/
Sign up to Ping Labz!
Already have an account? Sign in
Labs

Lab sec-03 - Extended ACL (Named)

J
3 min read
Lab sec-03 - Extended ACL (Named)
Table of Contents

Extended ACLs filter based on source IP, destination IP, protocol, source port, destination port, and various TCP flags. They are the workhorse ACL type in production. Named ACLs (vs numbered) give you a descriptive name and let you insert/remove entries by line number cleanly. This lab configures a named extended ACL on R1 to allow specific inbound traffic and deny everything else.

What you will learn

  • Named ACL syntax with ip access-list extended NAME
  • Matching by protocol (TCP, UDP, ICMP)
  • Matching destination ports (eq, gt, lt, range)
  • The established keyword for stateful-ish filtering
  • Where to apply extended ACLs (close to source)

What this lab does NOT cover

  • Reflexive ACLs (semi-stateful)
  • Object groups (organize ACL entries by name)
  • IPv6 ACL syntax

Topology

Download the CCNA Base Topology .yaml

3 iol-xe routers + 1 alpine + 1 ioll2-xe managed switch + 1 unmanaged switch.

Download CCNA Base Topology

Written by

J

View all posts
More from Ping Labz
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Ping Labz.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.