beautypg.com

Acl comment text management, Adding a comment to an entry in a numbered acl – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 123

background image

To enable this feature, enter the ip preserve-ACL-user-input-format command.

device(config)#ip preserve-ACL-user-input-format

Syntax: ip preserve-ACL-user-input-format

The following example shows how this feature works for a TCP port (this feature works the same way
for UDP ports). In this example, the user identifies the TCP port by number (80) when configuring ACL
group 140. However, show ip access-list 140 reverts to the port name for the TCP port (http in this
example). After the user issues the new ip preserve-ACL-user-input-format command, show ip
access-list 140 displays either the TCP port number or name, depending on how it was configured by
the user.

device(config)#access-list 140 permit tcp any any eq 80

device(config)#access-list 140 permit tcp any any eq ftp

device#show ip access-lists 140

Extended IP access list 140

permit tcp any any eq http

permit tcp any any eq ftp

device(config)#access-list 140 permit tcp any any eq 80

device(config)#access-list 140 permit tcp any any eq ftp

device#show ip access-lists 140

Extended IP access list 140

permit tcp any any eq http

permit tcp any any eq ftp

device(config)#ip preserve-ACL-user-input-format

device#show ip access-lists 140

Extended IP access list 140

permit tcp any any eq 80

permit tcp any any eq ftp

ACL comment text management

ACL comment text describes entries in an ACL. The comment text appears in the output of show
commands that display ACL information.

This section describes how to add, delete, and view ACL comments.

Adding a comment to an entry in a numbered ACL

To add comments to entries in a numbered ACL, enter commands such as the following.

device(config)#access-list 100 remark The following line permits TCP packets

device(config)#access-list 100 permit tcp 192.168.4.40/24 2.2.2.2/24

device(config)#access-list 100 remark The following permits UDP packets

device(config)#access-list 100 permit udp 192.168.2.52/24 2.2.2.2/24

device(config)#access-list 100 deny ip any any

You can add comments to entries in a numbered ACL using the syntax for named ACLs. For example,
using the same example configuration above, you could instead enter the following commands.

device(config)#ip access-list extended 100

device(config-ext-nACL)#remark The following line permits TCP packets

device(config-ext-nACL)#permit tcp 192.168.4.40/24 2.2.2.2/24

device(config-ext-nACL)#remark The following permits UDP packets

device(config-ext-nACL)#permit udp 192.168.2.52/24 2.2.2.2/24

device(config-ext-nACL)#deny ip any any

Syntax: [no] access-list ACL-num remark comment-text

or

ACL comment text management

FastIron Ethernet Switch Security Configuration Guide

123

53-1003088-03

See also other documents in the category Brocade Computer Accessories: