Adding remarks to access lists, What to do next, Monitoring access lists – Cisco ASA 5505 User Manual

Page 404: Configuration examples for standard access lists

Advertising
background image

17-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 17 Adding a Standard Access List

What to Do Next

Adding Remarks to Access Lists

You can include remarks about entries in any access list, including extended, EtherType, IPv6, standard,
and Webtype access lists. The remarks make the access list easier to understand.

To add a remark after the last access-list command you entered, enter the following command:

Example

You can add a remark before each ACE, and the remarks appear in the access lists in these location.
Entering a dash (-) at the beginning of a remark helps to set it apart from an ACE.

hostname(config)# access-list OUT remark - this is the inside admin address

hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any

hostname(config)# access-list OUT remark - this is the hr admin address

hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any

What to Do Next

Apply the access list to an interface. See the

“Configuring Access Rules” section on page 34-7

for more

information.

Monitoring Access Lists

To monitor access lists, perform one of the following tasks:

Configuration Examples for Standard Access Lists

The following example shows how to deny IP traffic through the ASA:

hostname(config)# access-list 77 standard deny

Command

Purpose

access-list

access_list_name remark text

Example:

hostname(config)# access-list OUT remark -

this is the inside admin address

Adds a remark after the last access-list command you entered.

The text can be up to 100 characters in length. You can enter leading spaces
at the beginning of the text. Trailing spaces are ignored.

If you enter the remark before any access-list command, then the remark
is the first line in the access list.

If you delete an access list using the no access-list access_list_name
command, then all the remarks are also removed.

Command

Purpose

show access-list

Displays the access list entries by number.

show running-config access-list

Displays the current running access-list
configuration.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals