find mac being filtered ASA

So heres the setup

I have a new open mesh POE switch I'm trying to plug into existing 2960 so that we can plug in some OM AP's to it.  I can plug in the OMS8 switch into the cisco with the cisco switchport in access mode for the vlan we want it on. I can run a IP scan and see that the switch indeed gets a DHCP lease, i can go to that ip in browser and get the admin interface (not allowed to log in ). But the switch never checks in with cloudtrax.  I have 4 other AP's on the same subnet that check in fine, so i don't think content filtering  (as suggested by their support) is the issue, though they say the switches check into different servers than APS.  So heres the setup


is there a way i can search for that mac on either the 3650 or the ASA to see if its getting filtered?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

leadthewayAuthor Commented:
looked at the asa log, looks like i found an entry. Not sure if this is the culprit or not
ASACOB/pri/act# sh log | inc
Jan 17 2018 09:04:24: %ASA-4-106023: Deny udp src inside: dst out                                                                           side: by access-group "inside_access_in" [0x0, 0x0]
Jan 17 2018 09:04:54: %ASA-4-106023: Deny udp src inside: dst ou                                                                           tside: by access-group "inside_access_in" [0x0, 0x0]
Craig BeckCommented:
123 is NTP. Filter the log using the switch IP as the source address.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
leadthewayAuthor Commented:
yeah forgot to close this out, i figured it out.  My output from sh log was the ip i needed, the issue was the switch needed to talk to before it was allowed to check in, i just created and object group for these switches to allow.  Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.