For me, the best analogy for CBAC is that it's like a really smart
"established" keyword in access-lists. You still apply your access-list in
the inbound direction, and it's still the access-list that blocks traffic,
but the CBAC inspection commands make the access-list smart. In order for
the access-list to "know" what to let in, the router has to pay attention
(i.e. "inspect") the outgoing traffic. So, you inspect your outbound
traffic so that your access-lists can let the appropriate return traffic
back in.
That being said, the CBAC feature also does some sanity checking on packets
and can drop packets that it thinks are illegal even if no access-lists are
configured in the router. You'll almost never encounter this, but it's
handy to know about.
HTH
Dana
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10204&t=9748
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
