asked on find mac being filtered ASA
So heres the setup
I have a new open mesh POE switch I'm trying to plug into existing 2960 so that we can plug in some OM AP's to it. I can plug in the OMS8 switch into the cisco with the cisco switchport in access mode for the vlan we want it on. I can run a IP scan and see that the switch indeed gets a DHCP lease, i can go to that ip in browser and get the admin interface (not allowed to log in ). But the switch never checks in with cloudtrax. I have 4 other AP's on the same subnet that check in fine, so i don't think content filtering (as suggested by their support) is the issue, though they say the switches check into different servers than APS. So heres the setup
OMS8------>2960----->3650-
is there a way i can search for that mac on either the 3650 or the ASA to see if its getting filtered?
I have a new open mesh POE switch I'm trying to plug into existing 2960 so that we can plug in some OM AP's to it. I can plug in the OMS8 switch into the cisco with the cisco switchport in access mode for the vlan we want it on. I can run a IP scan and see that the switch indeed gets a DHCP lease, i can go to that ip in browser and get the admin interface (not allowed to log in ). But the switch never checks in with cloudtrax. I have 4 other AP's on the same subnet that check in fine, so i don't think content filtering (as suggested by their support) is the issue, though they say the switches check into different servers than APS. So heres the setup
OMS8------>2960----->3650-
is there a way i can search for that mac on either the 3650 or the ASA to see if its getting filtered?
RoutersSwitches / HubsCisco
Last Comment
Leadtheway
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
yeah forgot to close this out, i figured it out. My output from sh log was the ip i needed, the issue was the switch needed to talk to pool.ntp.org before it was allowed to check in, i just created and object group for these switches to allow. Thanks
ASACOB/pri/act# sh log | inc 10.2.10.53
Jan 17 2018 09:04:24: %ASA-4-106023: Deny udp src inside:10.2.10.53/8046 dst out side:129.6.15.30/123 by access-group "inside_access_in" [0x0, 0x0]
Jan 17 2018 09:04:54: %ASA-4-106023: Deny udp src inside:10.2.10.53/23755 dst ou tside:162.210.110.4/123 by access-group "inside_access_in" [0x0, 0x0]