find mac being filtered ASA

So heres the setup

I have a new open mesh POE switch I'm trying to plug into existing 2960 so that we can plug in some OM AP's to it.  I can plug in the OMS8 switch into the cisco with the cisco switchport in access mode for the vlan we want it on. I can run a IP scan and see that the switch indeed gets a DHCP lease, i can go to that ip in browser and get the admin interface (not allowed to log in ). But the switch never checks in with cloudtrax.  I have 4 other AP's on the same subnet that check in fine, so i don't think content filtering  (as suggested by their support) is the issue, though they say the switches check into different servers than APS.  So heres the setup


is there a way i can search for that mac on either the 3650 or the ASA to see if its getting filtered?
Who is Participating?
Craig BeckConnect With a Mentor Commented:
123 is NTP. Filter the log using the switch IP as the source address.
leadthewayAuthor Commented:
looked at the asa log, looks like i found an entry. Not sure if this is the culprit or not
ASACOB/pri/act# sh log | inc
Jan 17 2018 09:04:24: %ASA-4-106023: Deny udp src inside: dst out                                                                           side: by access-group "inside_access_in" [0x0, 0x0]
Jan 17 2018 09:04:54: %ASA-4-106023: Deny udp src inside: dst ou                                                                           tside: by access-group "inside_access_in" [0x0, 0x0]
leadthewayAuthor Commented:
yeah forgot to close this out, i figured it out.  My output from sh log was the ip i needed, the issue was the switch needed to talk to before it was allowed to check in, i just created and object group for these switches to allow.  Thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.