Previous section   Next section

Recipe 19.2 Adding a Comment to an ACL

19.2.1 Problem

You want to add a human-readable comment to an ACL to help other engineers understand what you have done.

19.2.2 Solution

You can add a comment to any standard or extended IP ACL using the remark keyword:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#access-list 50 remark Authorizing thy trespass with compare
Router1(config)#access-list 50deny host 10.2.2.2
Router1(config)#access-list 50 permit 10.2.2.0 0.0.0.255
Router1(config)#access-list 50 permit any

19.2.3 Discussion

This command can be quite useful when you have to keep track of many different ACLs on a router, particularly when several of them look similar. The comment field can be up to 100 characters long. If you require more space, simply add more remark lines to the ACL:

Router1(config)#access-list 50 remark Authorizing thy trespass with compare
Router1(config)#access-list 50remark My self corrupting salving thy amiss,
Router1(config)#access-list 50remark Excusing thy sins more than thy sins are
Router1(config)#access-list 50 remark Shakespeare, Sonnet 35

When you display this ACL using the show access-list command, it will not show the remark lines:

Router1#show access-list 50
Standard IP access list 50
    deny   10.2.2.2
    permit 10.2.2.0, wildcard bits 0.0.0.255
    permit any
Router1#

The only way to see these comments is to look at the router's configuration file:

Router1#show running-config | include access-list 50
access-list 50 remark Authorizing thy trespass with compare 
access-list 50 remark My self corrupting salving thy amiss,
access-list 50 remark Excusing thy sins more than thy sins are
access-list 50 remark Shakespeare, Sonnet 35
access-list 50 deny   10.2.2.2
access-list 50 permit 10.2.2.0 0.0.0.255
access-list 50 permit any
access-list 50 remark 
Router1#

Note that the router does not reorder the remark lines in the ACL, so you can use this feature to explain line-by-line what each command does:

Router1(config)#access-list 50 remark loathsome canker
Router1(config)#access-list 50 deny host 10.2.2.2
Router1(config)#access-list 50 remark sweetest bud
Router1(config)#access-list 50 permit 10.2.2.0 0.0.0.255
Router1(config)#access-list 50 permit any

19.2.4 See Also

Complete Sonnets, William Shakespeare (Dover)

  Previous section   Next section
Top