.html ok
        Protocol = HTTP/1.1
        Content-Type = text/html; charset=iso-8859-1
        Date = Thu, 17 Jul 2003 14:24:29 GMT
2w4d: http_transaction_free:
2w4d: http_transaction_free:freed httpc_transaction_t
2w4d: http_client_abort_request:
2w4d: http_client_abort_request:Bad Transaction Id
Router#

The table below describes the significant fields shown in the display.

Examples

The following is sample debugging output from the debug ip http ssl error command:

Router# 000030:00:08:01:%HTTPS:Key pair generation failed
Router# 000030:00:08:10:%HTTPS:Failed to generate self-signed cert
Router# 000030:00:08:15:%HTTPS:SSL handshake fail
Router# 000030:00:08:21:%HTTPS:SSL read fail, uninitialized hndshk ctxt
Router# 000030:00:08:25:%HTTPS:SSL write fail, uninitialized hndshk ctxt

The table below describes the debug messages shown above.

Examples

The following is sample output from the debug ip mrouting command:

Router# debug ip mrouting 224.2.0.1 
 
MRT: Delete (10.0.0.0/8, 224.2.0.1) 
MRT: Delete (10.4.0.0/16, 224.2.0.1) 
MRT: Delete (10.6.0.0/16, 224.2.0.1) 
MRT: Delete (10.9.0.0/16, 224.2.0.1) 
MRT: Delete (10.16.0.0/16, 224.2.0.1) 
MRT: Create (*, 224.2.0.1), if_input NULL 
MRT: Create (224.69.15.0/24, 225.2.2.4), if_input Ethernet0, RPF nbr 224.69.61.15
MRT: Create (224.69.39.0/24, 225.2.2.4), if_input Ethernet1, RPF nbr 0.0.0.0
MRT: Create (10.0.0.0/8, 224.2.0.1), if_input Ethernet1, RPF nbr 224.0.0.0 
MRT: Create (10.4.0.0/16, 224.2.0.1), if_input Ethernet1, RPF nbr 224.0.0.0 
MRT: Create (10.6.0.0/16, 224.2.0.1), if_input Ethernet1, RPF nbr 224.0.0.0 
MRT: Create (10.9.0.0/16, 224.2.0.1), if_input Ethernet1, RPF nbr 224.0.0.0 
MRT: Create (10.16.0.0/16, 224.2.0.1), if_input Ethernet1, RPF nbr 224.0.0.0 

The following lines show that multicast IP routes were deleted from the routing table:

MRT: Delete (10.0.0.0/8, 224.2.0.1) 
MRT: Delete (10.4.0.0/16, 224.2.0.1) 
MRT: Delete (10.6.0.0/16, 224.2.0.1) 

The (*, G) entries are generally created by receipt of an Internet Group Management Protocol (IGMP) host report from a group member on the directly connected LAN or by a Protocol Independent Multicast (PIM) join message (in sparse mode) that this router receives from a router that is sending joins toward the Route Processor (RP). This router will in turn send a join toward the RP that creates the shared tree (or RP tree).

MRT: Create (*, 224.2.0.1), if_input NULL 

The following lines are an example of creating an (S, G) entry that shows that an IP multicast packet (mpacket) was received on Ethernet interface 0. The second line shows a route being created for a source that is on a directly connected LAN. The RPF means “Reverse Path Forwarding,” whereby the router looks up the source address of the multicast packet in the unicast routing table and determines which interface will be used to send a packet to that source.

MRT: Create (224.69.15.0/24, 225.2.2.4), if_input Ethernet0, RPF nbr 224.69.61.15
MRT: Create (224.69.39.0/24, 225.2.2.4), if_input Ethernet1, RPF nbr 0.0.0.0
 

The following lines show that multicast IP routes were added to the routing table. Note the 224.0.0.0 as the RPF, which means the route was created by a source that is directly connected to this router.

MRT: Create (10.9.0.0/16, 224.2.0.1), if_input Ethernet1, RPF nbr 224.0.0.0 
MRT: Create (10.16.0.0/16, 224.2.0.1), if_input Ethernet1, RPF nbr 224.0.0.0 

If the source is not directly connected, the neighbor address shown in these lines will be the address of the router that forwarded the packet to this router.

The shortest path tree state maintained in routers consists of source (S), multicast address (G), outgoing interface (OIF), and incoming interface (IIF). The forwarding information is referred to as the multicast forwarding entry for (S, G).

An entry for a shared tree can match packets from any source for its associated group if the packets come through the proper incoming interface as determined by the RPF lookup. Such an entry is denoted as (*, G). A (*, G) entry keeps the same information a (S, G) entry keeps, except that it saves the rendezvous point address in place of the source address in sparse mode or as 24.0.0.0 in dense mode.

