Chapter 31
Configuring Network Security with ACLs
After creating a numbered extended ACL, you can apply it to terminal lines (see the
ACL to a Terminal Line" section on page
Interface" section on page
page
Resequencing ACEs in an ACL
In Cisco IOS Release 12.2(18)SE and later, sequence numbers for the entries in an access list are
automatically generated when you create a new ACL.You can use the ip access-list resequence global
configuration command to edit the sequence numbers in an ACL and change the order in which ACEs
are applied. For example, if you add a new ACE to an ACL, it is placed at the bottom of the list. By
changing the sequence number, you can move the ACE to a different position in the ACL.
For more information about the ip access-list resequence command, refer to this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsaclseq.
htm
Creating Named Standard and Extended ACLs
You can identify IP ACLs with an alphanumeric string (a name) rather than a number. You can use named
ACLs to configure more IP access lists in a router than if you were to use numbered access lists. If you
identify your access list with a name rather than a number, the mode and command syntax are slightly
different. However, not all commands that use IP access lists accept a named access list.
Note
The name you give to a standard or extended ACL can also be a number in the supported range of access
list numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP ACL
can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete
individual entries from a named list.
Consider these guidelines and limitations before configuring named ACLs:
•
•
•
•
Beginning in privileged EXEC mode, follow these steps to create a standard ACL using names:
Command
Step 1
configure terminal
Step 2
ip access-list standard name
78-16180-02
31-20), or to VLANs (see the
31-30).
Not all commands that accept a numbered ACL accept a named ACL. ACLs for packet filters and
route filters on interfaces can use a name. VLAN maps also accept a name.
A standard ACL and an extended ACL cannot have the same name.
Numbered ACLs are also available, as described in the
section on page
31-7.
You can use standard and extended ACLs (named or numbered) in VLAN maps.
31-19), to interfaces (see the
"Configuring VLAN Maps" section on
"Creating Standard and Extended IP ACLs"
Purpose
Enter global configuration mode.
Define a standard IP access list using a name, and enter access-list
configuration mode.
Note
The name can be a number from 1 to 99.
Catalyst 3750 Switch Software Configuration Guide
Configuring IP ACLs
"Applying an IP
"Applying an IP ACL to an
31-15