Creating Named Standard And Extended Acls - Cisco Catalyst 2950 Software Configuration Manual

Chapter 28 Configuring Network Security with ACLs

Creating Named Standard and Extended ACLs

You can identify IP ACLs with an alphanumeric string (a name) rather than a number. You can use named
ACLs to configure more IP access lists on a switch than if you use numbered access lists. If you identify
your access list with a name rather than a number, the mode and command syntax are slightly different.
However, not all commands that use IP access lists accept a named ACL.
Note The name you give to a standard ACL or extended ACL can also be a number in the supported range of
access list numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP
ACL can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can
delete individual entries from a named list.
Consider these guidelines and limitations before configuring named ACLs:
•
•
Beginning in privileged EXEC mode, follow these steps to create a standard named access list using
names:
Command
Step 1 configure terminal
Step 2
ip access-list standard {name |
access-list-number}
Step 3 deny {source source-wildcard | host source |
any}
or
permit {source source-wildcard | host source |
any}
Step 4
end
Step 5 show access-lists [number | name]
Step 6 copy running-config startup-config
Beginning in privileged EXEC mode, follow these steps to create an extended named ACL using names:
Command
Step 1
configure terminal
Step 2
ip access-list extended {name |
access-list-number}
78-11380-12
A standard ACL and an extended ACL cannot have the same name.
Numbered ACLs are also available, as described in the
section on page 28-7.
"Creating Standard and Extended IP ACLs"
Purpose
Enter global configuration mode.
Define a standard IP access list by using a name, and enter
access-list configuration mode.
Note The name can be a number from 1 to 99.
In access-list configuration mode, specify one or more conditions
denied or permitted to determine if the packet is forwarded or
dropped.
• host source represents a source and source-wildcard of source
0.0.0.0.
• any represents a source and source-wildcard of 0.0.0.0
255.255.255.255.
Note The log option is not supported on the switches.
Return to privileged EXEC mode.
Show the access list configuration.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
Define an extended IP access list by using a name, and enter
access-list configuration mode.
The name can be a number from 100 to 199.
Note
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
Configuring ACLs
28-13