Cisco Router Firewall Security

Chapter 8. Reflexive Access Lists

Reflexive ACLs (RACLs) first were introduced in Cisco IOS 11.3. Unlike standard IP ACLs that can filter on Layer 3 information, and extended IP ACLs that can filter on Layers 3 and 4 information, RACLs can filter on Layers 3, 4, and 5 (session layer). This chapter focuses on using RACLs to implement a stateful firewall function on your router. As you will see, RACLs have many advantages, as well as limitations. Typically, RACLs are used when you do not have access to Context-based Access Control (CBAC), which provides a better stateful firewall function and has many more enhanced features than RACLs. CBAC is discussed in Chapter 9, “Context-Based Access Control.”

Overview of Reflexive ACLs

As discussed in

Get Cisco Router Firewall Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cisco Router Firewall Security by Richard A. Deal

Chapter 8. Reflexive Access Lists

Overview of Reflexive ACLs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly