원스톱 지능형 IT 솔루션

dw@donewin.com.hk |

IsthereaperformanceadvantagewhenusingthetheIPaccesslistkeywordestablishedonanextendedACL?Doesusing"established"maketheaccesslistmorevulnerable?Doyouhavespecificexamplesoftheusage?

시스코 라우터 FAQFAQ

Is there a performance advantage when using the the IP access list keyword established on an extended ACL? Does usingestablishedmake the access list more vulnerable? Do you have specific examples of the usage?

There is no real performance advantage. The keyword establishedsimply means that packets with the acknowledgment (ACK) or reset (RST) bits set are let through. To learn more about ACLs in general, refer to Configuring IP Access Lists.

The establishedkeyword allows the internal hosts to make external TCP connections and to receive the return control traffic. In most scenarios, this type of ACL would be essential on a firewall configuration. The same result can also be achieved either by using Reflexive ACLs or Context-Based Access Control. Refer to Configuring Commonly Used IP ACLsfor some sample configurations.

이전:

다음:

답장을 남겨주세요

라이브 채팅
메시지를 남겨주세요

    22 + = 27