Before continuing, refer Introduction to Access Control Lists (ACLs) lesson , if you are not familiar with Access Contol Lists.

Refer Standard Access Control Lists lesson if you are not familiar with Standard Access Control List (ACLs) configuration IOS commands.

Refer Extended Access Control Lists (ACLs) lesson if you are not familiar with Extended Access Control List configuration IOS commands.

Refer Named Access Control Lists (ACLs) if you are not familiar with Named Access Control Lists configuration IOS commands.

Refer Extended Named Access Control Lists (ACLs) lesson if you are not familiar with Extended Named Access Control List configuration IOS commands.

 

How to view an existing Named Access Control Lists (ACL) by using "show ip access-lists" IOS command

You can view an existing Access Control List (ACL) using the show ip access-lists IOS command as shown below.

Router01>enable
Router01#show ip access-lists BLOCK_WS03
Extended IP access list BLOCK_WS03
10 deny tcp host 172.16.0.12 host 172.20.0.5 eq www
20 permit ip any any
Router01#

How to add a new Access Control List entry in an existing Named Extended Access Control List (ACL)

Now you can add a new entry to deny the Workstation03 (IP Address - 172.16.0.12/16) in above Named Extended Access Control List (ACL name BLOCK_WS03), from accessing the File Server (IP Address - 172.20.0.6/16) using FTP as shown below.

Router01>enable
Router01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router01(config)#ip access-list extended BLOCK_WS03
Router01(config-ext-nacl)#deny tcp host 172.16.0.12 host 172.20.0.6 eq ftp
Router01(config-ext-nacl)#exit
Router01(config)#exit
Router01#

To view the altered Named Access Control List (ACL name BLOCK_WS03) by running the below command.

Router01>enable
Router01#show access-lists
Extended IP access list BLOCK_WS03
10 deny tcp host 172.16.0.12 host 172.20.0.5 eq www
20 permit ip any any
30 deny tcp host 172.16.0.12 host 172.20.0.6 eq ftp
Router01#

How to delete an existing entry from a Named Extended Access Control List (ACL)

You can remove an individual entry from an existing ACL by just using the keyword "no" and the sequence number of the line you wish to delete:

Router01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router01(config)#ip access-list extended BLOCK_WS03
Router01(config-ext-nacl)#no 20
Router01(config-ext-nacl)#exit
Router01#

How to re-adjust the Named Access Control List (ACL) sequence numbers

You can automatically re-adjust the changed Named Access Control sequence numbers using the "resequence" keyword as shown below.

Router01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router01(config)#ip access-list resequence BLOCK_WS03 10 10
Router01(config)#exit
Router01#

 

Related Topics...

• Introduction to Access Control Lists (ACL)

• Standard Access Control Lists (ACLs)

• Where should a Standard Access Control List (ACL) be placed

• Access Control List (ACL) - Wildcard Masks

• How to create and configure Standard Access Control Lists (ACLs)

• Extended Access Control Lists (ACLs)

• Where should an Extended Access Control List (ACL) be placed

• Extended Access Control List (ACL) - Operators

• Extended Access Control List (ACL) - TCP and UDP port numbers and names

• Extended Access Control List (ACL)- established Keyword

• How to create and configure Extended Access Control Lists (ACLs)

• How to create and configure Access Control Lists (ACLs) for vty lines (telnet and ssh)

• Named Access Control Lists (ACLs)

• How to create and configure Standard Named Access Control Lists (ACLs)

• How to create and configure Extended Named Access Control List (ACL)