Configuring IP Session Filtering (Reflexive Access Lists)
Lists)
This chapter describes how to configure reflexive access lists on your router. Reflexive access lists
provide the ability to filter network traffic at a router, based on IP upper-layer protocol “session”
information.
For a complete description of reflexive access list commands, refer to the “Reflexive Access List
Commands” chapter of the Security Command Reference. To locate documentation of other
commands that appear in this chapter, use the command reference master index or search online.
In This Chapter
This chapter has the following sections:
• About Reflexive Access Lists
• Prework: Before You Configure Reflexive Access Lists
• Configure Reflexive Access Lists
• Reflexive Access Lists Configuration Examples
About Reflexive Access Lists
Reflexive access lists allow IP packets to be filtered based on upper-layer session information. You
can use reflexive access lists to permit IP traffic for sessions originating from within your network
but to deny IP traffic for sessions originating from outside your network. This is accomplished by
reflexive filtering, a kind of session filtering.
Reflexive access lists can be defined with extended named IP access lists only. You cannot define
reflexive access lists with numbered or standard named IP access lists or with other protocol access
lists.
You can use reflexive access lists in conjunction with other standard access lists and static extended
access lists.
Benefits of Reflexive Access Lists
Reflexive access lists are an important part of securing your network against network hackers, and
can be included in a firewall defense. Reflexive access lists provide a level of security against
spoofing and certain denial-of-service attacks. Reflexive access lists are simple to use, and,
compared to basic access lists, provide greater control over which packets enter your network.
附件: 您所在的用户组无法下载或查看附件
搜索更多相关主题的帖子:
Reflexive Filtering Lists Session Configuring
