This section, briefly explains the creation and configuration of the extended named access control list. Based on the source address and the destination address traffics can be denied or can be permitted in extended named access control lists. All the lists are identified using a number or name. It is user-friendly to use named access control list rather than numbered access control list because it is easier to recognize with name and can associate a task. To access the control list we can add or reorder the statements. The access control list contains the following features that are not supported by the number of access lists. They are:-

Filtering IP options.

Disconnected ports.

Filtering the TCP flag.

We can delete the entries with no permit.


We can create the extended named ACLby using an IOS command named “access-list”. We use this IOS command from the global configuration mode of Router01. The statements written in Router 01 are shown below.

One of the main points need to notice is that at the end of every statement there is “deny any” statement. At the end of each statement if there is no “permit IP any” the extended named access control can filter all the traffics in the network. And if the previous statements are not get matched with any statements “permit IP any” statement can get permitted.


The extended named access control list can be configured by using an IOS command named “access-group”. The statement is shown below express the command:

Router(config)# interface interface_no

Router(config-if)# IP access-group A CL_name in|out

The keyword in and out is used to determine the direction of filtering the traffic. The “in” keyword is used when the filtration needs to take place when the traffic arrives at the router or the interfaces. In keyword are expressed in the figure as shown below:

The out keyword is used to filter the traffic when the traffic leaves from the router or the interfaces. The figure shown below illustrates the out keyword.

The extended access control lists are near to the source address network. The statements shown below describes the extended access control list in an IOS command format and the traffics are filtered on in the direction.

The “no” command can be used to remove the extended access control list. The format used to express the deletion of named access control list was shown below:

Router01(config-if)#no IP access-group BLOCK_WS3 in

Also, read…

Download How to Create and Configure Extended Named Access Control List in pdf – Click here