WHEN THE CONNECTION IS CLOSED, THE STATE TABLE ENTRY IS DELETEDALON...

7. - Syngress Managing Cisco Network Security

7. - Syngress Managing Cisco Network Security

Syngress Managing Cisco Network Security

Nội dung
Đáp án tham khảo

7. When the connection is closed, the state table entry is deleted

along with the temporary access list.

Configuring Control-based Access Control

Before configuring CBAC, we must specify which protocols you want to be

inspected. We must also specify an interface and direction where the

inspection originates. Context-based Access Control will inspect only the

protocols we specify here. For the specified protocols, packets entering or

exiting the router are inspected. They must flow through the interface

where inspection is configured. The packets must pass the inbound access

list applied on the interface to be inspected by CBAC. If a packet is denied

by the access list, the packet is dropped and CBAC will have no effect.

Figure 2.10 diagrams a CBAC configuration.

Traffic Filtering on the Cisco IOS • Chapter 2 87

Figure 2.10 Configuring Context-based Access Control.

Internet

SMTP

DNS

S0

Ethernet

E0