The table below describes the significant fields shown in the display.

Examples

The following is sample output from the debug ip msdp command:

Router# debug ip msdp
MSDP debugging is on
Router#
MSDP: 224.150.44.254: Received 1388-byte message from peer
MSDP: 224.150.44.254: SA TLV, len: 1388, ec: 115, RP: 172.31.3.92 
MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.92, used EMBGP peer
MSDP: 224.150.44.250: Forward 1388-byte SA to peer
MSDP: 224.150.44.254: Received 1028-byte message from peer
MSDP: 224.150.44.254: SA TLV, len: 1028, ec: 85, RP: 172.31.3.92 
MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.92, used EMBGP peer
MSDP: 224.150.44.250: Forward 1028-byte SA to peer
MSDP: 224.150.44.254: Received 1388-byte message from peer
MSDP: 224.150.44.254: SA TLV, len: 1388, ec: 115, RP: 172.31.3.111 
MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.111, used EMBGP peer
MSDP: 224.150.44.250: Forward 1388-byte SA to peer
MSDP: 224.150.44.250: Received 56-byte message from peer
MSDP: 224.150.44.250: SA TLV, len: 56, ec: 4, RP: 205.167.76.241 
MSDP: 224.150.44.250: Peer RPF check passed for 205.167.76.241, used EMBGP peer
MSDP: 224.150.44.254: Forward 56-byte SA to peer
MSDP: 224.150.44.254: Received 116-byte message from peer
MSDP: 224.150.44.254: SA TLV, len: 116, ec: 9, RP: 172.31.3.111 
MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.111, used EMBGP peer
MSDP: 224.150.44.250: Forward 116-byte SA to peer
MSDP: 224.150.44.254: Received 32-byte message from peer
MSDP: 224.150.44.254: SA TLV, len: 32, ec: 2, RP: 172.31.3.78 
MSDP: 224.150.44.254: Peer RPF check passed for 172.31.3.78, used EMBGP peer
MSDP: 224.150.44.250: Forward 32-byte SA to peer

The table below describes the significant fields shown in the display.

Examples

The following example shows that OSPF NSF events debugging is enabled:

Router# debug ip ospf nsf

Examples

The following is sample output from the debug ip pim command:

Router# debug ip pim 224.2.0.1 
 
PIM: Received Join/Prune on Ethernet1 from 172.16.37.33 
PIM: Received Join/Prune on Ethernet1 from 172.16.37.33 
PIM: Received Join/Prune on Tunnel0 from 10.3.84.1 
PIM: Received Join/Prune on Ethernet1 from 172.16.37.33 
PIM: Received Join/Prune on Ethernet1 from 172.16.37.33
PIM: Received RP-Reachable on Ethernet1 from 172.16.20.31 
PIM: Update RP expiration timer for 224.2.0.1 
PIM: Forward RP-reachability packet for 224.2.0.1 on Tunnel0 
PIM: Received Join/Prune on Ethernet1 from 172.16.37.33 
PIM: Prune-list (10.221.196.51/32, 224.2.0.1)   
PIM: Set join delay timer to 2 seconds for (10.221.0.0/16, 224.2.0.1) on Ethernet1 
PIM: Received Join/Prune on Ethernet1 from 172.16.37.6 
PIM: Received Join/Prune on Ethernet1 from 172.16.37.33 
PIM: Received Join/Prune on Tunnel0 from 10.3.84.1 
PIM: Join-list: (*, 224.2.0.1) RP 172.16.20.31 
PIM: Add Tunnel0 to (*, 224.2.0.1), Forward state 
PIM: Join-list: (10.0.0.0/8, 224.2.0.1)   
PIM: Add Tunnel0 to (10.0.0.0/8, 224.2.0.1), Forward state 
PIM: Join-list: (10.4.0.0/16, 224.2.0.1)   
PIM: Prune-list (172.16.84.16/28, 224.2.0.1) RP-bit set RP 172.16.84.16 
PIM: Send Prune on Ethernet1 to 172.16.37.6 for (172.16.84.16/28, 224.2.0.1), RP 
PIM: For RP, Prune-list: 10.9.0.0/16 
PIM: For RP, Prune-list: 10.16.0.0/16 
PIM: For RP, Prune-list: 10.49.0.0/16 
PIM: For RP, Prune-list: 10.84.0.0/16 
PIM: For RP, Prune-list: 10.146.0.0/16 
PIM: For 10.3.84.1, Join-list: 172.16.84.16/28 
PIM: Send periodic Join/Prune to RP via 172.16.37.6 (Ethernet1) 

The following lines appear periodically when PIM is running in sparse mode and indicate to this router the multicast groups and multicast sources in which other routers are interested:

PIM: Received Join/Prune on Ethernet1 from 172.16.37.33 
PIM: Received Join/Prune on Ethernet1 from 172.16.37.33 

The following lines appear when a rendezvous point (RP) message is received and the RP timer is reset. The expiration timer sets a checkpoint to make sure the RP still exists. Otherwise, a new RP must be discovered.

