Courseiva
ACLACL Config

remark [comment text]

Adds a descriptive comment to an access control entry (ACE) in an ACL to document its purpose, without affecting traffic filtering.

Syntax·ACL Config
remark [comment text]

When to Use This Command

  • Documenting why a specific permit or deny statement exists in a long ACL for easier troubleshooting
  • Adding version or author information to an ACL for change management
  • Labeling temporary test rules so they can be easily identified and removed later
  • Providing context for complex ACLs shared among multiple network engineers

Command Examples

Adding a remark to a standard ACL entry

R1(config-ext-nacl)# remark Allow HTTP traffic from internal subnet to web server

No output is generated; the remark is stored in the running configuration. Use 'show access-lists' to view remarks.

Viewing remarks in an ACL

show access-lists 101
Extended IP access list 101
    10 remark Allow HTTP traffic from internal subnet to web server
    20 permit tcp 192.168.1.0 0.0.0.255 host 10.0.0.1 eq www
    30 remark Block all other traffic (implicit deny)
    40 deny ip any any

Line 10: remark describing the permit statement. Line 20: the actual permit ACE. Line 30: remark for the implicit deny. Line 40: explicit deny (optional). Remarks appear as separate lines with sequence numbers.

Understanding the Output

The 'show access-lists' command displays ACL entries in order. Remarks appear as lines starting with 'remark' followed by the comment text. They are numbered with sequence numbers (e.g., 10, 30) and do not affect packet matching. Remarks help document the purpose of adjacent ACEs. In a real network, use remarks to explain why certain traffic is permitted or denied, making ACLs easier to audit and troubleshoot. There are no 'good' or 'bad' values—remarks are purely informational.

CCNA Exam Tips

1.

CCNA exam may test that remarks are placed before the ACE they describe, not after.

2.

Remember that remarks do not affect ACL logic; they are only for documentation.

3.

Know that remarks are stored in the running configuration and can be viewed with 'show running-config | section access-list' or 'show access-lists'.

4.

The exam might ask which command adds a comment to an ACL without affecting traffic filtering.

Common Mistakes

Placing the remark after the ACE it describes, which can confuse readers.

Forgetting that remarks are not part of the ACL matching logic and cannot be used to filter traffic.

Using special characters or spaces in the remark text without quotes (though IOS accepts most characters).

Assuming remarks are automatically numbered; they use the next available sequence number.

Related Commands

show access-lists

Displays all configured access control lists (ACLs) on the device, including their entries and match counters, used to verify ACL configuration and traffic filtering.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions