Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
5
Helpful
4
Replies

Adding entire China public IP addresses into IOS

Go to solution
desmond.liew
Level 1
Level 1

‎06-23-2011 12:58 AM - edited ‎03-04-2019 12:47 PM

Hi All,

Does anyone know if there will be issues when creating an extended ACL of over 4000 lines?

I have two sites; China and Hong Kong. Some Internet sites are unreachable in China and are others reachable in Hong Kong. So, using DMVPN, I'll route non-China traffic via Hong Kong and the rest out via its local Internet. Here are my questions:

1. Instead of creating a 4000lines of acl, is there a dynamic way of doing this?

2. If there isn't a way, will this impact router performance? The router I am using is a C891.

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-23-2011 04:50 AM

Can't you re-route only the troubled destinations? These would much less, there is probably a list maintaned somewhere.

Anyway, 4000 lines ACL  is doable, but I would recommedn against. You can enable access-list compiled to reduce performance hit.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-23-2011 04:50 AM

Can't you re-route only the troubled destinations? These would much less, there is probably a list maintaned somewhere.

Anyway, 4000 lines ACL  is doable, but I would recommedn against. You can enable access-list compiled to reduce performance hit.

0 Helpful

Go to solution
chris baranowski
Level 1
Level 1
In response to paolo bevilacqua

‎06-23-2011 08:05 AM

I did this on my ASA 5510, It can be done but not dynamically (ASA or router can not import it from some other place), you have to create the IP list line by line in a text editor then past it to your device.

Go to solution
desmond.liew
Level 1
Level 1

‎06-27-2011 01:18 AM

Hi Paolo and Chris,

Thanks for the advice. I googled up on how to do access-list compiled but the sorry thing is that it is available on the 7200 series, 7500 series or higher models. I tried on my C891 running v12.4 but the command doesn't exist. I have a C1911 running v15.0 but that command doesn't exist. So that's out the window for me.

I also just implemented the 4000 lines into my router last week and so far so good. I have a NMS to monitor the load and it looks okay (< 15% cpu). Or maybe these series of routers are beefy enough to handle this.

Thanks for your response, guys.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to desmond.liew

‎06-28-2011 01:43 AM

Glad to be of help, please remember to rate useful posts clicking on the stars below.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card