Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Documenting ACL's
- Thread starter Niltinho
- Start date
CiscoGuy33
Instructor
Niltinho,
In IOS you can use remarks to make comments about what different lines in an ACL are doing -
From Cisco -
Including Comments About Entries in ACLs
You can use the remark command to include comments (remarks) about entries in any IP standard or extended ACL. The remarks make the ACL easier for you to understand and scan. Each remark line is limited to 100 characters.
The remark can go before or after a permit or deny statement. You should be consistent about where you put the remark so that it is clear which remark describes which permit or deny statement. For example, it would be confusing to have some remarks before the associated permit or deny statements and some remarks after the associated statements.
For IP numbered standard or extended ACLs, use the access-list access-list number remark remark global configuration command to include a comment about an access list. To remove the remark, use the no form of this command.
In this example, the workstation belonging to Jones is allowed access, and the workstation belonging to Smith is not allowed access:
Switch(config)# access-list 1 remark Permit only Jones workstation through
Switch(config)# access-list 1 permit 171.69.2.88
Switch(config)# access-list 1 remark Do not allow Smith workstation through
Switch(config)# access-list 1 deny 171.69.3.13
Hope this helps!
E.A. Broda
CCNA, CCDA, CCAI, Network +
In IOS you can use remarks to make comments about what different lines in an ACL are doing -
From Cisco -
Including Comments About Entries in ACLs
You can use the remark command to include comments (remarks) about entries in any IP standard or extended ACL. The remarks make the ACL easier for you to understand and scan. Each remark line is limited to 100 characters.
The remark can go before or after a permit or deny statement. You should be consistent about where you put the remark so that it is clear which remark describes which permit or deny statement. For example, it would be confusing to have some remarks before the associated permit or deny statements and some remarks after the associated statements.
For IP numbered standard or extended ACLs, use the access-list access-list number remark remark global configuration command to include a comment about an access list. To remove the remark, use the no form of this command.
In this example, the workstation belonging to Jones is allowed access, and the workstation belonging to Smith is not allowed access:
Switch(config)# access-list 1 remark Permit only Jones workstation through
Switch(config)# access-list 1 permit 171.69.2.88
Switch(config)# access-list 1 remark Do not allow Smith workstation through
Switch(config)# access-list 1 deny 171.69.3.13
Hope this helps!
E.A. Broda
CCNA, CCDA, CCAI, Network +
- Thread starter
- #3
- Status