Online Test Banks
Score higher
See Online Test Banks
eLearning
Learning anything is easy
Browse Online Courses
Mobile Apps
Learning on the go
Explore Mobile Apps
Dummies Store
Shop for books and more
Start Shopping

Adding Remarks to an Access Control List (ACL)

Viewing Access Control Lists (ACLs) can be somewhat confusing because the ACLs will all run together. Adding remarks to your ACLs will make them easier to read. When you look at your running-config to view the ACLs without remarks, as shown here:

Switch1#show running-config | include access-list
access-list 50 deny   192.168.8.200
access-list 50 deny   192.168.8.201
access-list 50 permit 192.168.8.0 0.0.0.255
access-list 50 permit 192.168.9.0 0.0.0.255
access-list 60 permit 192.168.8.0 0.0.0.3
access-list 60 deny   192.168.8.0 0.0.0.255
access-list 60 deny   192.168.9.0 0.0.0.255

To make this easier to read, you should start each ACL with a remark line. This does not show up when using the show command; but is in your running-config. This is what it would look like:

Switch1#show running-config | include access-list
access-list 50 deny   192.168.8.200
access-list 50 deny   192.168.8.201
access-list 50 permit 192.168.8.0 0.0.0.255
access-list 50 permit 192.168.9.0 0.0.0.255
access-list 60 remark This ACL is to control the outbound router traffic.
access-list 60 permit 192.168.8.0 0.0.0.3
access-list 60 deny   192.168.8.0 0.0.0.255
access-list 60 deny   192.168.9.0 0.0.0.255

So far, the examples shown you are how to work the ACLs on a switch or router, but syntactically it is a little different on the adaptive security appliance (ASA). For starters, the ASA does not make use of the wildcard mask, but rather uses the less confusing (unless you are expecting it) subnet mask.

The following code is paused to get the help information on a switch and on an ASA while adding the access list. Notice in the help information it actually indicates if it wants a subnet mask or a wildcard mask.

Switch1(config)#access-list 50 permit 192.168.8.0 ?
  A.B.C.D  Wildcard bits
  log      Log matches against this entry
  <cr>
ASAFirewall1(config)# access-list 50 permit 192.168.8.0 ?
configure mode commands/options:
  A.B.C.D  Netmask for the IP address

Otherwise, the creation and management of the ACLs is the same across most of the Cisco product line.

blog comments powered by Disqus
Advertisement

Inside Dummies.com

Dummies.com Sweepstakes

Win $500. Easy.