Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
1
Replies

MAC ACL Performance

Sabaron99
Level 1
Level 1

‎12-12-2006 06:07 AM - edited ‎02-20-2020 09:38 PM

We're planning on using MAC ACL port security to disallow unauthorized access into the LAN. But what I can't seem to find anything on is, is there any appreciative performance loss in using this (Cisco 3750 switches)?

Also from what I can tell, this solution won't work well without enabling it at every end switch since uplink ports get confused and then disabled?

Thanks.

Labels:
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎12-18-2006 11:04 AM

The TCAM is a specialized piece of memory designed for rapid table lookups by the ACL engine on the Catalyst 3750 switches. The ACL engine performs ACL lookups based on packets passing through the switch. The result of the ACL engine lookup into the TCAM determines how the switch handles a packet. For example, the packet might be permitted or denied. The TCAM has a limited number of entries that are populated with mask values and pattern values.

The main issue users face when configuring ACLs on the Catalyst 3750 family switches are resource contention and exhaustion. Since the Catalyst 3750 switches enforces several types of ACLs in hardware rather than in software, the switch programs hardware lookup

tables and various hardware registers in the TCAM Subsystem, so that when a packet arrives, the switch can perform a hardware table lookup and perform the appropriate action.

The Catalyst 3750 uses a central TCAM subsystem that is shared between Layer 2 and Layer 3 forwarding entries, RACLs, VACLs and QoS ACLs.

There is no per port or no VLAN limit on the maximum number of ACLs on the Catalyst 3750.

The numbers are VMRs (or TCAM entries) generated by the ACL merge algorithm, rather than the original ACEs configured by the user.

Try these links:

http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af3.shtml

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00801a658a.html

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12114ea1/3750scg/swacl.htm#1289037

also check this bug-id:CSCef02852

0 Helpful
Customers Also Viewed These Support Documents