Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Difference between CBAC and Reflexive access-list

Can anyone tell me the difference between the CBAC and Reflexive Access-list. Their purpose look identical to me, but the commands are different.

Any help would be highly appreciated.

Thank you.

Mohan

1 REPLY
Cisco Employee

Re: Difference between CBAC and Reflexive access-list

CBAC turns your router into a stateful device, so it doesn't just update the access-list to allow return traffic back in (like reflexive ACL's do), it keeps track of the state of the connection, monitoring ACK/SEQ numbers in TCP packets, etc. Go with CBAC over reflexive ACL's any day, much more secure.

160
Views
0
Helpful
1
Replies