CCNA And CCENT ACL Tutorial: Using Remarks In Access Lists

We’re wrapping up this full CCNA Access List course with some remarks about remarks — to be more specific, the remark command.

It can be a bit frustrating when you notice a new ACL on a router, and you’re not quite sure who put it there or if it should still be there.   Same goes for examining a 57-line ACL that refers to some non-common port numbers.   Whether it’s for your own reference or someone else’s, it’s a great idea to use the remark feature to briefly explain the purpose of an ACL.

That’s where remarks come in.   You can add them as you write an ACL…

R1(config)#access-list 50 permit host

R1(config)#access-list 50 deny any

R1(config)#access-list 50 remark Used Nov 2 2018 to identify host.

… or add them via editing.   You’ll see a dollar sign in the second line here since the remark I put in was longer than the display width I had on this particular Cisco router.   You’ll see the full remark when we verify the remark.

R1(config)#ip access-list standard 51

R1(config-std-nacl)#$ on Nov 2 2018 to identify security testing host.

Remarks do not appear in the output of show ip access-list, show access-list, or show ip interface, but will appear in the running configuration (and the starting config once saved).

R1#show running-config

Building configuration... (editing config to show only ACLs 50 and 51)

access-list 50 permit

access-list 50 remark Used Nov 2 2018 to identify host.

access-list 51 deny

access-list 51 permit any

access-list 51 remark Used on Nov 2 2018 to identify security testing host.

The remark command is simple and powerful.  Be ready to use it on your exams and on your network.

This concludes this free CCNA / CCENT Access List course.   To access every lesson in the course, head over to my CCNA Tutorials Page.  You’ll find a full and free course on EIGRP there as well.  Dig in!

Comments, questions, and very mild criticisms always welcome!

Chris Bryant, CCIE #12933 on Twitter

Chris Bryant, CCIE #12933 on Facebook