Re: CBAC with/or without FAB

Hi,

As far as I know, this feature is enabled by default (and cannot be
disabled) starting in IOS 12.3(4)T. Show version is you friend in this
case.
Hopefully I will lab it up and back to you with more detailed answer.

--
Piotr Matusiak
CCIE #19860 (R&S, SEC)
>
> Hi All,
>
> B I was going through CBAC and understood(assuming if I rightly
> understood) there are differences in the way router looks/inspects the
> returning traffic.The way in which I understood is,
>
> 1) Without FAB(Firewall ACL Bypass),when CBAC is implemented,there would be
> Dynamically created ACL entries at the top lines of the ACL in the inbound
> ACL applied to the external interface based on the state table(show ip
> inspect sessions) .This will allow returning traffic comming from the
> outside(external) which were previous originated and inspected by CBAC from
> inside
>
> 2) With FAB,CBAC will not create a dynamic ACL and just inspects the state
> table to allow the returning traffic.
>
> Is my above understanding is right .If so,my questions are
>
> 1) How to verify whether the CBAC in that particular router platform is done
> with FAB or not ..Like by show commands ...I was thinking to see,by doing
> show ip access-list,if the entries are dynamically created ,then it is
> without FAB or the otherway ...Is that right way to verify
>
> 2) In terms of OEQ,if a question is put explain CBAC operation,I am at this
> moment thinking of to explain both the above assuming I didn't hear
> something wrong about those from you all
>
> Kindly let know your comments and corrections.
>
> Thanks for the great help
>
> Regards
> Anantha Subramnanian Natarajan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net