Adding remarks to access lists, What to do next, Monitoring ethertype access lists – Cisco ASA 5505 User Manual

Page 398

Advertising
background image

16-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 16 Adding an EtherType Access List

What to Do Next

Example

The following sample access list allows common EtherTypes originating on the inside interface:

hostname(config)# access-list ETHER ethertype permit ipx

hostname(config)# access-list ETHER ethertype permit mpls-unicast

hostname(config)# access-group ETHER in interface inside

Adding Remarks to Access Lists

You can include remarks about entries in any access list, including extended, EtherType, IPv6, standard,
and Webtype access lists. The remarks make an access list easier to understand.

To add a remark after the last access-list command you entered, enter the following command:

Example

You can add remarks before each ACE, and the remarks appear in the access list in these locations.
Entering a dash (-) at the beginning of a remark helps to set it apart from the ACE.

hostname(config)# access-list OUT remark - this is the inside admin address

hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any

hostname(config)# access-list OUT remark - this is the hr admin address

hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any

What to Do Next

Apply the access list to an interface. (See the

“Configuring Access Rules” section on page 34-7

for more

information.)

Monitoring EtherType Access Lists

To monitor EtherType access lists, enter one of the following commands:

Command

Purpose

access-list

access_list_name remark text

Example:

hostname(config)# access-list OUT remark -

this is the inside admin address

Adds a remark after the last access-list command you entered.

The text can be up to 100 characters in length. You can enter leading spaces
at the beginning of the text. Trailing spaces are ignored.

If you enter the remark before any access-list command, then the remark
is the first line in the access list.

If you delete an access list using the no access-list access_list_name
command, then all remarks are also removed.

Command

Purpose

show access-list

Displays the access list entries by number.

show running-config access-list

Displays the current running access-list
configuration.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals