IOS Firewall – CBAC


As the network engineer for your company you are responsible for all network-related tasks. One day your security officer comes to you and asks is you can further enhance the network security. He wants you to implement an IOS Firewall feature to protect incoming traffic.


  • All IP addresses have been configured for you.
  • Router Mainframe is configured as a webserver, telnet is enabled as well.
  • You are not allowed to remove the access-list on the F1/0 interface of router FW.
  • Traffic originated from Mainframe is not allowed to reach router Host.
  • Router host should be able to telnet into router mainframe.




IOS Firewall CBAC

Video Solution:

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on


  1. Dear Rene

    I have done it the same as you shown in video but did not got any Inspection session and even telnet is not allowed

  2. I attempted to do this with the mentioned IOS above, but the “ip inspect command” doesn’t come up. I keep getting an % Unknown command error.

  3. hi and thanks for this ,
    i just joined the vault ( am also new to security) looking for a way to
    recognize if an ios image supports CBAC . ( in GNS3)
    Thankk you in advance

Comments are closed.