I've configured an ACL in a BVI interface an now is working as intended. But I would like to know which access-list statement matchs with the traffic flowing through the interface.
I've tried with the "debug ip packet <access-list>" but it doesn't show the traffic denied.
Try adding a log to the end of the ACL, this should force a punt to the CPU.
debug ip packet only shows process switched traffic.
The other "drastic" measure is to turn off cef, but I dont recommend doing that.