Switch and Router Technology - 32 - Named ACL

Named ACL:

No table number, use name as table number, directly use standard to identify standard ACL, and extended to identify extension

Delete ACL

1. Before deleting the access control list, you need to cancel it from the application interface

2. Whether it is a standard ACL or an extended ACL, no matter which ACL is deleted, all deletions are deleted, and cannot be deleted individually

And adding ACL is automatically back row, cannot be inserted in the middle

Named ACL benefits:

You can delete a single ACL in a table or insert an ACL at any position

Specific configuration

Router(config)#ip access-list ?extended Extended Access Liststandard Standard Access ListRouter(config)#ip access-list extended wn //The extended ACL is named wnRouter(config-ext-nacl)#deny ?ahp Authentication Header Protocoleigrp Cisco's EIGRP routing protocolesp Encapsulation Security Payloadgre Cisco's GRE tunnelingicmp Internet Control Message Protocolip Any Internet Protocolospf OSPF routing protocoltcp Transmission Control Protocoludp User Datagram ProtocolRouter(config-ext-nacl)#deny icmp ?A.B.C.D Source addressany Any source hosthost A single source hostRouter(config-ext-nacl)#deny icmp host 192.168.10.2 ?A.B.C.D Destination addressany Any destination hosthost A single destination hostRouter(config-ext-nacl)#deny icmp host 192.168.10.2 host 192.168.30.2Router(config-ext-nacl)#deny icmp host 192.168.20.2 host 192.168.30.2Router(config-ext-nacl)#deny udp host 192.168.20.2 host 192.168.30.2 eq 53Router(config-ext-nacl)#deny tcp host 192.168.10.2 host 192.168.30.2 eq 80Router(config-ext-nacl)#permit ip any anyRouter(config-ext-nacl)#exitRouter(config)#int g0/1Router(config-if)#Router(config-if)#ip access-group wn inRouter(config-if)#exitRouter(config)#Router(config)#int g0/1 //Apply to interfaceRouter(config-if)#ip access-group wn outRouter(config-if)#

Remove ACL

Step 1: Check the ACL number

Show access-lists

Assume deletion of acl number 20

Enter extended ACL;then no directly

Router(config)#ip access-list extended wn

Router(config-ext-nacl)#no 20

Specify ACL number

Router(config-ext-nacl)#?<1-2147483647> Sequence NumberRouter(config-ext-nacl)#12 deny icmp 192.168.20.2 0.0.0.0 192.168.30.2 0.0.0.0

deny icmp 192.168.20.2 0.0.0.0 192.168.30.2 0.0.0.0 is equivalent to deny icmp 192.168.20.2 92.168.30.2

The 0.0.0.0 here is the inverse mask of 255.255.255.255, because acl needs an inverse mask to identify the subnet we use for an IPThe mask is four 255