We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 642 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

470 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,

Forum Replies

  1. hi, great website ! i’m still learning basic guides cisco autodidact. i hope i can catch this section soon.

  2. Rene,

    I have been working on access-lists and NAT on my little lab. I have a Cisco router connected to a D Link router that is in turn connected to a vonage router which in turn connects to a Cable mode - my gateway to the internet. I am able to ping the D Link IP address from the cisco router and also the internet. The D link using subnet. I configured other subnets behind the cisco router. I managed to use NAT to be able to ping the D Link router but could never be able to ping anythin on the internet. All my other subnets behind the cisco

    ... Continue reading in our forum

  3. Good question, there are quite some differences.

    The reflexive access-list can match on L2-L4 attributes, just like the normal extended access-list. It’s quite “dumb” since the only thing it does is track the outgoing traffic and creating an access-list entry automatically that reverses the source / destination IP and port numbers. This works for traffic like HTTP but not for applications with dynamic port numbers.

    CBAC is a lot smarter, it can match up to L7 attributes and supports a wide range of protocols. The reflexive access-list and CBAC are both configur

    ... Continue reading in our forum

  4. Hi Mehul,

    If I understand well your question, you want to know the main difference between the Extended ACL and the Reflexive ACL.

    Extended ACLs control traffic by permitting or denying packets based on source & destination IP, protocol and destination port. They can be numbered or named access-lists, and you can assign them in the inbound or the outbound of router interfaces. When the packet arrive to the router and there is an Extended ACL applied, it will be checked entry by entry. In case it match an entry in the ACL, then an action will happen (deny or per

    ... Continue reading in our forum

  5. Do relexive access lists imply that by default, Cisco’s ACL’s are not stateful?

9 more replies! Ask a question or join the discussion by visiting our Community Forum