What is the most efficient method to configure ACLs fast? Are there any performance figures relating to how long it takes to configure an ACL rule, say on the 6500? (looking for configuration performance figures rather than throughput once ACLs have been installed)
Hi Dan, I'm not aware of any performance figures on the 6500s, but based on recent experience I would recommend using Named ACLs instead of numbered. According to the release notes, numbered ACLs require the merge algorithm to run every time an ACL is modified, whereas with Named it processes the merge algorithm once you exit ACL configuration mode. The ACLs we were using took on the order of 10-15 minutes to compile in numbered mode, converting them to Named reduced it to about
One more caveat: even though some versions of IOS on the 6500s will say Turbo ACLs (access-list compiled) works, it's officially not supported on the 6500s.