Scribd
Upload
274 views4 pages

(CCSP Self-Study) Context-Based Access Control (CBAC)

This document discusses Context-Based Access Control (CBAC) and how to configure it using a virtual lab simulation. It defines CBAC as a Cisco IOS firewall feature that inspects packets entering the firewall and maintains a state table to permit or deny specified TCP and UDP traffic, protecting against DoS attacks. It also describes how CBAC works by creating dynamic access lists to allow negotiated ports unlike static ACLs. The virtual lab simulation topology is shown to practice a BGP routing protocol between routers and configure CBAC with access lists to permit BGP and Telnet while denying other traffic.

Uploaded by

huydvt01
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
274 views4 pages

(CCSP Self-Study) Context-Based Access Control (CBAC)

This document discusses Context-Based Access Control (CBAC) and how to configure it using a virtual lab simulation. It defines CBAC as a Cisco IOS firewall feature that inspects packets entering the firewall and maintains a state table to permit or deny specified TCP and UDP traffic, protecting against DoS attacks. It also describes how CBAC works by creating dynamic access lists to allow negotiated ports unlike static ACLs. The virtual lab simulation topology is shown to practice a BGP routing protocol between routers and configure CBAC with access lists to permit BGP and Telnet while denying other traffic.

Uploaded by

huydvt01
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Context-Based Access Control (CBAC)

Objective
 Define the Cisco IOS Firewall
 Define CBAC
 Configure CBAC with dynamips virtual lab

Cisco IOS Firewall


The Cisco IOS Firewall Feature Set is a suite of features for Cisco IOS routers that provide
network protection on multiple level using following:

 CBAC (firewall)
 Authentication proxy
 Intrusion detection

Define CBAC

 Packet are inspected entering the firewall by CBAC if they are not specifically denied by
an ACL
 CBAC permit or denies specified TCP and UDP traffic through a firewall
 A state table is maintained with session information
 ACLs are dynamically created or deleted
 CBAC protects against DoS attacks

Cisco Access Control List and Limitation

Provide traffic filtering by:


 Source and destination IP address
 Source and destination ports
Can be used to implement a filtering firewall
 Ports are opened permanently to allow traffic, creating a security vulnerability
 Do not work with applications that negotiate ports dynamically

How CBAC works

Example notes:
 A Client creates a telnet session with source port 2447 and destination port 23.
 Access-list permits TCP port 23 from Client to Server but block random port 2447 if the
packet coming back.
 You cannot create an access-list to permanent open these random port because of
Security so CBAC will have you to create a dynamic access-list.
CBAC – supported protocols

Context-Base Access Control (CBAC) virtual lab

Topology & Objectives


HQ WAN Branch

WAN Router
HQ Router Branch router
.2 30.1.1.x/24 .1 .1 30.2.2.x/24 .2
F0/0 F0/0 F0/1 F0/0

F0/1 .1

.3 Web Server

10.10.0.x/24

Simulate Topology
Start-up Configuration
 BGP routing protocol between 3 routers
 IP nat static webserver (10.10.0.3) to public IP (30.1.1.3) on HQ router
 All username or password: cisco/cisco123

Configuration Task
Configure Access-List permit BGP protocol and Telnet from inside to outside. Deny
other traffic.

Download Simulated File & Document


Dynamic net file and running config: http://www.mediafire.com/?j9i2ymkjzv8w7v2

PDF version of this topic:

You might also like