1 00:00:08,625 --> 00:00:10,976 - So when it comes to access lists 2 00:00:10,976 --> 00:00:12,624 we know that at a high level 3 00:00:12,624 --> 00:00:15,227 you have a choice of standard or extended. 4 00:00:15,227 --> 00:00:18,006 And we've talked pretty extensively about both types. 5 00:00:18,006 --> 00:00:19,923 Now up until now in order to demonstrate 6 00:00:19,923 --> 00:00:21,947 standard and extended access lists, 7 00:00:21,947 --> 00:00:24,695 I've showed you their implementation with 8 00:00:24,695 --> 00:00:28,026 numbered access lists where you say access-list, 9 00:00:28,026 --> 00:00:29,318 you provide a number, 10 00:00:29,318 --> 00:00:31,619 and then Cisco IOS identifies that number 11 00:00:31,619 --> 00:00:33,927 as either belonging to the range of standard 12 00:00:33,927 --> 00:00:36,085 or the range of extended. 13 00:00:36,085 --> 00:00:37,437 Now I've mentioned a couple of times 14 00:00:37,437 --> 00:00:38,926 that an alternative approach 15 00:00:38,926 --> 00:00:41,859 is to use standard or extended access lists 16 00:00:41,859 --> 00:00:44,620 in conjunction with named access lists. 17 00:00:44,620 --> 00:00:46,298 Where instead of specifying a number, 18 00:00:46,298 --> 00:00:48,457 you specify a descriptive name, 19 00:00:48,457 --> 00:00:50,679 so that when you're running through your configuration, 20 00:00:50,679 --> 00:00:53,243 why you've created that access list in the first place 21 00:00:53,243 --> 00:00:55,604 is a little bit more meaningful to you. 22 00:00:55,604 --> 00:00:59,063 And that's what we're gonna look at real quickly here. 23 00:00:59,063 --> 00:01:02,916 So one of the benefits of configuring named access lists 24 00:01:02,916 --> 00:01:06,134 is it allows you to more easily edit them. 25 00:01:06,134 --> 00:01:07,882 So I've showed you in the previous video that 26 00:01:07,882 --> 00:01:11,169 if you had a numbered access list with several ACE, 27 00:01:11,169 --> 00:01:13,465 Access Control Entries, 28 00:01:13,465 --> 00:01:15,989 if you tried to delete one of those ACE's 29 00:01:15,989 --> 00:01:20,028 the entire numbered access list was deleted. 30 00:01:20,028 --> 00:01:21,787 Now with a named access list, 31 00:01:21,787 --> 00:01:26,165 it's much easier to delete individual lines of an ACE 32 00:01:26,165 --> 00:01:27,527 because they're actually sequenced; 33 00:01:27,527 --> 00:01:28,789 they're provided with sequenced numbers 34 00:01:28,789 --> 00:01:31,316 and you could just select a particular sequence number 35 00:01:31,316 --> 00:01:34,984 and delete just that sequence number. 36 00:01:34,984 --> 00:01:36,915 So here is how you configure them. 37 00:01:36,915 --> 00:01:39,314 I'm not gonna do a lab on this, 38 00:01:39,314 --> 00:01:43,235 but the idea is still pretty much the same. 39 00:01:43,235 --> 00:01:46,736 So at the global configuration level, 40 00:01:46,736 --> 00:01:48,498 notice what we're doing here, 41 00:01:48,498 --> 00:01:52,077 we type instead of access-list and then a number, 42 00:01:52,077 --> 00:01:55,390 we preface it with the word ip. 43 00:01:55,390 --> 00:01:58,008 So when your access list starts with the word ip, 44 00:01:58,008 --> 00:02:00,640 now Cisco IOS knows that you're gonna be configuring 45 00:02:00,640 --> 00:02:02,679 a named access list. 46 00:02:02,679 --> 00:02:04,179 So ip access-list, 47 00:02:05,941 --> 00:02:09,424 and then after that, you're gonna specify 48 00:02:09,424 --> 00:02:11,757 either extended or standard. 49 00:02:12,626 --> 00:02:14,068 So see it starts out the same way: 50 00:02:14,068 --> 00:02:17,470 ip access-list, you can use the word extended... 51 00:02:17,470 --> 00:02:19,591 Oops, what happened there? 52 00:02:19,591 --> 00:02:22,424 Or you can use the word, standard. 53 00:02:24,425 --> 00:02:27,105 So what you provide right here 54 00:02:27,105 --> 00:02:31,176 will dictate what your options are in the access list. 55 00:02:31,176 --> 00:02:34,382 And then, right here is where you type your name. 56 00:02:34,382 --> 00:02:36,303 Whatever you want your descriptive name to be. 57 00:02:36,303 --> 00:02:39,825 ip access-list standard payroll or 58 00:02:39,825 --> 00:02:43,863 ip access-list extended deny engineering. 59 00:02:43,863 --> 00:02:48,030 And then you're placed into your named access list mode, 60 00:02:49,095 --> 00:02:51,818 and here, for example, with the standard access list, 61 00:02:51,818 --> 00:02:53,799 you say permit or deny, 62 00:02:53,799 --> 00:02:56,836 and then you type in your source address, 63 00:02:56,836 --> 00:02:58,101 and your wildcard. 64 00:02:58,101 --> 00:02:59,327 It's now showing you the wildcard here 65 00:02:59,327 --> 00:03:03,131 but the wildcard mask would still be a part of this. 66 00:03:03,131 --> 00:03:06,350 And the way that you would apply it 67 00:03:06,350 --> 00:03:09,818 is still with the ip access-group command, 68 00:03:09,818 --> 00:03:11,050 but instead of putting a number like 69 00:03:11,050 --> 00:03:13,442 ip access-group one in, 70 00:03:13,442 --> 00:03:15,114 or 101 out, 71 00:03:15,114 --> 00:03:17,697 you reference the name instead. 72 00:03:19,223 --> 00:03:21,173 And here's an example of 73 00:03:21,173 --> 00:03:23,585 how you do it with an extended access list. 74 00:03:23,585 --> 00:03:24,964 Same thing. 75 00:03:24,964 --> 00:03:27,028 Start out with the word ip, 76 00:03:27,028 --> 00:03:29,035 which tells IOS okay, I'm now gonna be giving 77 00:03:29,035 --> 00:03:32,543 an extended... I'm gonna be giving a named accessed list, 78 00:03:32,543 --> 00:03:34,674 and then you say access-list and 79 00:03:34,674 --> 00:03:37,812 whatever type you want, standard or extended, 80 00:03:37,812 --> 00:03:39,157 and because we've gone extended, 81 00:03:39,157 --> 00:03:42,018 we are now in extended access list mode, 82 00:03:42,018 --> 00:03:44,571 where you have all the same options available to you 83 00:03:44,571 --> 00:03:48,738 as you would with a numbered extended access list.