Advantage of access-list over named access-list

Answered Question
Sep 28th, 2009


I like named access-lists, the problem I have is I have a couple of network engineers here and they constantly use the standard access-lists. When I ask them why they say it's out of habit. Can someone please explain if there's any need at all to have a non-named access lists in this day and age?



I have this problem too.
0 votes
Correct Answer by glen.grant about 7 years 2 weeks ago

In the newer codes , yes they are numbered.You can verify with a "show access-lists" .

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (2 ratings)
glen.grant Mon, 09/28/2009 - 06:32

These days there really isn't a difference.If you use a standard access list it can be modified just like a named access list just get into ACL config mode , such as "ip access-list standard 50 " this put you into acl config mode and you modify the list just like a named list . You can modify any existing ACL list like this also , so technically there isn't a difference other than if you actually use a name for the ACL or a standard or extended number for the ACL.

dan_track Mon, 09/28/2009 - 06:39


But if you put a "no" statement in doesn't it remove the entire access-list? I thought that was one of the big advantages of named access-lists.


glen.grant Mon, 09/28/2009 - 07:00

Not if you are in ACL config mode. Try it on a spare box . It used to be that way when named first came out but not anymore.

conf t

ip access-list standard 50

enter, this puts you in acl config mode and you can add and delete items one at a time which is why I say there isn't a lot of difference now. This assumes you aren't still running old 11.X code or early 12.X code . you can also modify any current numbered ACL this way also .

dan_track Mon, 09/28/2009 - 07:42

Thanks. Does that mean that each line in the standard or extended list is numbered?



Correct Answer
glen.grant Mon, 09/28/2009 - 07:45

In the newer codes , yes they are numbered.You can verify with a "show access-lists" .

xcz504d1114 Mon, 09/28/2009 - 07:51

One thing I like about named access-list, is that it allows you to put something meaningful into the configuration, so if I do a "show run interface gi 1/0/1" I see the access-group with "100" that doesn't mean anything to me, if I see "VoIP_QoS" that means a lot more to me. Also it can give an idea of the intention of the ACL, ideally your engineers would put remarks in their access-lists, but I find that is rare, and the ones I typically see in ACL's aren't up to date, configurations have changed etc, old remarks are left in, you get the idea.


Craig Miller


This Discussion