Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Anyway to add rulebase comments (at CLI not PDM) to 6.3 Pix?

Re 6.3 PIX

Cannot see a "Description" type command for this but want to add clarity to the rulebase - also we do not use a PDM to manage - just CLI - thanks

5 REPLIES
Gold

Re: Anyway to add rulebase comments (at CLI not PDM) to 6.3 Pix?

I you are talking about ACL desription you need to use "remark"

fe.

access-list 101 remark --access to outside--

M.

Hope that helps rate if it does

New Member

Re: Anyway to add rulebase comments (at CLI not PDM) to 6.3 Pix?

I don't have access to a test firewall until later tonight. However I happen to have an acl 100 that is about 25 lines long. Can you use the "remark" command in the specific line as the actual acl - or would I have to have a remark line preceding each and every one of the 25 constituent lines that comprise acl 100?

For example:

access-list 100 remark --allow tacacs--access-list 100 permit host 10.1.1.1 172.16.1.1 eq tacacs

access-list 100 remark --allow DNS--

access-list 100 permit host 10.9.1.1 172.16.1.1 eq domain

access-list 100 remark --allow other stuff--

access-list 100 permit host 10.9.1.1 192.168.1.1 eq otherstuff

and so on ??

Thanks

Gold

Re: Anyway to add rulebase comments (at CLI not PDM) to 6.3 Pix?

I guess you can insert remark to specific line

witch command

access-list 100 line xxx remark ----

You will see lines witch command

show access-list 100

New Member

Re: Anyway to add rulebase comments (at CLI not PDM) to 6.3 Pix?

OK will test tonight and post reply - thanks for prompt help

New Member

Re: Anyway to add rulebase comments (at CLI not PDM) to 6.3 Pix?

yes all works fine

157
Views
0
Helpful
5
Replies
CreatePlease to create content