09-09-2008 05:54 AM - edited 03-06-2019 01:16 AM
Hi all, when adding an access list remark, how can you add multiple remarks in say in the middle of the list etc ?
09-09-2008 01:01 PM
Hello Carl,
I thought that the access-list remark option on Cisco routers is there to provide a one line description of the whole ACL,
But by looking at the command reference in 12.4 via the command lookup tool:
The remark can be up to 100 characters long; anything longer is truncated.
If you want to write a comment about an entry in a named access list, use the remark command.
and then follows an example:
In the following example, the workstation belonging to abc is allowed access, and the workstation belonging to xyz is not allowed access:
access-list 1 remark Permit only abc workstation through
access-list 1 permit 172.69.2.88
access-list 1 remark Do not allow xyz workstation through
access-list 1 deny 172.69.3.13
So at least in 12.4 it looks like you can intermix acl statements and remark statements.
you can do a sh access-list and you should see the line numbering 10,20,30, in modern releases.
You should be able to add the remark in the middle by specifying a line number like 25
access-list 100 25 remark comment in the middle
if this doesn't work you can do it in named extended acl where you use the remark command or you can rewrite the ACL in a text editor, delete it and then paste the new version with comments in the middle.
Hope to help
Giuseppe
09-09-2008 02:56 PM
Hi,
In my opinion, line numbers cannot be given for remarks.
Couldn't find a better way to do the same other than rewriting the ACL.
09-09-2008 03:40 PM
Giuseppe is correct , this has been available since the 12.2T train though. So all 12.3 or 12.4 code should be able to do this . Just go into acl config mode to do this.
09-10-2008 12:59 PM
Please see the following outputs. I can't find a way to enter numbered remarks, but merely numbered rules.
IOS is 12.4.
Router(config)#access-list 100 ?
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
permit Specify packets to forward
remark Access list entry comment
Router(config)#ip access-list extended 100
Router(config-ext-nacl)#?
Ext Access List configuration commands:
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
evaluate Evaluate an access list
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
Router(config-ext-nacl)#25 ?
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
evaluate Evaluate an access list
exit Exit from access-list configuration mode
permit Specify packets to forward
NO OPTION FOR remarks AFTER THE SEQUENCE NUMBER
From what I can see when multiple remarks need to be entered ACL has to be re-written. Have I overlooked something here?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide