ERROR: TRACER: NP failed tracing packet

I recently implemented a couple of Cisco Firepower firewalls and have been using the packet-tracer feature to determine which NAT rules were being used for certain traffic for instance. Then, after troubleshooting an issue one day, we started receiving the message “ERROR: TRACER: NP failed tracing packet” when trying to run packet-tracer. This occurred from both the GUI (in Firepower Management Center) and command line.

Started my usual trip searching the web for a post how to fix my issue and found a bug from Cisco: https://quickview.cloudapps.cisco.com/quickview/bug/CSCvi37889 

The description listed the symptom as:

Symptom:
1. Packet tracer fails with message: “ERROR: TRACER: NP failed tracing packet”
OR
2. Capture with trace fails to show any trace information for captured packets and displays the below message :
“WARNING: The tracer pool is exhausted. Capture with trace option will not be able to display the trace. Capture with type asp-drop will not be able to include all drop reasons. To recycle tracers back to the pool, please clear or unconfigure the above types of captures.”

This matched dead on to what I was seeing. Then I remember from troubleshooting that we ran some packet captures, one of which was an asp drop capture. This capture was still enabled on the firewall and therefore was causing the packet-tracer to fail. A simple “show capture” on the firewall will check if any are running.

My command line log looked like this:

show capture 
 capture asp type asp-drop all circular-buffer [Capturing - 523517 bytes] 
 capture eigrp1 type raw-data [Capturing - 0 bytes] 
   match ip host 192.168.1.6 any 
no capture eigrp1
no capture asp

Cisco officially lists one of the conditions as:

1. asp drop or interface captures applied with trace keyword.
2. the captures could have been applied in the past and the tracer pool will be exhausted over a period of time.

So I knew the fact that I had the asp drop capture running was my issue. Luckily, when I stopped it, my issue was resolved. As the bug mentions though, if that did not fix it, you’re looking at a reload of the firewall.

If you are facing this issue, good luck, and hopefully clearing any running captures helps!

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail
Kevin Blackburn

Kevin Blackburn

Cisco CCNP, Senior Network Engineer in the Healthcare Industry. Currently working on my CCIE R&S which is the focus of most of my latest blog posts. #NFD15 Delegate.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.