[unisog] Are cisco router VLAN ACL's stateful like a PIX?

PaulFM paulfm at me.umn.edu
Tue Feb 1 15:21:02 GMT 2005

Carefully read the Manual on using reflexive rules.

Reflexive rules actually create temporary reverse rules for each packet they 
act on and will greatly increase the size of the access list the router acts 
on (which could overload some routers).

Ben Beuchler wrote:
> On Mon, Jan 31, 2005 at 02:19:04PM -0700, Clyde Hoadley wrote:
>>Are cisco router VLAN ACL's stateful the
>>way the PIX firewall is stateful?
> I'm not familiar with PIX configuration, but most Cisco devices support
> "reflexive" access lists which work very similar to stateful firewall
> rules on, say, an IPFW firewall.
> -Ben

The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
Paul F. Markfort   Info/Web: http://www.menet.umn.edu/~paulfm

More information about the unisog mailing list