Rule-Based IP Access Control Lists (ACLs)
December 2005 © Foundry Networks, Inc. 12 - 19
If the ACL is a named ACL, (for example, you entered TCP/UDP instead of 100), enter the following commands:
Syntax: [no] access-list <acl-num> | <acl-name> remark <comment-text>
Enter the number of the A
CL for <acl-n
um>. Y
ou can a
dd a comment to a named ACL by entering the ACL’s name The <comment-text> can be up to 128 characters in length. The comment must be entered separately from the
actual ACL entry; that is, you cannot enter the ACL entry and the ACL comment with the same access-list
command. Also, in order for the remark to be displayed correctly in the output of show commands, the comment
must be entered immediately before the ACL entry it describes.
You can use the show running-config or show access-list commands to display the ACL and comments
The following shows an example of a numbered ACL with a comment text in a show running-config display:
The following shows the comment text for the ACL named TCP/UDP in a show running-config display:
Syntax: show running-config
The following example show the comment text for a numbered ACL in a show access-list display:
FESX424 Router(config)# access-list TCP/UDP remark The following line permits TCP
packets
FESX424 Router(config)# access-list TCP/UDP permit tcp 192.168.4.40/24 2.2.2.2/24
FESX424 Router(config)# access-list TCP/UDP remark The following permits UDP
packets
FESX424 Router(config)# access-list TCP/UDP permit udp 192.168.2.52/24 2.2.2.2/24
FESX424 Router(config)# access-list TCP/UDP deny ip any any
FESX424 Router# show running-config
…
access-list 100 remark The following line permits TCP packets
access-list 100 permit tcp 192.168.4.40/24 2.2.2.2/24
access-list 100 remark The following line permits UDP packets
access-list 100 permit udp 192.168.2.52/24 2.2.2.2/24
access-list 100 deny ip any any
FESX424 Router# show running-config ...
access-list TCP/UDP remark The following line permits TCP packets
access-list TCP/UDP permit tcp 192.168.4.40/24 2.2.2.2/24
access-list TCP/UDP remark The following line permits UDP packets
access-list TCP/UDP permit udp 192.168.2.52/24 2.2.2.2/24
access-list TCP/UDP deny ip any any
FESX424 Router# show access-list 100
IP access list rate-limit 100 aaaa.bbbb.cccc
Extended IP access list 100 (Total flows: N/A, Total packets: N/A)
ACL Comments: The following line permits TCP packets
permit tcp 0.0.0.40 255.255.255.0 0.0.0.2 255.255.255.0 (Flows: N/A, Packets: N/A)
ACL Comments: The following line permits UDP packets
permit udp 0.0.0.52 255.255.255.0 0.0.0.2 255.255.255.0 (Flows: N/A, Packets: N/A)
deny ip any any (Flows: N/A, Packets: N/A)
To Next Page
Loading...
Need help?
General
