topic debugging a link local issue in Network Security

debugging a link local issue

Mark Graham — Tue, 12 Mar 2019 03:23:24 GMT

i'm getting a ton of link local reverse path errors on my inside interface on my ASA

1 Dec 30 2013 08:01:33 169.254.223.30 169.254.255.255 Deny UDP reverse path check from 169.254.223.30 to 169.254.255.255 on interface inside

where should i start to hunt down this address? i know its facticious local address, however, is there a way i can track it down? can i snag the MAC address where its coming from somewhere if i do more debugging? perhaps running a wireshark is where i should start?

debugging a link local issue

Jouni Forss — Mon, 30 Dec 2013 13:35:56 GMT

Hi,

You could configure a capture on the ASA

For example

access-list CAPTURE permit ip 169.254.0.0 255.255.0.0 any

capture CAPTURE type raw-data access-list CAPTURE interface inside buffer 10000000 circular-buffer

Change the buffer size if you need to.

You can then view if the capture has captured any traffic with the command

show capture

You can view the actual capture contents with the command

show capture CAPTURE

But you should probably copy the capture to some host with TFTP and view it with Wireshark. You should be able to check the MAC address of the hosts from the capture file. Seems to me like you have hosts that are unable to get an IP address with DHCP if they are using the above type of IP addresses.

You can copy the capture contents with the command

copy /pcap capture:CAPTURE tftp://x.x.x.x/CAPTURE.pcap

You can remove the capture (and its data) with the command

no capture CAPTURE

You will have to remove the ACL separately

Hope this helps

- Jouni

debugging a link local issue

Mark Graham — Mon, 30 Dec 2013 13:56:02 GMT

sweet, didnt know i could do a pcap capture on the asa! thanks.