RE: Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)

From: Dennis J. Hartmann (dennisjhartmann@hotmail.com)
Date: Tue May 03 2005 - 13:53:37 GMT-3

• Next message: loc.pham@comcast.net: "RE: OSPF non-backbone area"
• Previous message: router guy: "Re:CCIE R/S real exam"
• Maybe in reply to: Dennis J. Hartmann: "Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)"
• Next in thread: simon hart: "RE: Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

         Based on the "vagueness" of the blueprint relating to CBAC, I'm
going to be prepared to do CBAC. I think CBAC would definetely fall under
#3 from the security section of the blueprint. CBAC is not supported in the
IP feature set, but I don't see any feature sets listed on the exam
blueprint.

# Security

   1. AAA
   2. Security server protocols
   3. Traffic filtering and firewalls
   4. Access lists
   5. Routing protocols security, catalyst security
   6. Other security features

Sincerely,
 
Dennis J. Hartmann
White Pine Communications
dh8@pobox.com
CCSI#23402/CCIP/CCNP/CCDP/CCNA/CCDA
Cisco IP Voice Support & Design Specialist
Cisco Optical, VPN & IDS Specialist
MCSE
 

-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Tuesday, May 03, 2005 12:24 PM
To: 'Dennis J. Hartmann'; ccielab@groupstudy.com
Subject: RE: Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)

Hey Dennis,

I'll take a crack at this.

Dynamic is also know as lock and key. What this means is that before the
specified traffic is allowed through, a user has to authenticate.

Reflexive: This type of acl is a bit like the "established" keyword you can
use on tcp acl's. IOW, it allows return traffic but isn't limited to just
tcp traffic - it can be used for any type of traffic.

CBAC: Unless the lab blueprint has changed, this isn't on the R&S lab so
you don't need to be concerned with this.

If you have the IE workbook, go through the Security section of each lab and
you'll find a number of examples where you'll need to configure Reflexive
and Dynamic acl's.

HTH, Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Dennis J. Hartmann
Sent: Tuesday, May 03, 2005 11:41 AM
To: ccielab@groupstudy.com
Subject: Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)

    Would anyone care to explain the "KEY" differences between the following
types of access-lists?
 
CBAC
Reflexive
Dynamic
 
    My interest is primarily aimed at identifying when to use which...
 
    I believe that each type of ACL has it's own place in the world based on
its capabilities. Not being a master of these ACLs, I'm looking for
"enough" information where I understand the primary differences and when to
use which one. Any help is appreciated. Thanks.
 

Sincerely,

 Dennis J. Hartmann

White Pine Communications

dh8@pobox.com

CCSI#23402/CCIP/CCNP/CCDP/CCNA/CCDA

Cisco IP Voice Support & Design Specialist

Cisco Optical, VPN & IDS Specialist

MCSE

• Next message: loc.pham@comcast.net: "RE: OSPF non-backbone area"
• Previous message: router guy: "Re:CCIE R/S real exam"
• Maybe in reply to: Dennis J. Hartmann: "Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)"
• Next in thread: simon hart: "RE: Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3