Root: WRM Database > Information Technology > Certifications > CCNA > ACLs > Reflexive ACLs > What Are Reflexive ACLs?

What Are Reflexive ACLs?

Reflexive ACLs are also called IP session filtering. They permit UDP or TCP sessions on an individual basis. The router reacts when they see the first packet of a new session between two hosts. It reacts to the packet by adding a permit staement to the ACL, allowing that session's traffic based on the source and destination IP address and TCP/UDP ports

With reflexive ACLs, when the Enterprise user first creates a new session, the router notices the new session and records the source and destination IP addresses and ports used for that session. The reflexive ACL would not allow all traffic in. Instead it would allow only packets whose addresses and ports matched the original packet.


Odom, Wendell (2008) CCNA ICND2 Official Exam Certification Guide, Second Edition. Indianapolis: Cisco Press.