Adding a Comment to an ACL
Problem
You want to add a human readable comment to an ACL to help other engineers understand what you have done.
Solution
You can add a comment to any standard or extended IP ACL by using the remark keyword:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#access-list
50
remark
Router1(config)#
Authorizing thy trespass with compare
access-list
50
deny host
Router1(config)#
10.2.2.2
access-list
50
permit
Router1(config)#
10.2.2.0 0.0.0.255
access-list
50
permit any
Router1(config)#end
Router1#
In addition, you can add a comment to a named ACL, as well:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#ip access-list standard
Router2(config-std-nacl)#
TESTACL
remark
Router2(config-std-nacl)#
Authorizing thy trespass with compare
deny host
Router2(config-std-nacl)#
10.2.2.2
permit
Router2(config-std-nacl)#
10.2.2.0 0.0.0.255
permit any
Router2(config-std-nacl)#end
Router2#
Discussion
This command can be quite useful when you have to keep track of many different ACLs on a router, particularly when several of them look similar. The comment field can be up to 100 characters long. But if you require more space, you can simply add more remark lines to the ACL:
Router1(config)#access-list
50
remark
Router1(config)#
Authorizing thy trespass with compare
access-list
50
remark
Router1(config)#
My self corrupting salving thy amiss,
access-list
50
remark
Excusing thy sins more ...
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.