Cisco Context-Based Access Control (CBAC)

Cisco Context-Based Access Control (CBAC) is a component of the Cisco IOS Firewall feature set

CBAC is essentially a firewall for Cisco IOS routers that offers some more features than a simple access-list. CBAC is able to inspect up to layer 7 of the OSI model and can dynamically create rules to allow return traffic. It is similar to a reflexive access-list but one of the key differences is that reflexive ACLs only inspect up to layer 4.

The purpose of CBAC is to enable security features on an already existing Cisco IOS device, without the need to purchase a separate purpose-built firewall. It is a feature of convenience and should be used sparingly and only in low-risk situations, such as a small office with no mission-critical network services or data.

CBAC is sometimes called a Transparent IOS firewall

For proper security, a separate purpose-built firewall should be used.