Hi All,
I was going through CBAC and understood(assuming if I rightly
understood) there are differences in the way router looks/inspects the
returning traffic.The way in which I understood is,
1) Without FAB(Firewall ACL Bypass),when CBAC is implemented,there would be
Dynamically created ACL entries at the top lines of the ACL in the inbound
ACL applied to the external interface based on the state table(show ip
inspect sessions) .This will allow returning traffic comming from the
outside(external) which were previous originated and inspected by CBAC from
inside
2) With FAB,CBAC will not create a dynamic ACL and just inspects the state
table to allow the returning traffic.
Is my above understanding is right .If so,my questions are
1) How to verify whether the CBAC in that particular router platform is done
with FAB or not ..Like by show commands ...I was thinking to see,by doing
show ip access-list,if the entries are dynamically created ,then it is
without FAB or the otherway ...Is that right way to verify
2) In terms of OEQ,if a question is put explain CBAC operation,I am at this
moment thinking of to explain both the above assuming I didn't hear
something wrong about those from you all
Kindly let know your comments and corrections.
Thanks for the great help
Regards
Anantha Subramnanian Natarajan
Blogs and organic groups at http://www.ccie.net
Received on Thu Sep 10 2009 - 09:37:30 ART
This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:03 ART