PIM: Received RP-Reachable on Ethernet1 from 172.16.20.31 
PIM: Update RP expiration timer for 224.2.0.1 
PIM: Forward RP-reachability packet for 224.2.0.1 on Tunnel0 

The prune message in the following line states that this router is not interested in the Source-Active (SA) information. This message tells an upstream router to stop forwarding multicast packets from this source. The address 10.221.196.51/32 indicates a host route with 32 bits of mask.

PIM: Prune-list (10.221.196.51/32, 224.2.0.1)   

In the following line, a second router on the network wants to override the prune message that the upstream router just received. The timer is set at a random value so that if additional routers on the network still want to receive multicast packets for the group, only one will actually send the message. The other routers will receive the join message and then suppress sending their own message.

PIM: Set join delay timer to 2 seconds for (10.221.0.0/16, 224.2.0.1) on Ethernet1 

In the following line, a join message is sent toward the RP for all sources:

PIM: Join-list: (*, 224.2.0.1) RP 172.16.20.31 

In the following lines, the interface is being added to the outgoing interface (OIF) of the (*, G) and (S, G) multicast route (mroute) table entry so that packets from the source will be forwarded out that particular interface:

PIM: Add Tunnel0 to (*, 224.2.0.1), Forward state 
PIM: Add Tunnel0 to (10.0.0.0/8, 224.2.0.1), Forward state 

The following line appears in sparse mode only. There are two trees on which data may be received: the RP tree and the source tree. In dense mode there is no RP. After the source and the receiver have discovered one another at the RP, the first-hop router for the receiver will usually join to the source tree rather than the RP tree.

PIM: Prune-list (172.16.84.16/28, 224.2.0.1) RP-bit set RP 172.16.84.16 

The send prune message in the next line shows that a router is sending a message to a second router saying that the first router should no longer receive multicast packets for the (S, G). The RP at the end of the message indicates that the router is pruning the RP tree and is most likely joining the source tree, although the router may not have downstream members for the group or downstream routers with members of the group. The output shows the specific sources from which this router no longer wants to receive multicast messages.

PIM: Send Prune on Ethernet1 to 172.16.37.6 for (172.16.84.16/28, 224.2.0.1), RP 

The following lines indicate that a prune message is sent toward the RP so that the router can join the source tree rather than the RP tree:

PIM: For RP, Prune-list: 10.9.0.0/16 
PIM: For RP, Prune-list: 10.16.0.0/16 
PIM: For RP, Prune-list: 10.49.0.0/16 

In the following line, a periodic message is sent toward the RP. The default period is once per minute. Prune and join messages are sent toward the RP or source rather than directly to the RP or source. It is the responsibility of the next hop router to take proper action with this message, such as continuing to forward it to the next router in the tree.

PIM: Send periodic Join/Prune to RP via 172.16.37.6 (Ethernet1) 

Examples

The following shows sample output from the debug ip rgmpcommand:

Router# debug ip rgmp
 
   RGMP: Sending a Hello packet on Ethernet1/0
   RGMP: Sending a Join packet on Ethernet1/0 for group 224.1.2.3
   RGMP: Sending a Leave packet on Ethernet1/0 for group 224.1.2.3
   RGMP: Sending a Bye packet on Ethernet1/0 

Examples

The following example is output from the debug ip scp command. In this example, a copy of the file scptest.cfg from a UNIX host running configuration of the router was successful.

Router# debug ip scp
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv C0644 20 scptest.cfg
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv 20 bytes
4d06h:SCP:[22 <- 10.11.29.252:1018] recv <OK>
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv <EOF>

The following example is also output from the debug ip scp command, but in this example, the user has privilege 0 and is therefore denied:

Router# debug ip scp
4d06h:SCP:[22 -> 10.11.29.252:1018] send Privilege denied.

