Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1785
Views
20
Helpful
1
Replies

Difference with the SHUN and ACL within blockig traffic

ricardo.hdz
Level 1
Level 1

‎04-25-2016 10:15 AM - edited ‎03-12-2019 12:40 AM

Hello
i manage a network without Intrusion prevention system, recently we were have some problems with the cpu usage of ASA 5520 and 5550, i think the onliy razon for the cpu-hog is the numer of connection and now i search the best form of handle the traffic, also i try to understand the blocking of certain traffic that must be considerate has attack. I find the SHUN feature for this but i dont understand the difference between ACL, i hope that somebody can help me to learn about this difference.

Labels:
1 Reply 1

Marius Gunnerud
VIP
VIP

‎04-25-2016 10:45 AM

There are quite a few differences between shun and ACLs.

  1. shun will block all traffic.  ACL you can specify which ports to block
  2. shun can be used with threat detection and IPS so that blocking starts once a threshold is reached.  ACL will block all traffic from the start.
  3. Shun blocks at the first step in the order of operations on the interface.  ACL drops a litte further into the order of operations after some connection lookup and what not.
  4. If there is an existing connection for a traffic flow shun will immediately start dropping packets.  If there is an existing connection and you use ACL to drop the traffic, it will only drop traffic after the existing connection is torn down. 

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card