From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Tue May 03 2005 - 14:05:49 GMT-3
Dennis,
If CBAC isn't actively discussed on this mailing list, I
wouldn't spend time on it.
http://www.google.com/search?hl=en&lr=&q=cbac+site%3Awww.groupstudy.com%
2Farchives%2Fccielab&btnG=Search
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Dennis J. Hartmann
Sent: Tuesday, May 03, 2005 9:54 AM
To: 'ccie2be'; ccielab@groupstudy.com
Subject: RE: Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)
Based on the "vagueness" of the blueprint relating to CBAC, I'm
going to be prepared to do CBAC. I think CBAC would definetely fall
under
#3 from the security section of the blueprint. CBAC is not supported in
the
IP feature set, but I don't see any feature sets listed on the exam
blueprint.
# Security
1. AAA
2. Security server protocols
3. Traffic filtering and firewalls
4. Access lists
5. Routing protocols security, catalyst security
6. Other security features
Sincerely,
Dennis J. Hartmann
White Pine Communications
dh8@pobox.com
CCSI#23402/CCIP/CCNP/CCDP/CCNA/CCDA
Cisco IP Voice Support & Design Specialist
Cisco Optical, VPN & IDS Specialist
MCSE
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Tuesday, May 03, 2005 12:24 PM
To: 'Dennis J. Hartmann'; ccielab@groupstudy.com
Subject: RE: Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)
Hey Dennis,
I'll take a crack at this.
Dynamic is also know as lock and key. What this means is that before
the
specified traffic is allowed through, a user has to authenticate.
Reflexive: This type of acl is a bit like the "established" keyword you
can
use on tcp acl's. IOW, it allows return traffic but isn't limited to
just
tcp traffic - it can be used for any type of traffic.
CBAC: Unless the lab blueprint has changed, this isn't on the R&S lab
so
you don't need to be concerned with this.
If you have the IE workbook, go through the Security section of each lab
and
you'll find a number of examples where you'll need to configure
Reflexive
and Dynamic acl's.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Dennis J. Hartmann
Sent: Tuesday, May 03, 2005 11:41 AM
To: ccielab@groupstudy.com
Subject: Advanced ACLs: CBAC, Reflexive, Lock-and-Key(Dynamic)
Would anyone care to explain the "KEY" differences between the
following
types of access-lists?
CBAC
Reflexive
Dynamic
My interest is primarily aimed at identifying when to use which...
I believe that each type of ACL has it's own place in the world
based on
its capabilities. Not being a master of these ACLs, I'm looking for
"enough" information where I understand the primary differences and when
to
use which one. Any help is appreciated. Thanks.
Sincerely,
Dennis J. Hartmann
White Pine Communications
CCSI#23402/CCIP/CCNP/CCDP/CCNA/CCDA
Cisco IP Voice Support & Design Specialist
Cisco Optical, VPN & IDS Specialist
MCSE
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3