Comment ASA ACE

Simple question,

Can you add a comment to an access-list ace from the command line, something like:-

access-list from_outside extended permit tcp any host 192.168.0.2 eq www comment added temporarily

I just sometimes need reminders as to why an item was added.
AW5000Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
yes they are called remarks

 Adding Remarks to Access Lists

You can include remarks about entries in any access list, including extended, EtherType, IPv6, standard, and Webtype access lists. The remarks make the access list easier to understand.

To add a remark after the last access-list command you entered, enter the following command:

Command
Purpose
access-list access_list_name remark text
Example:
hostname(config)# access-list OUT remark -
this is the inside admin address
Adds a remark after the last access-list command you entered.

The text can be up to 100 characters in length. You can enter leading spaces at the beginning of the text. Trailing spaces are ignored.

If you enter the remark before any access-list command, then the remark is the first line in the access list.

If you delete an access list using the no access-list access_list_name command, then all the remarks are also removed.


Example

You can add a remark before each ACE, and the remarks appear in the access lists in these location. Entering a dash (-) at the beginning of a remark helps to set it apart from an ACE.

hostname(config)# access-list OUT remark - this is the inside admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any
hostname(config)# access-list OUT remark - this is the hr admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any


http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/acl_standard.html#wp1080066
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
John MeggersNetwork ArchitectCommented:
I don't believe you can add that comment directly on the ACE.  You can link the ACE to a time-range in which you can specify an end date, if that helps.  You can also enter a remark for the ACE in which you could say that a particular line was entered on a date / time and should only be temporary.
0
Istvan KalmarHead of IT Security Division Commented:
Hi,

If you want to mark ACLs I advise to use ASDM, where you able to easily deploy this!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.