looks like the cisco access-list debugger doesn't show enough detail. as soon as the path to the attacker crosses a MAE, you need to know the source MAC level address of the router that's splattering you.