Examples

The following example shows the SSH debugging output:

Router# debug ip ssh
00:53:46: SSH0: starting SSH control process
00:53:46: SSH0: Exchanging versions - SSH-1.5-Cisco-1.25
00:53:46: SSH0: client version is - SSH-1.5-1.2.25
00:53:46: SSH0: SSH_SMSG_PUBLIC_KEY message sent
00:53:46: SSH0: SSH_CMSG_SESSION_KEY message received
00:53:47: SSH0: keys exchanged and encryption on
00:53:47: SSH0: authentication request for userid guest
00:53:47: SSH0: authentication successful for jcisco
00:53:47: SSH0: starting exec shell

The following example shows the SSH detail output:

Router# debug ip ssh detail
00:04:22: SSH0: starting SSH control process
00:04:22: SSH0: sent protocol version id SSH-1.99-Cisco-1.25
00:04:22: SSH0: protocol version id is - SSH-1.99-Cisco-1.25
00:04:22: SSH2 0: SSH2_MSG_KEXINIT sent
00:04:22: SSH2 0: SSH2_MSG_KEXINIT received
00:04:22: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1 
00:04:22: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1 
00:04:22: SSH2 0: expecting SSH2_MSG_KEXDH_INIT
00:04:22: SSH2 0: SSH2_MSG_KEXDH_INIT received
00:04:22: SSH2: kex_derive_keys complete
00:04:22: SSH2 0: SSH2_MSG_NEWKEYS sent
00:04:22: SSH2 0: waiting for SSH2_MSG_NEWKEYS
00:04:22: SSH2 0: SSH2_MSG_NEWKEYS received
00:04:24: SSH2 0: authentication successful for lab
00:04:24: SSH2 0: channel open request
00:04:24: SSH2 0: pty-req request
00:04:24: SSH2 0: setting TTY - requested: height 24, width 80; set: height 24, width 80
00:04:24: SSH2 0: shell request
00:04:24: SSH2 0: shell message received
00:04:24: SSH2 0: starting shell for vty
00:04:38: SSH0: Session terminated normally

The following example shows the SSH packet output:

Router# debug ip ssh packet
00:05:43: SSH2 0: send:packet of  length 280 (length also includes padlen of 4)
00:05:43: SSH2 0: ssh_receive: 64 bytes received 
00:05:43: SSH2 0: input: total packet length of 280 bytes
00:05:43: SSH2 0: partial packet length(block size)8 bytes,needed 272 bytes, maclen 0
00:05:43: SSH2 0: ssh_receive: 64 bytes received 
00:05:43: SSH2 0: partial packet length(block size)8 bytes,needed 272 bytes, maclen 0
00:05:43: SSH2 0: ssh_receive: 64 bytes received 
00:05:43: SSH2 0: partial packet length(block size)8 bytes,needed 272 bytes, maclen 0
00:05:43: SSH2 0: ssh_receive: 64 bytes received 
00:05:43: SSH2 0: partial packet length(block size)8 bytes,needed 272 bytes, maclen 0
00:05:43: SSH2 0: ssh_receive: 24 bytes received 
00:05:43: SSH2 0: partial packet length(block size)8 bytes,needed 272 bytes, maclen 0
00:05:43: SSH2 0: input: padlength 4 bytes
00:05:43: SSH2 0: ssh_receive: 64 bytes received 
00:05:43: SSH2 0: input: total packet length of 144 bytes
00:05:43: SSH2 0: partial packet length(block size)8 bytes,needed 136 bytes, maclen 0
00:05:43: SSH2 0: ssh_receive: 64 bytes received 
00:05:43: SSH2 0: partial packet length(block size)8 bytes,needed 136 bytes, maclen 0
00:05:43: SSH2 0: ssh_receive: 16 bytes received 
00:05:43: SSH2 0: partial packet length(block size)8 bytes,needed 136 bytes, maclen 0
00:05:43: SSH2 0: input: padlength 6 bytes
00:05:43: SSH2 0: signature length 143
00:05:43: SSH2 0: send:packet of  length 448 (length also includes padlen of 7)
00:05:43: SSH2 0: send:packet of  length 16 (length also includes padlen of 10)
00:05:43: SSH2 0: newkeys: mode 1
00:05:43: SSH2 0: ssh_receive: 16 bytes received 
00:05:43: SSH2 0: input: total packet length of 16 bytes
00:05:43: SSH2 0: partial packet length(block size)8 bytes,needed 8 bytes, maclen 0
00:05:43: SSH2 0: input: padlength 10 bytes
00:05:43: SSH2 0: newkeys: mode 0
00:05:43: SSH2 0: ssh_receive: 52 bytes received 
00:05:43: SSH2 0: input: total packet length of 32 bytes
00:05:43: SSH2 0: partial packet length(block size)16 bytes,needed 16 bytes, maclen 20
00:05:43: SSH2 0: MAC compared for #3 :ok

Examples

The following example enables debugging for all IPv6 snooping information:

Router# debug ipv6 snooping 

Examples

The following example shows the command enabling debugging for the IPv6 RA guard feature:

Router# debug ipv6 snooping raguard

Examples

The following sample output from the debug lacp all command shows LACP activity on a port-channel member link Gigabit Ethernet 5/0/0:

Router# debug lacp all
Link Aggregation Control Protocol all debugging is on
Router1#
*Aug 20 17:21:51.685: LACP :lacp_bugpak: Receive LACP-PDU packet via Gi5/0/0
*Aug 20 17:21:51.685: LACP : packet size: 124
*Aug 20 17:21:51.685: LACP: pdu: subtype: 1, version: 1
*Aug 20 17:21:51.685: LACP: Act: tlv:1, tlv-len:20, key:0x1, p-pri:0x8000, p:0x14, p-state:0x3C,
s-pri:0xFFFF, s-mac:0011.2026.7300
*Aug 20 17:21:51.685: LACP: Part: tlv:2, tlv-len:20, key:0x5, p-pri:0x8000, p:0x42, p-state:0x3D,
s-pri:0x8000, s-mac:0014.a93d.4a00
*Aug 20 17:21:51.685: LACP: col-tlv:3, col-tlv-len:16, col-max-d:0x8000 
*Aug 20 17:21:51.685: LACP: term-tlv:0 termr-tlv-len:0
*Aug 20 17:21:51.685: LACP: Gi5/0/0 LACP packet received, processing 
*Aug 20 17:21:51.685:     lacp_rx Gi5: during state CURRENT, got event 5(recv_lacpdu)
*Aug 20 17:21:59.869: LACP: lacp_p(Gi5/0/0) timer stopped
*Aug 20 17:21:59.869: LACP: lacp_p(Gi5/0/0) expired
*Aug 20 17:21:59.869:     lacp_ptx Gi5: during state SLOW_PERIODIC, got event 3(pt_expired)
*Aug 20 17:21:59.869: @@@ lacp_ptx Gi5: SLOW_PERIODIC -> PERIODIC_TX
*Aug 20 17:21:59.869: LACP: Gi5/0/0 lacp_action_ptx_slow_periodic_exit entered
*Aug 20 17:21:59.869: LACP: lacp_p(Gi5/0/0) timer stopped
*Aug 20 17:22:00.869: LACP: lacp_t(Gi5/0/0) timer stopped
*Aug 20 17:22:00.869: LACP: lacp_t(Gi5/0/0) expired
*Aug 20 17:22:19.089: LACP :lacp_bugpak: Receive LACP-PDU packet via Gi5/0/0
*Aug 20 17:22:19.089: LACP : packet size: 124
*Aug 20 17:22:19.089: LACP: pdu: subtype: 1, version: 1
*Aug 20 17:22:19.089: LACP: Act: tlv:1, tlv-len:20, key:0x1, p-pri:0x8000, p:0x14, p-state:0x4,
s-pri:0xFFFF, s-mac:0011.2026.7300
*Aug 20 17:22:19.089: LACP: Part: tlv:2, tlv-len:20, key:0x5, p-pri:0x8000, p:0x42, p-state:0x34,
s-pri:0x8000, s-mac:0014.a93d.4a00
*Aug 20 17:22:19.089: LACP: col-tlv:3, col-tlv-len:16, col-max-d:0x8000 
*Aug 20 17:22:19.089: LACP: term-tlv:0 termr-tlv-len:0
*Aug 20 17:22:19.089: LACP: Gi5/0/0 LACP packet received, processing 
*Aug 20 17:22:19.089:     lacp_rx Gi5: during state CURRENT, got event 5(recv_lacpdu)
*Aug 20 17:22:19.989: LACP: lacp_t(Gi5/0/0) timer stopped
*Aug 20 17:22:19.989: LACP: lacp_t(Gi5/0/0) expired
*Aug 20 17:22:19.989: LACP: timer lacp_t(Gi5/0/0) started with interval 1000.
