Configuring named, extended ACLs

For a match to occur with an ACE in an extended ACL, a packet must have the source and destination address criteria specified by the ACE, as well as any IPv4 protocol-specific criteria included in the command.

Use the following general steps to create or add to a named, extended ACL:

Procedure
  1. Create and/or enter the context of a named, extended ACL.
  2. Enter the first ACE in a new, extended ACL or append an ACE to the end of an existing, extended ACL.

The following command is a prerequisite to entering or editing ACEs in a named, extended ACL.

Syntax:


ip access–list extended <name-str>

Places the CLI in the "Named ACL" (nacl) context specified by the <name-str> alphanumeric identifier. This enables entry of individual ACEs in the specified ACL. If the ACL does not already exist, this command creates it.

<name-str>

Specifies an alphanumeric identifier for the ACL. Consists of an alphanumeric string of up to 64 case-sensitive characters. Including spaces in the string requires that you enclose the string in single or double quotes. For example: accounting ACL. You can also use this command to access an existing, numbered ACL. See Using the CLI to edit ACLs.