In ACL policy files, there are two types of textual additions that have no effect on the ACL actions: comments and descriptions. A comment is ignored by the policy manager and resides only in the policy file. Comments are not saved in the switch configuration and are not displayed by the show policy command. A description is saved in the policy manager and is displayed when the ACL is displayed.
For example, the following policy, saved in the file denyping.pol, contains both a comment and a description:
# this line is a comment @description "This line is a description for the denyping.pol" entry ping_deny_echo-request { if { protocol icmp; icmp-type echo-request; } then { deny; count pingcount_deny; } }
Note that the description begins with the tag @description and is a text string enclosed in quotes.
configure access-list denyping port 1
show policy denyping
The output of this command is similar to the following:
Policies at Policy Server: Policy: denyping @description This line is a description for the denyping.pol entry ping_deny_echo-request { if match all { protocol icmp ; icmp-type echo-request ; } Then { deny ; count pingcount_deny ; } } Number of clients bound to policy: 1 Client: acl bound once