*Aug 20 17:22:19.989: LACP: lacp_send_lacpdu: (Gi5/0/0) About to send the 110 LACPDU
*Aug 20 17:22:19.989: LACP :lacp_bugpak: Send LACP-PDU packet via Gi5/0/0
*Aug 20 17:22:19.989: LACP : packet size: 124
*Aug 20 17:22:20.957: LACP: lacp_t(Gi5/0/0) timer stopped
*Aug 20 17:22:20.957: LACP: lacp_t(Gi5/0/0) expired
*Aug 20 17:22:21.205: %LINK-3-UPDOWN: Interface GigabitEthernet5/0/0, changed state to down
*Aug 20 17:22:21.205: LACP: lacp_hw_off: Gi5/0/0 is going down
*Aug 20 17:22:21.205: LACP: if_down: Gi5/0/0
*Aug 20 17:22:21.205:     lacp_ptx Gi5: during state SLOW_PERIODIC, got event 0(no_periodic)
*Aug 20 17:22:22.089: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel5, changed state to down
*Aug 20 17:22:22.153: %C10K_ALARM-6-INFO: CLEAR CRITICAL GigE 5/0/0 Physical Port Link Down 
*Aug 20 17:22:23.413: LACP: Gi5/0/0 oper-key: 0x0
*Aug 20 17:22:23.413: LACP: lacp_hw_on: Gi5/0/0 is coming up
*Aug 20 17:22:23.413:     lacp_ptx Gi5: during state NO_PERIODIC, got event 0(no_periodic)
*Aug 20 17:22:23.413: @@@ lacp_ptx Gi5: NO_PERIODIC -> NO_PERIODIC
*Aug 20 17:22:23.413: LACP: Gi5/0/0 lacp_action_ptx_no_periodic entered
*Aug 20 17:22:23.413: LACP: lacp_p(Gi5/0/0) timer stopped
*Aug 20 17:22:24.153: %LINK-3-UPDOWN: Interface GigabitEthernet5/0/0, changed state to up
*Aug 20 17:22:24.153: LACP: lacp_hw_on: Gi5/0/0 is coming up
*Aug 20 17:22:24.153:     lacp_ptx Gi5: during state FAST_PERIODIC, got event 0(no_periodic)
*Aug 20 17:22:24.153: @@@ lacp_ptx Gi5: FAST_PERIODIC -> NO_PERIODIC
*Aug 20 17:22:24.153: LACP: Gi5/0/0 lacp_action_ptx_fast_periodic_exit entered
*Aug 20 17:22:24.153: LACP: lacp_p(Gi5/0/0) timer stopped
*Aug 20 17:22:24.153: LACP: 
*Aug 20 17:22:25.021: LACP: lacp_p(Gi5/0/0) timer stopped
*Aug 20 17:22:25.021: LACP: lacp_p(Gi5/0/0) expired
*Aug 20 17:22:25.021:     lacp_ptx Gi5: during state FAST_PERIODIC, got event 3(pt_expired)
*Aug 20 17:22:25.021: @@@ lacp_ptx Gi5: FAST_PERIODIC -> PERIODIC_TX
*Aug 20 17:22:25.021: LACP: Gi5/0/0 lacp_action_ptx_fast_periodic_exit entered
*Aug 20 17:22:25.021: LACP: lacp_p(Gi5/0/0) timer stopped
*Aug 20 17:22:25.917: LACP: lacp_p(Gi5/0/0) timer stopped
*Aug 20 17:22:25.917: LACP: lacp_p(Gi5/0/0) expired
*Aug 20 17:22:25.917:     lacp_ptx Gi5: during state FAST_PERIODIC, got event 3(pt_expired)
*Aug 20 17:22:25.917: @@@ lacp_ptx Gi5: FAST_PERIODIC -> PERIODIC_TX
*Aug 20 17:22:25.917: LACP: Gi5/0/0 lacp_action_ptx_fast_periodic_exit entered
*Aug 20 17:22:25.917: LACP: lacp_p(Gi5/0/0) timer stopped
Router1#

