Reflexive ACLs (RACLs) first were introduced in Cisco IOS 11.3. Unlike standard IP ACLs that can filter on Layer 3 information, and extended IP ACLs that can filter on Layers 3 and 4 information, RACLs can filter on Layers 3, 4, and 5 (session layer). This chapter focuses on using RACLs to implement a stateful firewall function on your router. As you will see, RACLs have many advantages, as well as limitations. Typically, RACLs are used when you do not have access to Context-based Access Control (CBAC), which provides a better stateful firewall function and has many more enhanced features than RACLs. CBAC is discussed in Chapter 9, "Context-Based Access Control."