< Free Open Study > |
Named Access ListsWith the introduction of Cisco IOS Release 11.2, Cisco introduced a way to label access lists with unique names. Named access lists allow the use of descriptive names for an access list versus the less descriptive use of numbers. This can be beneficial to network administrators using large numbers of access lists. To configure a named access list, first define the access list as standard or extended, with the following command: ip access-list { standard extended} access_list_name After this line is entered, the router prompts you for the next entries under the access list. The syntax offered for standard access lists at the access list prompt is shown here: { permit deny } a.b.c.d [ wildcard_mask ] The syntax offered for an extended access list is as follows : { permit deny } protocol_type source_address source_address_wildcard destination_address destination_address_wildcard [ protocol specific options ] { log } All the same rules and syntax apply to both cases, except for the access list number preceding each line, as in a normal access list. Figure 14-5 illustrates a simple named access list applied to an Ethernet interface. Figure 14-5. Named Access List Example
In the example in Figure 14-5, a named access list called allow_net_172 was applied to the Ethernet 0/0 port. The command for attaching an access list to an interface is the access- group command, which uses the name of the access list instead of numbers. |
< Free Open Study > |