Examples

The following example shows how to enable all debugging options for NTP:

Router# debug ntp all
NTP events debugging is on
NTP core messages debugging is on
NTP clock adjustments debugging is on
NTP reference clocks debugging is on
NTP packets debugging is on

Examples

The following is sample output from the debug radius command:

Router# debug radius
Radius protocol debugging is on
Radius packet hex dump debugging is off
Router# show debug
00:19:20: RADIUS/ENCODE(00000015):Orig. component type = AUTH_PROXY
00:19:20: RADIUS(00000015): Config NAS IP: 0.0.0.0
00:19:20: RADIUS/ENCODE(00000015): acct_session_id: 21
00:19:20: RADIUS(00000015): sending
00:19:20: RADIUS/ENCODE: Best Local IP-Address 33.0.0.2 for Radius-Server 33.2.0.1
00:19:20: RADIUS(00000015): Send Access-Request to 33.2.0.1:1645 id 1645/21, len 159
00:19:20: RADIUS:  authenticator 2D 03 E5 A6 A5 30 1A 32 - F2 C5 EE E2 AC 5E 5D 22
00:19:20: RADIUS:  User-Name           [1]   11  "authproxy"
00:19:20: RADIUS:  User-Password       [2]   18  *
00:19:20: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
00:19:20: RADIUS:  Message-Authenticato[80]  18  
00:19:20: RADIUS:   85 EF E8 43 03 88 58 63 78 D2 7B E7 26 61 D3 3C          [ CXcx{&a<]
00:19:20: RADIUS:  Vendor, Cisco       [26]  49  
00:19:20: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0D00000200000013001112FD"
00:19:20: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
00:19:20: RADIUS:  NAS-Port            [5]   6   16480                     
00:19:20: RADIUS:  NAS-Port-Id         [87]  19  "FastEthernet1/0/3"
00:19:20: RADIUS:  NAS-IP-Address      [4]   6   33.0.0.2                  
00:19:20: RADIUS(00000015): Started 5 sec timeout
00:19:20: RADIUS: Received from id 1645/21 33.2.0.1:1645, Access-Accept, len 313
00:19:20: RADIUS:  authenticator E6 6E 1D 64 5A 15 FD AE - C9 60 C0 68 F5 10 E9 B7
00:19:20: RADIUS:  Filter-Id           [11]  8   
00:19:20: RADIUS:   31 30 30 2E 69 6E            [ 100.in]
00:19:20: RADIUS:  Vendor, Cisco       [26]  19  
00:19:20: RADIUS:   Cisco AVpair       [1]   13  "priv-lvl=15"
00:19:20: RADIUS:  Termination-Action  [29]  6   1                         
00:19:20: RADIUS:  Vendor, Cisco       [26]  45  
00:19:20: RADIUS:   Cisco AVpair       [1]   39  "supplicant-name=Port-description test"
00:19:20: RADIUS:  Vendor, Cisco       [26]  38  
00:19:20: RADIUS:   Cisco AVpair       [1]   32  "security-group-tag=2468-C0FFEE"
00:19:20: RADIUS:  Vendor, Cisco       [26]  33  
00:19:20: RADIUS:   Cisco AVpair       [1]   27  "supplicant-group=engineer"
00:19:20: RADIUS:  Vendor, Cisco       [26]  36  
00:19:20: RADIUS:   Cisco AVpair       [1]   30  "supplicant-group=idf_testing"
00:19:20: RADIUS:  Vendor, Cisco       [26]  28  
00:19:20: RADIUS:   Cisco AVpair       [1]   22  "authz-directive=open"
00:19:20: RADIUS:  Vendor, Cisco       [26]  32  
00:19:20: RADIUS:   Cisco AVpair       [1]   26  "supplicant-group=group-9"
00:19:20: RADIUS:  Class               [25]  30  
00:19:20: RADIUS:   43 41 43 53 3A 63 2F 61 37 31 38 38 61 2F 32 31  [CACS:c/a7188a/21]
00:19:20: RADIUS:   30 30 30 30 30 32 2F 31 36 34 38 30      [ 000002/16480]
00:19:20: RADIUS:  Message-Authenticato[80]  18  
00:19:20: RADIUS:   24 13 29 95 A1 5E 9F D3 CB ED 78 F1 F6 62 2B E3            [ $)^xb+]
00:19:20: RADIUS(00000015): Received from id 1645/21
00:19:20: RADIUS/DECODE: parse unknown cisco vsa "supplicant-group" - IGNORE
00:19:20: RADIUS/DECODE: parse unknown cisco vsa "supplicant-group" - IGNORE
00:19:20: RADIUS/DECODE: parse unknown cisco vsa "authz-directive" - IGNORE
00:19:20: RADIUS/DECODE: parse unknown cisco vsa "supplicant-group" - IGNORE
00:19:20: RADIUS/ENCODE(00000015):Orig. component type = AUTH_PROXY
00:19:20: RADIUS(00000015): Config NAS IP: 0.0.0.0
00:19:20: RADIUS(00000015): sending
00:19:20: RADIUS/ENCODE: Best Local IP-Address 33.0.0.2 for Radius-Server 33.2.0.1
00:19:20: RADIUS(00000015): Send Accounting-Request to 33.2.0.1:1646 id 1646/1, len 204
00:19:20: RADIUS:  authenticator A7 6B A0 94 F4 63 30 51 - 8A CE 8C F4 8A 8E 0B CC
00:19:20: RADIUS:  Acct-Session-Id     [44]  10  "00000015"
00:19:20: RADIUS:  Calling-Station-Id  [31]  10  "13.1.0.1"
00:19:20: RADIUS:  Vendor, Cisco       [26]  49  
00:19:20: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0D00000200000013001112FD"

The following is sample output from the debug radius brief command:

