12-30-2013 05:25 AM - edited 03-11-2019 08:23 PM
i'm getting a ton of link local reverse path errors on my inside interface on my ASA
1 Dec 30 2013 08:01:33 169.254.223.30 169.254.255.255 Deny UDP reverse path check from 169.254.223.30 to 169.254.255.255 on interface inside
where should i start to hunt down this address? i know its facticious local address, however, is there a way i can track it down? can i snag the MAC address where its coming from somewhere if i do more debugging? perhaps running a wireshark is where i should start?
12-30-2013 05:35 AM
Hi,
You could configure a capture on the ASA
For example
access-list CAPTURE permit ip 169.254.0.0 255.255.0.0 any
capture CAPTURE type raw-data access-list CAPTURE interface inside buffer 10000000 circular-buffer
Change the buffer size if you need to.
You can then view if the capture has captured any traffic with the command
show capture
You can view the actual capture contents with the command
show capture CAPTURE
But you should probably copy the capture to some host with TFTP and view it with Wireshark. You should be able to check the MAC address of the hosts from the capture file. Seems to me like you have hosts that are unable to get an IP address with DHCP if they are using the above type of IP addresses.
You can copy the capture contents with the command
copy /pcap capture:CAPTURE tftp://x.x.x.x/CAPTURE.pcap
You can remove the capture (and its data) with the command
no capture CAPTURE
You will have to remove the ACL separately
Hope this helps
- Jouni
12-30-2013 05:56 AM
sweet, didnt know i could do a pcap capture on the asa! thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide