Operating notes for remarks

  • An "orphan" remark is a remark that does not have an ACE counterpart with the same sequence number. The resequence command renumbers an orphan remark as a sequential, stand-alone entry without a permit or deny ACE counterpart.
    ipv6 access-list "XYZ"
         10 remark "Permits HTTP"
         10 permit tcp 2001:db8::2:1/120 eq 80 ::/0
         12 remark "Denies HTTP from subnet 1."
         18 remark "Denies pop3 from 1:157."
         18 deny tcp 2001:db8::1:157/128 eq 110 ::/0 log
         50 permit ipv6 ::/0 ::/0
      exit
    Switch# ipv6 access-list resequence XYZ 100 10
    Switch# show access-list XYZ config
    ipv6 access-list "XYZ"
         100 remark "Permits HTTP"
         100 permit tcp 2001:db8::2:1/120 eq 80 ::/0
         110 remark "Denies HTTP from subnet 1."
         120 remark "Denies pop3 from 1:157."
         120 deny tcp 2001:db8::1:157/128 eq 110 ::/0 log
         130 permit ipv6 ::/0 ::/0
      exit
  • Entering either an unnumbered remark followed by a manually numbered ACE (using <1–2147483647> ), or the reverse (an unnumbered ACE followed by a manually numbered remark) can result in an "orphan" remark.

  • Configuring two remarks without including either sequence numbers or an intervening, unnumbered ACE results in the second remark overwriting the first.

Overwriting one remark with another

Switch(config–ipv6–acl)# permit ipv6 host fe80::a1:121 fe80::/104
Switch(config–ipv6–acl)# deny tcp any eq ftp 2001:db8:0:a1::/64
Switch(config–ipv6–acl)# remark Marketing
Switch(config–ipv6–acl)# remark Channel_Mktg
Port_1_5400(config–ipv6–acl)# show access-list Accounting config

ipv6 access-list "Accounting"
    10 permit ipv6 fe80::a1:121/128 fe80::/104
    20 deny tcp ::/0 eq 21 2001:db8:0:a1::/64
    30 remark "Channel_Mktg"
  exit
NOTE:

Where multiple remarks are sequentially entered for automatic inclusion at the end of an ACL, each successive remark replaces the previous one until an ACE is configured for automatic inclusion at the end of the list.