560 BigIron RX Series Configuration Guide53-1001810-01Troubleshooting ACLs21Troubleshooting ACLsUse the following methods to troubleshoot an ACL:• To determine whether an ACL entry is correctly matching packets, add the log option to the ACLentry, then reapply the ACL. This forces the device to send packets that match the ACL entry tothe CPU for processing. The log option also generates a Syslog entry for packets that arepermitted or denied by the ACL entry.• To determine whether the issue is specific to fragmentation, remove the Layer 4 information(TCP or UDP application ports) from the ACL, then reapply the ACL.logmask-reply 18 0mask-request 17 0net-redirect 5 0net-tos-redirect 5 2net-tos-unreachable 3 11net-unreachable 3 0packet-too-big 3 4parameter-problemNOTE: This message includes all parameter problems12 0port-unreachable 3 3precedence-cutoff 3 15protocol-unreachable 3 2reassembly-timeout 11 1redirectNOTE: This includes all redirects.5 xrouter-advertisement 9 0router-solicitation 10 0source-host-isolated 3 8source-quench 4 0source-route-failed 3 5time-exceeded 11 xtimestamp-reply 14 0timestamp-request 13 0ttl-exceeded 11 0unreachableNOTE: This includes all unreachable messages3 xTABLE 99 ICMP message types and codes (Continued)ICMP message type Type Code