1. Home
  2. Networking
  3. Router firewall security

Chapter 9. Context-Based Access Control

In the last chapter, you were introduced to one method of providing stateful filtering with the Cisco IOS: reflexive ACLs (RACLs). This chapter focuses on Context-based Access Control (CBAC), one of the key features in the Cisco IOS Firewall feature set. As you will see at the beginning of this chapter, CBAC has many more features and fewer limitations than RACLs. Cisco recommends that you use CBAC instead of RACLs; you will understand why by the end of this chapter.

CBAC is just one of many features of the Cisco IOS Firewall feature set. The Cisco IOS Firewall also supports other features, including authentication proxy (Chapter 14, "Authentication Proxy") and an intrusion-detection system (Chapter 16, "Intrusion-Detection System"). This chapter focuses only on CBAC, which implements the Cisco IOS Firewall feature set's stateful filtering. I begin by introducing some Cisco IOS Firewall features, and then I discuss features specific to CBAC and how to configure CBAC.



    		Part I: Security Overview and Firewalls
    		Part II: Managing Access to Routers
    		Part III: Nonstateful Filtering Technologies
    		Part IV: Stateful and Advanced Filtering Technologies
    		Chapter 8. Reflexive Access Lists
    		Chapter 9. Context-Based Access Control
    		Cisco IOS Firewall Features
    		CBAC Functions
    		Operation of CBAC
    		Supported Protocols for CBAC
    		CBAC Performance
    		CBAC Limitations
    		CBAC Configuration
    		CBAC Examples
    		Summary
    		Chapter 10. Filtering Web and Application Traffic
    		Part V: Address Translation and Firewalls
    		Part VI: Managing Access Through Routers
    		Part VII: Detecting and Preventing Attacks
    		Part VIII: Virtual Private Networks
    		Part IX: Case Study