Debug command

[no] debug <debug-type>

acl	When a match occurs on an ACL "deny" ACE (with log configured), the switch sends an ACL message to configured debug destinations. NOTE: Beginning with software release K.14.01, ACE matches (hits) for permit and deny entries can be tracked using the show statistics [ aclv4 | aclv6 ] command. (Default: Disabled—ACL messages for traffic that matches "deny" entries are not sent.)
all	Configures the switch to send all debug message types to configured debug destinations. (Default: Disabled—No debug messages are sent.)
cdp	Sends CDP information to configured debug destinations.
destination	logging—Disables or re-enables syslog logging on one or more syslog servers configured with the logging syslog-ip-addr command. session—Assigns or re-assigns destination status to the terminal device that was most recently used to request debug output. buffer—Enables syslog logging to send the debug message types specified by the debug debug-type command to a buffer in switch memory.
event	Configures the switch to send Event Log messages to configured debug destinations. NOTE: This value does not affect the reception of event notification messages in the Event Log on the switch. Event Log messages are automatically enabled to be sent to debug destinations in these conditions: If no syslog server address is configured and you enter the logging syslog-ip-addr command to configure a destination address. If at least one syslog server address is configured in the startup configuration, and the switch is rebooted or reset. Event log messages are the default type of debug message sent to configured debug destinations.
ip [ fib | forwarding | ospf | ospfv3 | packet | pim | rip ]
	Sends IP messages to configured destinations.
ip [fib [events]]	For the configured debug destinations: events—Sends IP forwarding information base events.
ip [ospf [ adj | event | flood | lsa-generation | packet packet-type | retransmission | spf ]]
	For the configured debug destinations: ospf—Enables the specified IP-OSPF message type. adj—Adjacency changes. event—OSPF events. flood—Information on flood messages. lsa-generation—New LSAs added to database. packet [packet-type] — All OSPF packet messages sent and received on the switch, where packet-type enables only the specified OSPF packet type. Valid values are: dd—Database descriptions hello—Hello messages lsa—Link-state advertisements lsr—Link-state requests lsu—Link-state updates retransmission—Retransmission timer messages. spf—Path recalculation messages.
ip [ospfv3]	Enables OSPFv3 debug messages.
ip [pim [packet filter source ip-addr | vlan vid ]]
	For the configured debug destinations: packet— Enables the specified PIM message type filter— Enables or disables tracing of PIM messages filtered on VLAN or source group information. source ip-addr — Displays packets from a specific source to a specific group. Only a single source/group filter is supported. vlan vlan-id— Enables or disables tracing on a specified VLAN for PIM NOTE: When PIM debugging is enabled, the following message displays: PIM Debugging can be extremely CPU intensive when run on a device with an existing high CPU load or on a switch with more than 10 PIM-enabled VLANs. In high load situations, the switch may suffer from protocol starvation, high latency, or even reload. When debugging a switch with more than 10 PIM-enabled VLANs, the “vlan” option in “debug ip pim packet” should be utilized. Debugging should only be used temporarily while troubleshooting problems. Customers are advised to exercise caution when running this command in a high-stress production network.
ip [ rip [ database | event | trigger ]]
	rip [ database | event | trigger ] —Enables the specified RIP message type for the configured destination(s.) database—Displays database changes. event—Displays RIP events. trigger—Displays trigger messages.
ipv6 [ dhcpv6-client | dhcpv6-relay | forwarding | nd | ospfv3 | packet ]
	NOTE: See IPv6 Configuration Guide. When no debug options are included, displays debug messages for all IPv6 debug options. dhcpv6-client [ events | packe ] —Displays DHCPv6 client event and packet data. dhcpv6-relay [ events | packet ] —Displays DHCPv6 relay event and relay packet data. forwarding— Displays IPv6 Forwarding Information Base messages. nd—Displays debug messages for IPv6 neighbor discovery. ospfv3—Enables the specified IPv6-OSPF message type. adj— Adjacency changes. event— OSPFv3 events. flood— Information on flood messages. lsa-generation— New link state advertisements added to database. packet [ packet-type] —All OSPFv3 packet messages sent and received on the switch, where packet-type enables only the specified OSPFv3 packet type. Valid values are: dd— Database descriptions hello— Hello messages lsa— Link-state advertisements lsr— Link-state requests lsu— Link-state updates retransmission—Retransmission timer messages. spf—Path recalculation messages. packet—Displays IPv6 packet messages.
lldp	Enables all LLDP message types for the configured destinations.
security [ arp-protect | dhcp-snooping | dynamic-ip-lockdown | port-access | port-security | radius-server | ra-guard |ssh | tacacs-server | user-profile-mib ]
	arp-protect— Sends dynamic ARP protection debug messages to configured debug destinations. dhcp-snooping—Sends DHCP snooping debug messages to configured debug destinations. agent—Displays DHCP snooping agent messages. event—Displays DHCP snooping event messages. packet—Displays DHCP snooping packet messages. dynamic-ip-lockdown—Sends dynamic IP lockdown debug messages to the debug destination. port-access—Sends port-access debug messages to the debug destination. radius-server—Sends RADIUS debug messages to the debug destination. ra-guard—Sends blocked RAs and redirects to the debug destination. ssh—Sends SSH debug messages at the specified level to the debug destination. The levels are fatal, error, info, verbose, debug, debug2, and debug3. tacacs-server—Sends TACACS debug messages to the debug destination. user-profile-mib—Sends user profile MIB debug messages to the debug destination.
services slot-id-range
	Displays debug messages on the services module. Enter an alphabetic module ID or range of module IDs for the slot-id-range parameter.
snmp event | pdu | routines
	Displays the SNMP debug messages. event—Displays SNMP event debug messages. pdu—Displays SNMP pdu debug messages. routines—Displays SNMP routines debug messages
vrrp	Displays VRRP debug messages on the configured destinations.
wireless-services slot-id-range
	Displays wireless-services debug messages on the wireless services module. Enter an alphabetic module ID or range of IDs for the slot-id-range parameter.

[no] debug <debug type> include [ip <ip-addr list>|port <port-list>|vlan <vid-list>]

Enables or disables debug message filtering for a debug type. The filter types are:

IPv4 or IPv6 address list Port list VLAN list

Default: Disabled

Example of setting an SNMP event filter for an IP address

Example of setting an IP RIP filter for port A4

Example of setting a filter for fatal SSH messages on a VLAN

[no] debug event

[no] debug all

[no] debug destination [ logging | session | buffer ] logging

Enables syslog logging to configured syslog servers so that the debug message types specified by the debug debug-type command.

(Default: Logging disabled)

	NOTE: Debug messages from the switches covered in this guide have a debug severity level. Because the default configuration of some syslog servers ignores syslog messages with the debug severity level, ensure that the syslog servers you want to use to receive debug messages are configured to accept the debug level.

session

Enables transmission of event notification messages to the CLI session that most recently executed this command. The session can be on any one terminal emulation device with serial, Telnet, or SSH access to the CLI at the Manager level prompt. If more than one terminal device has a console session with the CLI, you can redirect the destination from the current device to another device. Do so by executing debug destination session in the CLI on the terminal device on which you now want to display event messages. Event message types received on the selected CLI session are configured with the debug debug-type command.

buffer

Enables syslog logging to send the debug message types specified by the debug debug-type command to a buffer in switch memory. To view the debug messages stored in the switch buffer, enter the show debug buffer command.