removed from the named lists. Example 7-9 shows the configuration mode output when
entering the access list used on Albuquerque in access list 112 of Example 7-8, but this time as
a named access list instead of a numbered access list. One typo is shown in the original creation
of the access list in Example 7-9, with changes made to delete and add the statement shown later
in this same example. (The statement that is a typo is deny ip 10.1.2.0 0.0.0.255 10.2.3.0
0.0.0.255. It is a typo because there is no subnet 10.2.3.0; the intent was to configure 10.1.3.0
instead.)
Enter configuration commands, one per line. End with Ctrl-Z.
Router(config)#ip access-list extended barney
Router(config-ext-nacl)#permit tcp host 10.1.1.2 eq www any
Router(config-ext-nacl)#deny udp host 10.1.1.1 0.0.0.128 255.255.255.127
Router(config-ext-nacl)#deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255
! The next statement is purposefully wrong so that the process of changing the list
can be seen.
Router(config-ext-nacl)#deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255
Router(config-ext-nacl)#deny ip host 10.1.1.28 host 10.1.3.2
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#^Z
Router#sh run
Building configuration...
. (unimportant statements omitted)
.
!
ip access-list extended barney
permit tcp host 10.1.1.2 eq www any
deny udp host 10.1.1.1 0.0.0.128 255.255.255.127
deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255
deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255
deny ip host 10.1.1.130 host 10.1.3.2
deny ip host 10.1.1.28 host 10.1.3.2
permit ip any any
Enter configuration commands, one per line. End with Ctrl-Z.
Router(config)#ip access-list extended barney
Router(config-ext-nacl)#no deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255
Router(config-ext-nacl)#^Z
Router#show access-list
permit tcp host 10.1.1.2 eq www any
deny udp host 10.1.1.1 0.0.0.128 255.255.255.127