10.4 Configuring Extended Access Lists
10.4.5 Configuring named access lists
<Caution>Named access lists are not recognized by any software release prior to Cisco IOS Release 11.2.

You can identify IP access lists with an alphanumeric string (a name) rather than with a number (1 to 199). This feature allows you to configure more than 99 standard IP and 100 extended IP access lists in a router.

The key advantages of using named access lists are 1) the name can be meaningful for documentation and maintenance and 2) you can selectively delete specific lines within a named access list, making it more flexible. If you identify your access list with a name rather than a number, the mode and command syntax are slightly different. Currently, only packet and route filters can use a named list.

Consider the following before configuring named access lists:

  • Access lists specified by name are not compatible with older IOS releases.
  • Not all access lists that accept a number will accept a name. Access lists for packet filters and route filters on interfaces can use a name.
  • A standard access list and an extended access list cannot have the same name.

To create a standard access list, use the table in Figure beginning in global configuration mode.

To create an extended access list, use the table in Figure beginning in global configuration mode.

Example of Named Access List

The following configuration creates a standard access list named Internet_filter and an extended access list named marketing_group:

interface Ethernet0/5
ip address 2.0.5.1 255.255.255.0
ip access-group Internet_filter out
ip access-group marketing_group in
...
ip access-list standard Internet_filter
permit 1.2.3.4
deny any
ip access-list extended marketing_group
permit tcp any 171.69.0.0 0.0.255.255 eq telnet
deny tcp any any
permit icmp any any
deny udp any 171.69.0.0 0.0.255.255 lt 1024
deny ip any any log