Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Advantage of access-list over named access-list

Hi,

I like named access-lists, the problem I have is I have a couple of network engineers here and they constantly use the standard access-lists. When I ask them why they say it's out of habit. Can someone please explain if there's any need at all to have a non-named access lists in this day and age?

Thanks

Dan

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: Advantage of access-list over named access-list

In the newer codes , yes they are numbered.You can verify with a "show access-lists" .

6 REPLIES
Purple

Re: Advantage of access-list over named access-list

These days there really isn't a difference.If you use a standard access list it can be modified just like a named access list just get into ACL config mode , such as "ip access-list standard 50 " this put you into acl config mode and you modify the list just like a named list . You can modify any existing ACL list like this also , so technically there isn't a difference other than if you actually use a name for the ACL or a standard or extended number for the ACL.

Community Member

Re: Advantage of access-list over named access-list

Thanks.

But if you put a "no" statement in doesn't it remove the entire access-list? I thought that was one of the big advantages of named access-lists.

Dan

Purple

Re: Advantage of access-list over named access-list

Not if you are in ACL config mode. Try it on a spare box . It used to be that way when named first came out but not anymore.

conf t

ip access-list standard 50

enter, this puts you in acl config mode and you can add and delete items one at a time which is why I say there isn't a lot of difference now. This assumes you aren't still running old 11.X code or early 12.X code . you can also modify any current numbered ACL this way also .

Community Member

Re: Advantage of access-list over named access-list

Thanks. Does that mean that each line in the standard or extended list is numbered?

Thanks

Dan

Purple

Re: Advantage of access-list over named access-list

In the newer codes , yes they are numbered.You can verify with a "show access-lists" .

Bronze

Re: Advantage of access-list over named access-list

One thing I like about named access-list, is that it allows you to put something meaningful into the configuration, so if I do a "show run interface gi 1/0/1" I see the access-group with "100" that doesn't mean anything to me, if I see "VoIP_QoS" that means a lot more to me. Also it can give an idea of the intention of the ACL, ideally your engineers would put remarks in their access-lists, but I find that is rare, and the ones I typically see in ACL's aren't up to date, configurations have changed etc, old remarks are left in, you get the idea.

HTH,

Craig Miller

1213
Views
5
Helpful
6
Replies
CreatePlease to create content