Using CBAC to Protect Users from Attack

This section describes the limitations of Cisco IOS ACLs and explains how CBAC better protects users from attack. It also lists the protocols that are supported by CBAC and describes the added alert and audit trail features. Finally, the CBAC configuration tasks are listed.

Cisco IOS ACLs

Before delving into CBAC, some basic ACL concepts need to be covered briefly. An ACL provides packet filtering: it has an implied “deny all” at the end of the ACL, and if the ACL is not configured, it permits all connections. Without CBAC, traffic filtering is limited to ACL implementations that examine packets at the network layer or, at most, the transport layer. Cisco IOS ACLs Provide traffic filtering by:

  • Source and ...

Get CCSP Self-Study: Securing Cisco IOS Networks (SECUR) now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.