Configuring ACLs

What is the most efficient method to configure ACLs fast? Are there any performance figures relating to how long it takes to configure an ACL rule, say on the 6500? (looking for configuration performance figures rather than throughput once ACLs have been installed)

Thanks, Dan

Reply to
df1
Loading thread data ...

Hi Dan, I'm not aware of any performance figures on the 6500s, but based on recent experience I would recommend using Named ACLs instead of numbered. According to the release notes, numbered ACLs require the merge algorithm to run every time an ACL is modified, whereas with Named it processes the merge algorithm once you exit ACL configuration mode. The ACLs we were using took on the order of 10-15 minutes to compile in numbered mode, converting them to Named reduced it to about

15 seconds.

One more caveat: even though some versions of IOS on the 6500s will say Turbo ACLs (access-list compiled) works, it's officially not supported on the 6500s.

Ryan Niemes

df1 wrote:

Reply to
Ryan Niemes

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.