[unisog] Are cisco router VLAN ACL's stateful like a PIX?

PaulFM paulfm at me.umn.edu
Tue Feb 1 15:21:02 GMT 2005


Carefully read the Manual on using reflexive rules.

Reflexive rules actually create temporary reverse rules for each packet they 
act on and will greatly increase the size of the access list the router acts 
on (which could overload some routers).



Ben Beuchler wrote:
> On Mon, Jan 31, 2005 at 02:19:04PM -0700, Clyde Hoadley wrote:
> 
> 
>>Are cisco router VLAN ACL's stateful the
>>way the PIX firewall is stateful?
> 
> 
> I'm not familiar with PIX configuration, but most Cisco devices support
> "reflexive" access lists which work very similar to stateful firewall
> rules on, say, an IPFW firewall.
> 
> -Ben
> 

-- 
---------------------------------------------------------------------
The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
---------------------------------------------------------------------
Paul F. Markfort   Info/Web: http://www.menet.umn.edu/~paulfm
---------------------------------------------------------------------



More information about the unisog mailing list