From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue May 03 2005 - 13:23:44 GMT-3
Hey Dennis,
I'll take a crack at this.
Dynamic is also know as lock and key. What this means is that before the
specified traffic is allowed through, a user has to authenticate.
Reflexive: This type of acl is a bit like the "established" keyword you can
use on tcp acl's. IOW, it allows return traffic but isn't limited to just
tcp traffic - it can be used for any type of traffic.
CBAC: Unless the lab blueprint has changed, this isn't on the R&S lab so
you don't need to be concerned with this.
If you have the IE workbook, go through the Security section of each lab and
you'll find a number of examples where you'll need to configure Reflexive
and Dynamic acl's.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Dennis J. Hartmann
Sent: Tuesday, May 03, 2005 11:41 AM
To: ccielab@groupstudy.com
Subject: Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)
Would anyone care to explain the "KEY" differences between the following
types of access-lists?
CBAC
Reflexive
Dynamic
My interest is primarily aimed at identifying when to use which...
I believe that each type of ACL has it's own place in the world based on
its capabilities. Not being a master of these ACLs, I'm looking for
"enough" information where I understand the primary differences and when to
use which one. Any help is appreciated. Thanks.
Sincerely,
Dennis J. Hartmann
White Pine Communications
CCSI#23402/CCIP/CCNP/CCDP/CCNA/CCDA
Cisco IP Voice Support & Design Specialist
Cisco Optical, VPN & IDS Specialist
MCSE
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3