Adding Remarks To Access Lists; Access List Group Optimization; How Access List Group Optimization Works - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Adding Remarks to Access Lists
Adding Remarks to Access Lists
You can include remarks about entries in any access list, including extended, EtherType, and standard
access lists. The remarks make the access list easier to understand.
To add a remark to an access list, enter the following command:
hostname(config)# access-list access_list_name [line line_number] remark text
When you enter the access-list remark command for a given access list name, the remark is added to
the end of the access list unless you specify the line number.
If you delete an access list using the clear configure access-list access_list_name command, then all the
remarks are also removed.
The text can be up to 100 characters in length. You can enter leading spaces at the beginning of the text.
Trailing spaces are ignored.
For example, you can add remarks before each ACE, and the remark appears in the access list in this
location. Entering a dash (-) at the beginning of the remark helps set it apart from ACEs.
hostname(config)# access-list OUT remark - this is the inside admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any
hostname(config)# access-list OUT remark - this is the hr admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any
Access List Group Optimization
The access list optimization feature reduces the number of ACEs per group by merging and/or deleting
redundant and conflicting ACEs without affecting the semantics of the access list.
This section includes the following topics:
•
•
How Access List Group Optimization Works
During optimization, four different cases are examined to determine whether the two rules can be merged
(subset, superset, adjacency, and overlap):
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
13-18
How Access List Group Optimization Works, page 13-18
Configuring Access List Group Optimization, page 13-20
Subset—If rule x is a subset of rule y, rule x is merged down into rule y.
Before optimization:
access-list test extended permit tcp 10.1.1.1 255.255.255.255 any eq 80 [rule x]
access-list test extended permit tcp 10.1.1.0 255.255.255.0 any
After optimization:
access-list test extended permit tcp 10.1.1.0 255.255.255.0 any [rule y]
Superset—If rule x is a superset of rule y, rule y is merged up into rule x.
Before optimization:
access-list test extended permit udp 10.1.1.0 255.255.255.0 any [rule x]
access-list test extended permit udp 10.1.1.1 255.255.255.255 any [rule y]
Chapter 13
Identifying Traffic with Access Lists
[rule y]
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
