When would you use a Reflexive ACL? would you only use this for say a database or SQL session that would return on a different port? normal traffic should be covered correctly in just an extended. Is ther emuch difference between reflexive and context? IF anyone has a surefire layman way of explaining these I would appreciate it greatly.
Reflexive ACL's fall in between extended ACL's and CBAC as far as functionality goes. The advantage of reflexive ACL's over extended ACL's is that reflexive ACL's can dynamically generate stateful openings in an existing standard/extended ACL to allow return traffic. This is typically viewed as more secure than allowing such traffic through statically with a standard/extended ACL.
For example, internal networks are typically behind firewalls that allow only outbound traffic from the internal network -- no inbound traffic is allowed. The way this works is that the firewall "keeps state" on outbound connections so that the return (inbound) traffic is allowed through the firewall but other traffic is not. This is what reflexive ACL's do in a basic sense, though CBAC is better at it. Search around for "stateful filtering" if you're not familiar with it.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.