Operating notes for remarks
-
An "orphan" remark is a remark that does not have an ACE counterpart with the same sequence number. The
resequence
command renumbers an orphan remark as a sequential, stand-alone entry without a permit or deny ACE counterpart.ipv6 access-list "XYZ" 10 remark "Permits HTTP" 10 permit tcp 2001:db8::2:1/120 eq 80 ::/0 12 remark "Denies HTTP from subnet 1." 18 remark "Denies pop3 from 1:157." 18 deny tcp 2001:db8::1:157/128 eq 110 ::/0 log 50 permit ipv6 ::/0 ::/0 exit Switch# ipv6 access-list resequence XYZ 100 10 Switch# show access-list XYZ config ipv6 access-list "XYZ" 100 remark "Permits HTTP" 100 permit tcp 2001:db8::2:1/120 eq 80 ::/0 110 remark "Denies HTTP from subnet 1." 120 remark "Denies pop3 from 1:157." 120 deny tcp 2001:db8::1:157/128 eq 110 ::/0 log 130 permit ipv6 ::/0 ::/0 exit
-
Entering either an unnumbered remark followed by a manually numbered ACE (using
<1–2147483647>
), or the reverse (an unnumbered ACE followed by a manually numbered remark) can result in an "orphan" remark. -
Configuring two remarks without including either sequence numbers or an intervening, unnumbered ACE results in the second remark overwriting the first.
Overwriting one remark with another
Switch(config–ipv6–acl)# permit ipv6 host fe80::a1:121 fe80::/104 Switch(config–ipv6–acl)# deny tcp any eq ftp 2001:db8:0:a1::/64 Switch(config–ipv6–acl)# remark Marketing Switch(config–ipv6–acl)# remark Channel_Mktg Port_1_5400(config–ipv6–acl)# show access-list Accounting config ipv6 access-list "Accounting" 10 permit ipv6 fe80::a1:121/128 fe80::/104 20 deny tcp ::/0 eq 21 2001:db8:0:a1::/64 30 remark "Channel_Mktg" exit
NOTE:
Where multiple remarks are sequentially entered for automatic inclusion at the end of an ACL, each successive remark replaces the previous one until an ACE is configured for automatic inclusion at the end of the list.