Creating and configuring a named, extended ACL
For a match to occur with an ACE in an extended ACL, a packet must have the source and destination address criteria specified by the ACE, as well as any IPv4 protocol-specific criteria included in the command.
Use the following general steps to create or add to a named, extended ACL:
- Create or enter the context of a named, extended ACL.
- Enter the first ACE in a new, extended ACL or append an ACE to the end of an existing, extended ACL.
The following command is a prerequisite to entering or editing ACEs in a named, extended ACL.
Syntax
ip access–list extended <name-str>
Places the CLI in the "Named ACL" (nacl)
context specified by the <name-str> alphanumeric
identifier. This enables entry of individual ACEs in the specified
ACL. If the ACL does not already exist, this command creates it.
<name-str>
Specifies an alphanumeric identifier for the
ACL. Consists of an alphanumeric string of up to 64 case-sensitive
characters. Including spaces in the string requires that you enclose
the string in single or double quotes. For example:accounting
ACL. You can also use this command to access an existing,
numbered ACL. SeeUsing the CLI to edit ACLs.