Section 8.3: Named IP Access Lists

Named IP access lists can be used to match the same packets, with the same parameters, you can match with standard and extended IP access lists. Named IP access lists do have some differences, however. The most obvious difference is that IOS identifies named IP access lists using names you assign them as opposed to numbers. Named IP access lists also have another key feature that numbered IP access lists do not: You can delete individual lines in a named IP access list.

In addition, two important configuration differences exist between numbered and named access lists. One key difference is that named access lists use a global command that places the user in a named IP access list submode, under which the matching and permit or deny logic is configured. The other key difference is that when a named matching statement is deleted, only that one statement is deleted. With numbered lists, the deletion of any statement in the list deletes all the statements in the list.