How to Configure Named Access Control List

Introduction

The named access control list is the enhanced version of the number ACL. Instead of using the number in ACL, named ACL uses a descriptive name for its identification. A named ACL permits or denies traffic based on descriptive names. We can configure both the ACLs, standard and extended ACLs, which allow for greater control over network traffic.

Benefits of the Named Access Control list

1) Readability: Named ACLs are easier to understand because, remembering, names is easier than numbers.

2) Editability: We can edit named ACLs without removing and reapplying them.

3) Flexibility: Adding or removing individual entries into named ACLs is easier without disrupting the entire access control list.

Syntax of named ACL:

ip access-list [standard | extended] Name

{permit | deny} source [wildcard]

Types:

Named ACL supports both standard and extended ACLs.

Here in this blog post, we will configure both the standard and extended ACL for practical knowledge.

Lab topology for Named ACL

We will use the following lab topology both for standard and extended ACL.

Standard Named ACL:

The following lab topology will be used for the standard named ACL.

standard named access control list lab topology

Configure IP addresses on R1, R2, and all the PCs. Then, run RIP version 2 on R1 and R2.

Before configuring ACL, we will check the ping from PC0 to PC3.

ping from pc0 to pc3

Configure ACL on R2 for blocking PC0 to PC3.

 configuring standard named access control list on R2

Now we will check whether PC0 is pinging PC3 or not?

ping from pc0 to pc3 after applying named acl

Also, check from PC1 whether ACL affects it or not.

 ping from pc1 to pc3 after named acl

PC1 is able to ping PC3 because we didn’t configure ACL for PC1.

Extended Named ACL

We will use the previous lab topology in an extended named ACL, in which we will deny PC0 to browse the HTTP server.

 Extanded named access control list topology

First, check the ping command to test connectivity from PC0 to the HTTP server.

ping http server from pc0

Now configure the extended named ACL, in which we will deny only HTTP traffic generated by PC0. So, PC0 will not browse the HTTP server. Port 80 is used for HTTP traffic. After configuring ACL, permit other traffic to flow from R1 to R2. Apply the ACL at R1’s fast ethernet 0/0 in the outbound direction.

Configuring and applying extended named access control list on Router R1

Check the access list through show commands.

show extended named acl

Browse the HTTP server at PC0.

browser http_server IP in PC0

Browse the HTTP server through PC1. PC1 will browse the HTTP server because we didn’t block PC1 from browsing.

browser http_server from PC1

At the last, we will ping the server from PC0. PC0 will ping the server, because we blocked only HTTP traffic, but don’t block ICMP traffic.

 ping to http_server from pc0

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *