Cisco IOS Firewall Context-Based Access Control
Cisco IOS ACLs

Before delving into CBAC, some basic ACL concepts need to be reviewed. The following are general statements about traditional ACLs :

  • ACLs end in an implied deny any statement.
  • If ACLs are not configured on an interface, all connections are permitted by default.
  • ACLs provide traffic filtering at the network layer by utilizing the following:
    • Source and destination IP addresses
    • Source and destination ports
  • ACLS can be used to implement a filtering firewall.
  • ACLs open ports permanently to allow traffic, creating a security vulnerability.
  • ACLs do not work with applications that negotiate ports dynamically.

Without CBAC, traffic filtering is limited to ACL implementations that examine packets at the network layer, or at most, the transport layer.