1

00:00:00,482  -->  00:00:05,329
In the previous video, we already learn
about sequence number in access list.

2

00:00:05,898  -->  00:00:11,050
Next, in this video, we are going to
learn about named access list.

3

00:00:12,000  -->  00:00:18,407
With named access list, we can configure
access list with a name, not only with id.

4

00:00:19,283  -->  00:00:25,103
If you remember, in the previous video,
we configure access list with id 1,

5

00:00:26,606  -->  00:00:36,407
remember that id 1 until 99 is standard access
list and 100 until 199 is extended access list.

6

00:00:37,319  -->  00:00:43,158
Beside using number like this, we can
also configure access list with a name.

7

00:00:43,627  -->  00:00:48,555
absolutely we still able to configure
standard or extended access list

8

00:00:48,555  -->  00:00:56,028
with named access list. In this case, we are going
to learn about named standard access list first.

9

00:00:56,803  -->  00:01:04,179
Okay let’s just start learning about named access
list with an example case. Let’s say we want to

10

00:01:04,179  -->  00:01:12,550
block everything and only permit from vlan 30,
so vlan 10 and 20 to server should be blocked.

11

00:01:13,535  -->  00:01:19,939
Let’s unassign access list 1 first,
let’s see the configuration, do show run,

12

00:01:22,550  -->  00:01:29,277
here in fa0/0, we assign the access
list. Let’s remove this configuration,

13

00:01:31,554  -->  00:01:34,471
no ip access-group 1 out.

14

00:01:35,283  -->  00:01:37,345
Let’s see the configuration again,

15

00:01:39,174  -->  00:01:44,913
okay here there is no access-group
configuration anymore in fa0/0.

16

00:01:45,590  -->  00:01:51,643
But the access list configuration is still
exist. This configuration will not used,

17

00:01:52,051  -->  00:02:00,167
because the access list is not assign to any
interface, let’s try ping from vlan 20 to server,

18

00:02:02,483  -->  00:02:08,082
okay here the ping is success. So
access list 1 is not used anymore.

19

00:02:09,000  -->  00:02:16,518
Let’s also ping from pc0 to the server,
success, from vlan 30 to the server,

20

00:02:16,730  -->  00:02:22,851
also success. Okay so now all pc is
able to ping to the server again.

21

00:02:23,518  -->  00:02:29,183
Now let’s create named access
list to only permit from vlan 30.

22

00:02:30,766  -->  00:02:37,347
If we configure access list with number, we
can just type access-list and then the number,

23

00:02:38,054  -->  00:02:46,167
but if want to configure named access list,
the command is ip and then access list,

24

00:02:46,914  -->  00:02:53,725
Then here we need to define which access list
we want to configure, standard or extended.

25

00:02:54,458  -->  00:02:58,678
In this case, we are going to
configure standard access list.

26

00:02:59,455  -->  00:03:07,443
And then here we need to define the name of access
list. Or actually here we also still can use

27

00:03:07,443  -->  00:03:16,555
a number. Let’s say the name is permit
vlan 30. And then question mark here,

28

00:03:16,790  -->  00:03:22,506
if we configure named access list like
this, we can define a sequence number.

29

00:03:23,079  -->  00:03:26,567
But for now I will not define the sequence number,

30

00:03:26,870  -->  00:03:30,770
so the sequence number will
be created automatically.

31

00:03:31,763  -->  00:03:39,658
The case is to only permit from vlan 30,
so let’s create a rule to permit vlan 30,

32

00:03:40,114  -->  00:03:52,094
so here permit and then the network of
vlan 30, which is 192.168.30.0 0.0.0.255.

33

00:03:52,827  -->  00:04:00,150
Let’s see the access list, do show access-list.
Here we can see that we have access list 1,

34

00:04:00,427  -->  00:04:07,318
but this is not used anymore, and then
here we have access list permit vlan 30,

35

00:04:07,990  -->  00:04:12,303
and here we have a rule to permit from vlan 30.

36

00:04:13,203  -->  00:04:21,794
remember that the case is to only permit from
vlan 30, so vlan 10 and vlan 20 should be blocked.

37

00:04:22,550  -->  00:04:30,000
If you remember, I already said that in access
list, there is a default rule to deny any.

38

00:04:30,507  -->  00:04:37,571
So for now from vlan 10 and vlan
20 is already blocked, because here

39

00:04:37,571  -->  00:04:44,807
we only create a rule to permit vlan 30. So
now the access list configuration is done.

40

00:04:45,670  -->  00:04:49,306
Next let’s assign this
access list to the interface,

41

00:04:49,874  -->  00:04:54,942
let’s say we will assign the access list to fa0/0,

42

00:04:57,000  -->  00:05:04,894
So interface fa0/0, ip access-group
and then the name of the access list,

43

00:05:05,418  -->  00:05:07,663
let’s just copy and paste,

44

00:05:08,310  -->  00:05:13,515
And the direction is out.. okay
we have done configuring access

45

00:05:13,515  -->  00:05:18,470
list and assign the access list
to the interface. Let’s test it,

46

00:05:18,919  -->  00:05:30,000
vlan 30 to server, success, vlan 20 to the
server, failed, vlan 10 to the server also failed.

47

00:05:30,327  -->  00:05:33,990
Okay so now we have done
configuring named access list.

48

00:05:34,483  -->  00:05:36,667
I think enough for this video

49

00:05:36,945  -->  00:05:40,214
Thank you for watching and see you on the next video.