Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
1
Replies

Large Access-list on PIX 525

dopenfield
Level 1
Level 1

‎03-04-2005 09:30 AM - edited ‎02-20-2020 11:59 PM

Anyone have experience or documentation you can point me to about really large access-list on a PIX 525 and it's impact on performance.

Due to network design 'issues' the proposed list may be over 1500+ entries.

Even with Turbo-ACL and Object Grouping how large has anyone actually seen working?

0 Helpful
1 Reply 1

shannong
Level 4
Level 4

‎03-04-2005 10:53 AM

I haven't seen an ACL in use longer than 500 lines.

Object-groups are for administration only and are expanded to their full length in memory for processing. They should not have an impact on perfomance during normal operations.

The turbo ACL feature hashes the access-list into a lookup table. The documentation I read is that a packet can be determined to pass or fail the ACL within 5 checks of the table. Therefore, long access-lists with turbo-acl have a drastically reduced effect on the performance.

Unfortunately, I do not have a references for specific performance of such long access-lists.

If you find such references, can you please post to this thread?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card