Solved: Not seeing debug dot1x or mab event log entries on IOS-XE machines.

wags · ‎03-28-2024

Hello all,
20+ years ago I used debug all the time, however not so much so in the last decade. Seems like last time I called TAC on the 3850 debug command they gave me some silly answer that debug was a Cisco TAC command. WFIW All the Cisco.com debug command doc I find seems to be a bit dated.

Has Cisco (kind of) deprecated or otherwise changed debug in IOS-XE?
Are the debugs now partially or entirely under a different task and I need to debug on it or issue command to it?
Am I doing something wrong as outlined below?

Everything works as expected on an old 2960 with non-XE IOS.

Situation:
I wanted to look at an 802.1x issue between ISE and Windows 11 (Win 10 works fine). I needed to see what was going on at the switch/authenticator port level.

+++++++++++++++++++++++++++++++++++++++
I need the debug issue/situation answered please.
+++++++++++++++++++++++++++++++++++++++
PLEASE don't t-shoot the 802.1x problem. I am already aware of what is happening. I used a 2960 with old non-XE IOS to run debug and confirm our suspicions on the issue.

On 3850 with Cisco IOS XE Software, Version 16.12.10
SSHed into the switch
issue term mon
issue debug mab events and debug dot1x events
do not see debug logging entries on the VTY/SSH session
Other log entries like port down/up are seen on the VTY/SSH session
the messages logged counters go up

We see the same lack of debug messaging on a C9300-24P Cisco IOS XE Software, Version 17.06.05

Misc displays from 3850

SW3850-160#sh logging
Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering dis
abled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: disabled
Monitor logging: level debugging, 1553 messages logged, xml disabled,
filtering disabled
Logging to: vty2(110)
Buffer logging: level debugging, 1875 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level debugging, 648401 message lines logged
Logging to <IP edited> (udp port 514, audit disabled,
link up),
648400 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to <IP edited> (udp port 514, audit disabled,
link up),
648401 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to <IP edited> (udp port 514, audit disabled,
link up),
648401 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
Vlan288

Log Buffer (102400 bytes):

SW3850-160#sh debug
Packet Infra debugs:

Ip Address Port
------------------------------------------------------|----------

MAC Authentication Bypass:
MAC Authentication Bypass events debugging is on
dot1x:
Dot1x events debugging is on
SW3850-160#

SW3850-160#sh run | in logging
logging buffered informational
no logging console
epm logging
no device-tracking logging theft
logging enable
logging history informational
logging trap debugging
logging facility auth
logging source-interface Vlan288
logging host <IP edited>
logging host <IP edited>
logging host <IP edited>
logging synchronous
logging synchronous
logging synchronous
SW3850-160#

On a 2960 with non-XE IOS we see the debug logging entries. snippet below:
we enabled debug mab events, debug d0t1x events and issued term mon etc. like on the 9300 and 3850. Results are what I expect.

<edited>
Mar 21 11:41:32 <IP edited> 19054: Mar 21 15:41:32.952 utc: dot1x-ev:[38ca.84db.1116, Gi1/0/3] Sending EAPOL packet
Mar 21 11:41:32 <IP edited> 19055: Mar 21 15:41:32.952 utc: dot1x-ev:[38ca.84db.1116, Gi1/0/3] Sending out EAPOL packet to MAC 38ca.84db.1116
Mar 21 11:41:32 <IP edited> 19056: Mar 21 15:41:32.952 utc: dot1x-ev:[38ca.84db.1116, Gi1/0/3] Deleting client 0xA8000293 (38ca.84db.1116)
Mar 21 11:41:32 <IP edited>19057: Mar 21 15:41:32.952 utc: mab-ev: [38ca.84db.1116, Gi1/0/3] Received MAB context create from AuthMgr
Mar 21 11:41:32 <IP edited> 19058: Mar 21 15:41:32.952 utc: mab-ev: MAB authorizing 38ca.84db.1116
Mar 21 11:41:32 <IP edited> 19059: Mar 21 15:41:32.952 utc: mab-ev: Created MAB client context 0x8800005B
Mar 21 11:41:32 <IP edited> 19060: Mar 21 15:41:32.952 utc: mab-ev: [38ca.84db.1116, Gi1/0/3] Sending create new context event to EAP from MAB for 0x8800005B (38ca.84db.1116)
<edited>

MHM Cisco World · ‎03-28-2024

There is OLD and new debug command for ios xe

Please check this link for new debug command

https://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/220919-troubleshoot-dot1x-on-catalyst-9000-seri.html

MHM

View solution in original post

MHM Cisco World · ‎03-28-2024

There is OLD and new debug command for ios xe

Please check this link for new debug command

https://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/220919-troubleshoot-dot1x-on-catalyst-9000-seri.html

MHM

wags · ‎03-28-2024

Ah, that looks like what I need, at least for authentication. Thanks MHM.

Do you (or anyone) know if there is a more in depth document specifically for IOS-XE debugs? Maybe some kind of "Rosette Stone" between IOS and IOS-XE debugs? Something consolidated that Cisco is keeping up to date?