Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2332
Views
5
Helpful
6
Replies

Advantage of access-list over named access-list

Go to solution
dan_track
Level 1
Level 1

‎09-28-2009 06:15 AM - edited ‎03-06-2019 07:54 AM

Hi,

I like named access-lists, the problem I have is I have a couple of network engineers here and they constantly use the standard access-lists. When I ask them why they say it's out of habit. Can someone please explain if there's any need at all to have a non-named access lists in this day and age?

Thanks

Dan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
glen.grant
VIP Alumni
VIP Alumni
In response to dan_track

‎09-28-2009 07:45 AM

In the newer codes , yes they are numbered.You can verify with a "show access-lists" .

View solution in original post

6 Replies 6

Go to solution
glen.grant
VIP Alumni
VIP Alumni

‎09-28-2009 06:32 AM

These days there really isn't a difference.If you use a standard access list it can be modified just like a named access list just get into ACL config mode , such as "ip access-list standard 50 " this put you into acl config mode and you modify the list just like a named list . You can modify any existing ACL list like this also , so technically there isn't a difference other than if you actually use a name for the ACL or a standard or extended number for the ACL.

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to glen.grant

‎09-28-2009 06:39 AM

Thanks.

But if you put a "no" statement in doesn't it remove the entire access-list? I thought that was one of the big advantages of named access-lists.

Dan

0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni
In response to dan_track

‎09-28-2009 07:00 AM

Not if you are in ACL config mode. Try it on a spare box . It used to be that way when named first came out but not anymore.

conf t

ip access-list standard 50

enter, this puts you in acl config mode and you can add and delete items one at a time which is why I say there isn't a lot of difference now. This assumes you aren't still running old 11.X code or early 12.X code . you can also modify any current numbered ACL this way also .

0 Helpful

Go to solution
dan_track
Level 1
Level 1
In response to glen.grant

‎09-28-2009 07:42 AM

Thanks. Does that mean that each line in the standard or extended list is numbered?

Thanks

Dan

0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni
In response to dan_track

‎09-28-2009 07:45 AM

In the newer codes , yes they are numbered.You can verify with a "show access-lists" .

Go to solution
xcz504d1114
Level 4
Level 4

‎09-28-2009 07:51 AM

One thing I like about named access-list, is that it allows you to put something meaningful into the configuration, so if I do a "show run interface gi 1/0/1" I see the access-group with "100" that doesn't mean anything to me, if I see "VoIP_QoS" that means a lot more to me. Also it can give an idea of the intention of the ACL, ideally your engineers would put remarks in their access-lists, but I find that is rare, and the ones I typically see in ACL's aren't up to date, configurations have changed etc, old remarks are left in, you get the idea.

HTH,

Craig Miller

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card