Re: CBAC vs. Reflexive ACL

From: Rich Collins (nilsi2002@gmail.com)
Date: Tue Feb 12 2008 - 19:53:57 ARST

• Next message: Julian Rodriguez: "Re: CCIE 20k Must Have Been Awarded Today?"
• Previous message: Niraj Palikhey: "Now it's also my turn to finally say................"
• Maybe in reply to: wael sabry: "CBAC vs. Reflexive ACL"
• Next in thread: Fang Gao: "Re: CBAC vs. Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Another key word to look for is timeout. How long to hold a (tcp) session
and different thresholds which can be set to drop sessions which do not
become fully established - as Rik has mentioned.

As I recall CBAC only offers a subset of functions for locally generated
traffic.

-Rich

On Feb 12, 2008 9:48 AM, Rik Guyler <rik@guyler.net> wrote:

> CBAC also adds a component of stateful inspection to the ACL function,
> which
> RACLs don't do. If the question asks you simply to allow return traffic
> then a RACL should do it but if the question leads you towards intelligent
> or stateful filtering (possibly with keywords, such as Internet, hackers,
> etc.) then you could consider CBAC.
>
> Rik
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> wael
> sabry
> Sent: Tuesday, February 12, 2008 7:25 AM
> To: ccielab@groupstudy.com
> Subject: CBAC vs. Reflexive ACL
>
> Hello,
>
> Is there any advice about when to use CBAC and when use Reflexive ACL,
> many
> tasks in IE that need to permit locally traffic (tcp/udp/icmp) to be
> returned back most of these Tasks have been solved by Reflexive ACL and
> then
> needed to add route-map to match locally generated traffic of the router .
> My Question why not to use CBAC with router-traffic key word.
>
> For Example Task 8-1 in Lab 5.
>
> Regards,
>
> Wael Sabry
>
>
> _________________________________________________________________
> Connect and share in new ways with Windows Live.
>
> http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Julian Rodriguez: "Re: CCIE 20k Must Have Been Awarded Today?"
• Previous message: Niraj Palikhey: "Now it's also my turn to finally say................"
• Maybe in reply to: wael sabry: "CBAC vs. Reflexive ACL"
• Next in thread: Fang Gao: "Re: CBAC vs. Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:48 ARST