Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
532
Views
0
Helpful
3
Replies

SSH & AAA issue on IOS

allanc16
Level 1
Level 1

ā€Ž10-26-2010 11:03 AM - edited ā€Ž02-21-2020 04:08 AM

Hello,

I have a 3750 with SSH issues. The only way I can connect is via console connection and when I connect it asks for my TACACS id and pwd. I have verified all firewalls and there is no ACL blocking this traffic. but I do see a reset-O on the firewall from the deviceĀ“s side.

I want to enable the following debugs to see whatĀ“s happening when I try to ssh to the device over the network but how can enable these debugs when I am in a console connection? I just want the output of these debugs to show up.

debug ip ssh

debug aaa athenticaiton

Logging settings:

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level informational, 2915 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 69 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level informational, 2915 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: enabled
    File logging: disabled
    Trap logging: level debugging, 3112 message lines logged
        Logging to x.x.x.x, 2945 message lines logged, xml disabled,
               filtering disabled

0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

ā€Ž10-26-2010 11:27 AM

You need to change your console logging level from information to debug.

logging console debug

Hope it helps.

0 Helpful

allanc16
Level 1
Level 1
In response to Collin Clark

ā€Ž10-26-2010 11:35 AM

Thanks but would that only make those 2 debugs show up? or all logging would go to the console ?

Thanks

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to allanc16

ā€Ž10-26-2010 11:41 AM

Think about logging as water flowing into your house. In certain areas, like a bathroom sink, you don't want the full force of all the water, you want just enough to fill up the sink or wash your face. This would relate to information level. You see some alerts (informational and below). In your bath tub you want the full force of the water supply because you need to fill the entire tub with water. This is like debug, send me everything you have. Logging is not sent to specific areas, it is restricted by level to specific areas. In your case currently the console is logging informational and you want debug. If you look at your Monitor level, you can see it is allowing all debugs, while your buffer is only allowing informational.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card