19-14
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter19 Configuring Network Security with ACLs
Configuring Router ACLs
Creating Named Standard and Extended ACLs
You can identify IP ACLs with an alphanumeric string (a name) rather than a numbe r. You can use named
ACLs to configure more IP access lists in a router than if you were to u se numbered access lists. If you
identify your access list with a name rather than a number, the mode and command syntax are slightly
different. However, not all commands that use IP access lists accept a named access list.
Note The name you give to a standard or extended ACL can also be a number in the supported range of
access list numbers. That is, the name of a standard IP AC L can be 1 to 99; the name of an extended
IP ACL can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you
can delete individual entries from a named list.
Consider these guidelines and limitations before configuring named ACLs:
Not all commands that accept a numbered ACL accept a named ACL. ACLs for packet filters and
route filters on interfaces can use a name. VLAN maps also accept a name.
A standard ACL and an extended ACL cannot have the same nam e.
Numbered ACLs are also available, as described in the Creating Standard and Extended IP ACLs
section on page 19-6.
You can apply standard and extended ACLs (named or numbered) to VLAN maps.
Beginning in privileged EXEC mode, follow these steps to create a standard ACL using names:
To remove a named standard ACL, use the no ip access-list standard name global configuration
command.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 ip access-list standard name Define a standard IP access list using a name, and enter acces s-li st
configuration mode.
Note The name can be a number from 1 to 99.
Step3 deny {source [source-wildcard] | host source |
any} [log]
or
permit {source [source-wildcard] | host sour ce
| any} [log]
In access-list configuration mode, specify one or more conditions
denied or permitted to determine if the packet is forwarded or
dropped.
host sourceA source and source wildcard of source 0.0.0.0.
anyA source and source wildcard of 0.0.0.0
255.255.255.255.
Step4 end Return to privileged EXEC mode.
Step5 show access-lists [number | name] Show the access list configuration.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.