Configure Cisco IOS Firewall Context-Based Access Control
Test and verify CBAC

The show ip inspect command family can be used by administrators to test and verify a CBAC installation . The syntax for the show ip inspect command is shown in Figures and .

debug Commands
To display messages about CBAC events, use the debug ip inspect EXEC command. The no form of this command disables debugging output. The syntax for the debug ip inspect command is shown in Figure .

Remove the CBAC Configuration
Use the no ip inspect command to remove the entire CBAC configuration . This command will also reset all global timeouts and thresholds to their defaults, delete all existing sessions, and remove all associated dynamic ACLs. This command has no other arguments, keywords, default behavior, or values.


Lab Activity

Lab Exercise: Configure Cisco IOS Firewall CBAC

In this lab, students will understand how CBAC enables a router-based firewall. Students will configure a simple firewall including CBAC using the Security Device Manager (SDM). Students will then learn to configure a simple firewall including CBAC and RFC Filtering using the IOS CLI. Students will also test and verify CBAC operation.

Lab Activity

e-Lab Activity: Configure CBAC on a Cisco Router

In this activity, students will configure logging and audit trails, define and apply inspection rules ACL, and test and verify CBAC.