Naming an ACL makes it easier to understand its function. For example, an ACL configured to deny FTP could be called NO_FTP. When you identify your ACL with a name instead of with a number, the configuration mode and command syntax are slightly different.
Figure 1 shows the steps required to create a standard named ACL.
Step 1. Starting from the global configuration mode, use the ip access-list command to create a named ACL. ACL names are alphanumeric, case sensitive, and must be unique. The ip access-list standard name is used to create a standard named ACL, whereas the command ip access-list extended name is for an extended access list. After entering the command, the router is in named standard ACL configuration mode as indicated by the prompt.
Note: Numbered ACLs use the global configuration command access-list whereas named IPv4 ACLs use the ip access-list command.
Step 2. From the named ACL configuration mode, use permit or deny statements to specify one or more conditions for determining whether a packet is forwarded or dropped.
Step 3. Apply the ACL to an interface using the ip access-group command. Specify if the ACL should be applied to packets as they enter into the interface (in) or applied to packets as they exit the interface (out).
Figure 2 shows the commands used to configure a standard named ACL on router R1, interface G0/0 that denies host 192.168.11.10 access to the 192.168.10.0 network. The ACL is named NO_ACCESS.
Capitalizing ACL names is not required, but makes them stand out when viewing the running-config output. It also makes it less likely that you will accidentally create two different ACLs with the same name but with different uses of capitalization.