Reflexive ACLs were alien in Cisco IOS Software Release 11.3. Automatic
ACLs acquiesce IP packets to be filtered based on upper-layer affair
information. They are about acclimated to acquiesce outbound cartage
and to absolute entering cartage in acknowledgment to sessions that
arise central the router.
Reflexive ACLs can be authentic alone with continued alleged IP
ACLs. They cannot be authentic with numbered or accepted alleged IP
ACLs, or with added agreement ACLs. Automatic ACLs can be acclimated in
affiliation with added accepted and changeless continued ACLs.
This is the syntax for assorted automatic ACL commands.
interface
ip access-group {number|name} {in|out}
ip access-list continued name
admittance agreement any any reflect name [timeoutseconds]
ip access-list continued name
appraise name
This is an archetype of the admittance of ICMP outbound and
entering traffic, while alone allowing TCP cartage that has
accomplished from inside, added cartage is denied.
ip reflexive-list abeyance 120
interface Ethernet0/1
ip abode 172.16.1.2 255.255.255.0
ip access-group inboundfilters in
ip access-group outboundfilters out
ip access-list continued inboundfilters
admittance icmp 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
appraise tcptraffic
!--- This ties the automatic ACL allotment of the outboundfilters ACL,
!--- alleged tcptraffic, to the inboundfilters ACL.
ip access-list continued outboundfilters
admittance icmp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
admittance tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 reflect tcptraffic
Sections
Comments (0 posted)
Syndication
