What are reflective access-lists ?

Reflective access-lists allows the router to pass "established" tcp traffic that has been previously allowed via another ACL. Due to routers to not having (by default) a state table, this ensures that you do not have to create additional access list entries to allow the return traffic of a permitted tcp session.

(config)# ip access-list extended INTERNET_FILTER
(config-ext-nacl)# permit tcp any any established

About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as an SDN/NFV Solutions Architect and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001