web analytics
  • RSS

  • Polls

    What Cisco Cert Are You Currently Studying?

    View Results

    Loading ... Loading ...
  • Search on CiscoBibles

  • Popular Posts

  • Recent Comments

  • Archives

  • « | Main | »

    Simple configuration of Context-Based Access Control

    By admin | June 9, 2009

    Technical characteristics:

    1. Traffic filtering

    CBAC checks not only the information of the network layer and the transport layer but also the information of the application layer.

    It can also filter the http traffic and block java plug-in

    2. Traffic monitoring

    CBAC monitors the traffic passing through the router and handles the TCP and UDP state information which can be used to generate the temporary list to release the rebound traffic and other traffic allowed.

    3. Alert and audit

    4. Intrusion Prevention

    【Lab Topology】

    clip_image002

    【Lab Process】

    1. Configuration of GW

    GW(config)#ip inspect alert-off

    GW(config)# ip inspect audit-trail

    GW(config)#ip access-list ex ACLIN

    GW(config-ext-nacl)#permit ospf any any

    GW(config)# ip inspect name CBAC tcp alert on audit-trail off

    / Switch for some protocol alert and audit

    GW(config)# ip inspect name CBAC udp

    GW(config)# ip inspect name CBAC ftp

    GW(config)#ip inspect name CBAC icmp

    / The higher version can inspect ICMP without releasing ICMP on the external interface

    GW(config)# ip inspect name CBAC http java-list 2 urlfilter

    GW(config)#access-list 2 deny 218.18.1.0 0.0.0.255

    GW(config)#access-list 2 permit any

    GW(config)#interface s0/0

    GW(config-if)#ip access-group ACLIN in

    GW(config-if)#ip inspect CBAC out

    2. Test:

    Telnet the outside router form the inside router and examine the generation of the list on the gateway router.

    show ip access-list

    show ip inspect config

    show ip inspect all

    show ip inspect sessions detail

    Configure logging:

    GW(config)#logging host 192.168.1.254

    GW(config)#logging trap informational

    GW(config)#no ip inspect

    / Close CBAC and clear CBAC configurations

             

    Topics: CCSP, CCSP Articles | No Comments »

    Comments

    You must be logged in to post a comment.