Router# debug radius brief
Radius protocol debugging is on
Radius packet hex dump debugging is off
Radius protocol in brief format debugging is on
00:05:21: RADIUS: Initial Transmit ISDN 0:D:23 id 6 10.0.0.1:1824, Accounting-Request, len 358
00:05:21: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085274206
00:05:26: RADIUS: Retransmit id 6
00:05:31: RADIUS: Tried all servers.
00:05:31: RADIUS: No valid server found. Trying any viable server
00:05:31: RADIUS: Tried all servers.
00:05:31: RADIUS: No response for id 7
00:05:31: RADIUS: Initial Transmit ISDN 0:D:23 id 8 10.0.0.0:1823, Access-Request, len 171
00:05:36: RADIUS: Retransmit id 8
00:05:36: RADIUS: Received from id 8 1.7.157.1:1823, Access-Accept, len 115
00:05:47: %ISDN-6-DISCONNECT: Interface Serial0:22 disconnected from 4085274206, call lasted 26 seconds
00:05:47: RADIUS: Initial Transmit ISDN 0:D:23 id 9 10.0.0.1:1824, Accounting-Request, len 775
00:05:47: RADIUS: Received from id 9 1.7.157.1:1824, Accounting-response, len 20

The following example shows how to enable debugging of RADIUS accounting collection:

Router# debug radius accounting
Radius protocol debugging is on
Radius protocol brief debugging is off
Radius protocol verbose debugging is off
Radius packet hex dump debugging is off
Radius packet protocol (authentication) debugging is off
Radius packet protocol (accounting) debugging is on
Radius packet retransmission debugging is off
Radius server fail-over debugging is off
Radius elog debugging is off

Examples

The following is sample output from the debug snmp packetcommand. In this example, the router receives a get-next request from the host at 192.10.2.10 and responds with the requested information.

Router# debug snmp packet
SNMP: Packet received via UDP from 192.10.2.10 on Ethernet0 
SNMP: Get-next request, reqid 23584, errstat 0, erridx 0 
 sysUpTime = NULL TYPE/VALUE 
 system.1 = NULL TYPE/VALUE 
 system.6 = NULL TYPE/VALUE
SNMP: Response, reqid 23584, errstat 0, erridx 0 
 sysUpTime.0 = 2217027 
 system.1.0 = Cisco Internetwork Operating System Software  
 system.6.0 = 
SNMP: Packet sent via UDP to 192.10.2.10

Based on the kind of packet sent or received, the output may vary. For get-bulk requests, a line similar to the following is displayed:

SNMP: Get-bulk request, reqid 23584, nonrptr 10, maxreps 20

For traps, a line similar to the following is displayed:

SNMP: V1 Trap, ent 1.3.6.1.4.1.9.1.13, gentrap 3, spectrap 0

The table below describes the significant fields shown in the display.

Examples

The following example shows that object number 100 is being tracked and that the state of IP routing on Ethernet interface 0/2 is down:

Router# debug track
Feb 26 19:56:23.247:Track:100 Adding interface object
Feb 26 19:56:23.247:Track:Initialise
Feb 26 19:56:23.247:Track:100 New interface Et0/2, ip routing Down
Feb 26 19:56:23.247:Track:Starting process

The following example shows that object number 100 is being tracked and that the state of IP routing on Ethernet interface 0/2 has changed and is back up:

Router# debug track
Feb 26 19:56:41.247:Track:100 Change #2 interface Et0/2, ip routing Down->Up
00:15:07:%LINK-3-UPDOWN:Interface Ethernet0/2, changed state to up
00:15:08:%LINEPROTO-5-UPDOWN:Line protocol on Interface Ethernet0/2, changed state to up

Examples

The following examples for the debug vrrp hacommand display the syncing of VRRP state information from the Active RP to the Standby RP.

The following sample output displays two VRRP state changes on the Active RP:

Router# debug vrrp ha
.
.
.
*Nov 14 11:36:50.272 UTC: VRRP: Gi3/2 Grp 42 RF Encode state Backup into sync buffer
*Nov 14 11:36:50.272 UTC: %VRRP-6-STATECHANGE: Gi3/2 Grp 42 state Init -> Backup 
*Nov 14 11:36:53.884 UTC: VRRP: Gi3/2 Grp 42 RF Encode state Master into sync buffer
*Nov 14 11:36:53.884 UTC: %VRRP-6-STATECHANGE: Gi3/2 Grp 42 state Backup -> Master 

The following sample output displays two VRRP state changes on the Standby RP:

Router# debug vrrp ha
.
.
.
*Nov 14 11:36:50.392 UTC: STDBY: VRRP: Gi3/2 Grp 42 RF sync state Init -> Backup
*Nov 14 11:36:53.984 UTC: STDBY: VRRP: Gi3/2 Grp 42 RF sync state Backup -> Master