Named Access Lists

Named Access Lists
Named access lists allow you to use names to both create and apply either standard or extended
access lists. There is nothing new or different about these access lists aside from being able to
refer to them in a way that makes sense to humans. But the syntax has some subtle changes
so let’s take a look at the commands in Table 7.6:
TABLE 7 . 6 Named Access List Commands
Command Meaning
ip access-list Configures a named access list
ip access-group Places an access list on a device’s physical interface

Here in Table 7.7 are the options you can use:
Let’s take a look at an example using all the commands and options:
Lab_A#config t
Enter configuration commands, one per line. End with CNTL/Z.
Lab_A(config)#ip access-list ?
extended Extended Acc
logging Control access list logging
standard Standard Access List
Notice that I started by typing ip access-list, not access-list. This allows me to enter
a named access list. Next, I’ll need to specify that it’s to be a standard access list:
Lab_A(config)#ip access-list standard ?
<1-99> Standard IP access-list number
WORD Access-list name
Lab_A(config)#ip access-list standard BlockSales
Lab_A(config-std-nacl)#
I specified a standard access list and then added a name: BlockSales. Notice that I could
have used a number for a standard access list, but instead, I chose to use a descriptive name.
Also, notice that after entering the name, I hit Enter, and the router prompt changed. I’m now
in named access list configuration mode and am entering the named access list:
TABLE 7 . 7 Named Access List Options
Option Meaning
standard or extended In a named access list, the type must be specified because there
is no number used for identification.
permit or deny Specifies the effect of the access-list statement as allowing or
blocking the traffic specified.
hostname or IP address Specifies the hostname or device’s IP address that will be acted
upon in the access list statement.
host Specifies a single specific host for the statement.
any Specifies that regardless of the host or device IP, it will match
the statement.
Lab_A(config-std-nacl)#?
Standard Access List configuration commands:
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
Lab_A(config-std-nacl)#deny 172.16.40.0 0.0.0.255
Lab_A(config-std-nacl)#permit any
Lab_A(config-std-nacl)#exit
Lab_A(config)#^Z
Lab_A#
I enter the access list and then exit out of configuration mode. Next, I’ll take a look at the
running configuration to verify that the access list is indeed in the router:
Lab_A#show running-config
!
ip access-list standard BlockSales
deny 172.16.40.0 0.0.0.255
permit any
!
The BlockSales access list has truly been created and is in the running-config file of the
router. Next, I’ll need to apply the access list to an interface:
Lab_A#config t
Enter configuration commands, one per line. End with CNTL/Z.
Lab_A(config)#int e1
Lab_A(config-if)#ip access-group BlockSales out
Lab_A(config-if)#^Z
Lab_A#