Avatar of Leadtheway
Leadtheway
Flag for United States of America asked on

find mac being filtered ASA

So heres the setup

I have a new open mesh POE switch I'm trying to plug into existing 2960 so that we can plug in some OM AP's to it.  I can plug in the OMS8 switch into the cisco with the cisco switchport in access mode for the vlan we want it on. I can run a IP scan and see that the switch indeed gets a DHCP lease, i can go to that ip in browser and get the admin interface (not allowed to log in ). But the switch never checks in with cloudtrax.  I have 4 other AP's on the same subnet that check in fine, so i don't think content filtering  (as suggested by their support) is the issue, though they say the switches check into different servers than APS.  So heres the setup

OMS8------>2960----->3650------->5515ASA

is there a way i can search for that mac on either the 3650 or the ASA to see if its getting filtered?
RoutersSwitches / HubsCisco

Avatar of undefined
Last Comment
Leadtheway

8/22/2022 - Mon
Leadtheway

ASKER
looked at the asa log, looks like i found an entry. Not sure if this is the culprit or not
ASACOB/pri/act# sh log | inc 10.2.10.53
Jan 17 2018 09:04:24: %ASA-4-106023: Deny udp src inside:10.2.10.53/8046 dst out                                                                           side:129.6.15.30/123 by access-group "inside_access_in" [0x0, 0x0]
Jan 17 2018 09:04:54: %ASA-4-106023: Deny udp src inside:10.2.10.53/23755 dst ou                                                                           tside:162.210.110.4/123 by access-group "inside_access_in" [0x0, 0x0]
ASKER CERTIFIED SOLUTION
Craig Beck

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Leadtheway

ASKER
yeah forgot to close this out, i figured it out.  My output from sh log was the ip i needed, the issue was the switch needed to talk to pool.ntp.org before it was allowed to check in, i just created and object group for these switches to allow.  Thanks
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23