|
|
You can now include comments (remarks) about entries in any IP access list. The remarks make the access list easier for the network administrator to understand. Each remark is limited to 100 characters.
Remarks about entries in an IP access list make the list easier to understand and scan. For example, it is not immediately clear what the purpose of the following entry is:
It is much easier to read a remark about the entry to understand its effect, as follows:
For complete information on how to configure IP access lists, refer to the following:
The remark can go before or after a permit or deny statement. You should be consistent about where you put the remark so it is clear which remark describes which permit or deny statement. For example, it would be confusing to have some remarks before the associated permit or deny statements and some remarks after the associated statements.
Remember to apply the access list to an interface or terminal line after the access list is created. Refer to the related documentation for information on how to apply the access list.
To include remarks in an access list, perform one of the following tasks, depending on whether you are using a named or numbered access list:
To write a comment about an entry in a named IP access list, use the following commands in the order shown. Step 1 is performed once; Step 2 can be performed multiple times in the access list, before or after any permit or deny command.
| Step | Command | Purpose |
|---|---|---|
| 1. |
Router(config)# ip access-list standard name |
|
| 2. |
Router(config-std-nacl)# remark remark |
To write a comment about an entry in a numbered IP access list, use the following command before or after any access-list permit or access-list deny command:
In the following example of a numbered access list, the workstation belonging to Jones is allowed access and the workstation belonging to Smith is not allowed access:
In the following example of a numbered access list, the Winter and Smith workstations are not allowed to browse the web:
In the following example of a named access list, the Jones subnet is not allowed access:
In the following example of a named access list, the Jones subnet is not allowed to use outbound Telnet:
This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command references.
To write a helpful comment (remark) for an entry in a numbered IP access list, use the access-list remark global configuration command. To remove the remark, use the no form of this command.
The access list entries have no remarks.
This command first appeared in Cisco IOS Release 12.0(2)T.
The remark can be up to 100 characters; anything longer is truncated.
If you want to write a comment about an entry in a named access list, use the remark command.
In the following example, the workstation belonging to Jones is allowed access and the workstation belonging to Smith is not allowed access:
access-list (extended)
access-list (standard)
remark
To write a helpful comment (remark) for an entry in a named IP access list, use the remark access-list configuration command. To remove the remark, use the no form of this command.
The access list entries have no remarks.
This command first appeared in Cisco IOS Release 12.0(2)T.
The remark can be up to 100 characters; anything longer is truncated.
If you want to write a comment about an entry in a numbered IP access list, use the access-list remark command.
In the following example, the Jones subnet is not allowed to use outbound Telnet:
access-list remark
deny
ip access-list
permit
Posted: Thu Jan 16 22:26:59 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.