Named extended ACLs are created in essentially the same way that named standard ACLs are created. Follow these steps to create an extended ACL, using names:
Step 1. From global configuration mode, use the ip access-list extended name command to define a name for the extended ACL.
Step 2. In named ACL configuration mode, specify the conditions to permit or deny.
Step 3. Return to privileged EXEC mode and verify the ACL with the show access-lists name command.
Step 4. Save the entries in the configuration file with the copy running-config startup-config command.
To remove a named extended ACL, use the no ip access-list extended name global configuration command.
The figure shows the named versions of the ACLs created in the previous examples. The named ACL, SURFING, permits the users on the 192.168.10.0/24 LAN to access web sites. The named ACL, BROWSING, allows the return traffic from established connections. Using the ACL names, the rules are applied inbound and outbound on the G0/0 interface.