cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2608
Views
10
Helpful
2
Replies

Next CLI command to determine what ACL is dropping traffic?

Alan Inman
Level 1
Level 1

Hey, pros, I've determined that an Implicit ACL is causing my Mobile32 traffic to drop in Phase 3, BUT it's not so kind as to give me which rule is dropping the traffic. If you're me, what's your next command? What command would you enter to see what ACL is dropping traffic for Mobile32? 

 

Thank you all!

 

Screen Shot 2021-01-04 at 5.18.50 PM.png

1 Accepted Solution

Accepted Solutions

setian_london
Level 1
Level 1

You can use the command 

>system support trace 

the result tells you which policy generates the block.

example.

ftd-trace.jpg

more information

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212321-clarify-the-firepower-threat-defense-acc.html

View solution in original post

2 Replies 2

TJ-20933766
Spotlight
Spotlight

Create a packet capture that only collects dropped packets due to an ACL:

ASA5508# capture mycapture type asp-drop acl-drop

Next view the packet capture to see what traffic is getting dropped which might lead you to the ACL that needs tweaking:

ASA5508# show capture mycapture
5 packets captured
   1: 18:25:42.987879       1.1.1.1.43605 > 2.2.2.2.34577: S 431469340:431469340(0) win 1024 Drop-reason: (acl-drop) Flow is denied by configured rule
  

setian_london
Level 1
Level 1

You can use the command 

>system support trace 

the result tells you which policy generates the block.

example.

ftd-trace.jpg

more information

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212321-clarify-the-firepower-threat-defense-acc.html

Review Cisco Networking for a $25 gift card