access list remarks

Unanswered Question
Sep 9th, 2008

Hi all, when adding an access list remark, how can you add multiple remarks in say in the middle of the list etc ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Tue, 09/09/2008 - 13:01

Hello Carl,

I thought that the access-list remark option on Cisco routers is there to provide a one line description of the whole ACL,

But by looking at the command reference in 12.4 via the command lookup tool:

The remark can be up to 100 characters long; anything longer is truncated.

If you want to write a comment about an entry in a named access list, use the remark command.

and then follows an example:

In the following example, the workstation belonging to abc is allowed access, and the workstation belonging to xyz is not allowed access:

access-list 1 remark Permit only abc workstation through

access-list 1 permit 172.69.2.88

access-list 1 remark Do not allow xyz workstation through

access-list 1 deny 172.69.3.13

So at least in 12.4 it looks like you can intermix acl statements and remark statements.

you can do a sh access-list and you should see the line numbering 10,20,30, in modern releases.

You should be able to add the remark in the middle by specifying a line number like 25

access-list 100 25 remark comment in the middle

if this doesn't work you can do it in named extended acl where you use the remark command or you can rewrite the ACL in a text editor, delete it and then paste the new version with comments in the middle.

Hope to help

Giuseppe

rsgamage1 Tue, 09/09/2008 - 14:56

Hi,

In my opinion, line numbers cannot be given for remarks.

Couldn't find a better way to do the same other than rewriting the ACL.

glen.grant Tue, 09/09/2008 - 15:40

Giuseppe is correct , this has been available since the 12.2T train though. So all 12.3 or 12.4 code should be able to do this . Just go into acl config mode to do this.

rsgamage1 Wed, 09/10/2008 - 12:59

Please see the following outputs. I can't find a way to enter numbered remarks, but merely numbered rules.

IOS is 12.4.

Router(config)#access-list 100 ?

deny Specify packets to reject

dynamic Specify a DYNAMIC list of PERMITs or DENYs

permit Specify packets to forward

remark Access list entry comment

Router(config)#ip access-list extended 100

Router(config-ext-nacl)#?

Ext Access List configuration commands:

<1-2147483647> Sequence Number

default Set a command to its defaults

deny Specify packets to reject

dynamic Specify a DYNAMIC list of PERMITs or DENYs

evaluate Evaluate an access list

exit Exit from access-list configuration mode

no Negate a command or set its defaults

permit Specify packets to forward

remark Access list entry comment

Router(config-ext-nacl)#25 ?

deny Specify packets to reject

dynamic Specify a DYNAMIC list of PERMITs or DENYs

evaluate Evaluate an access list

exit Exit from access-list configuration mode

permit Specify packets to forward

NO OPTION FOR remarks AFTER THE SEQUENCE NUMBER

From what I can see when multiple remarks need to be entered ACL has to be re-written. Have I overlooked something here?

Actions

This Discussion