Adding a Comment to an ACL

Problem

You want to add a human readable comment to an ACL to help other engineers understand what you have done.

Solution

You can add a comment to any standard or extended IP ACL by using the remark keyword:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#access-list 50 remark Authorizing thy trespass with compare Router1(config)#access-list 50 deny host 10.2.2.2
Router1(config)#access-list 50 permit 10.2.2.0 0.0.0.255
Router1(config)#access-list 50 permit any
Router1(config)#end
Router1#

In addition, you can add a comment to a named ACL, as well:

Router2#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#ip access-list standard TESTACL       
Router2(config-std-nacl)#remark Authorizing thy trespass with compare 
Router2(config-std-nacl)#deny host 10.2.2.2
Router2(config-std-nacl)#permit 10.2.2.0 0.0.0.255
Router2(config-std-nacl)#permit any
Router2(config-std-nacl)#end
Router2#

Discussion

This command can be quite useful when you have to keep track of many different ACLs on a router, particularly when several of them look similar. The comment field can be up to 100 characters long. But if you require more space, you can simply add more remark lines to the ACL:

Router1(config)#access-list 50 remark Authorizing thy trespass with compare Router1(config)#access-list 50 remark My self corrupting salving thy amiss,
Router1(config)#access-list 50 remark Excusing thy sins more ...

Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.