Configuring named, extended ACLs
For a match to occur with an ACE in an extended ACL, a packet must have the source and destination address criteria specified by the ACE, as well as any IPv4 protocol-specific criteria included in the command.
Use the following general steps to create or add to a named, extended ACL:
- Create and/or enter the context of a named, extended ACL.
- Enter the first ACE in a new, extended ACL or append an ACE to the end of an existing, extended ACL.
The following command is a prerequisite to entering or editing ACEs in a named, extended ACL.
Syntax:
ip access–list extended <name-str>
Places the CLI in the "Named ACL" (nacl
) context specified by the
<name-str>
alphanumeric identifier. This enables entry of individual ACEs in the specified ACL. If the ACL does not already exist, this command creates it.
<name-str>
Specifies an alphanumeric identifier for the ACL. Consists of an alphanumeric string of up to 64 case-sensitive characters. Including spaces in the string requires that you enclose the string in single or double quotes. For example:
accounting ACL
. You can also use this command to access an existing, numbered ACL. See
Using the CLI to edit ACLs.