Adding remarks to access lists – Cisco ASA 5505 User Manual

19-6

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 19 Adding an IPv6 Access List

Configuring IPv6 Access Lists

To configure an IPv6 access list with ICMP, enter the following command:

Adding Remarks to Access Lists

You can include remarks about entries in any access list, including extended, EtherType, IPv6, standard,
and Webtype access lists. The remarks make the access list easier to understand.

To add a remark after the last access-list command you entered, enter the following command:

Example

You can add remarks before each ACE, and the remarks appear in the access list in these locations.
Entering a dash (-) at the beginning of a remark helps set it apart from an ACE.

hostname(config)# access-list OUT remark - this is the inside admin address

hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any

hostname(config)# access-list OUT remark - this is the hr admin address

hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any

Command

Purpose

ipv6 access-list

id [line line-num] {deny

| permit} icmp6

{source-ipv6-prefix/prefix-length | any |

host

source-ipv6-address | object-group

network_obj_grp_id}

{destination-ipv6-prefix/prefix-length |

any

| host destination-ipv6-address |

object-group

network_obj_grp_id}

[icmp_type | object-group

icmp_type_obj_grp_id] [log [[level]

[interval secs] | disable | default]]

Example:

hostname(config)# ipv6 access list acl_grp

permit tcp any host

3001:1::203:AOFF:FED6:162D

Configures an IPv6 access list with ICMP.

The icmp6 keyword specifies that the access rule applies to ICMPv6 traffic
passing through the ASA.

The icmp_type argument specifies the ICMP message type being filtered by
the access rule. The value can be a valid ICMP type number from 0 to 255.
(For a list of the permitted ICMP type literals, see the

“Guidelines and

Limitations” section on page 19-2

.)

The icmp_type_obj_grp_id option specifies the object group ICMP type
ID.

For details about additional ipv6 access-list command parameters, see the
preceding procedure for adding a regular IPv6 access list, or see the
ipv6 access-list command in the Cisco Security Appliance Command
Reference.

Command

Purpose

access-list

access_list_name remark text

Example:

hostname(config)# access-list OUT remark -

this is the inside admin address

Adds a remark after the last access-list command you entered.

The text can be up to 100 characters in length. You can enter leading spaces
at the beginning of the text. Trailing spaces are ignored.

If you enter the remark before any access-list command, then the remark
is the first line in the access list.

If you delete an access list using the no access-list access_list_name
command, then all the remarks are also removed.