Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
4
Replies

After Access list applied, its slower getting to that particular host?

Go to solution
cisco_himg
Level 1
Level 1

‎11-26-2009 06:21 AM - edited ‎03-06-2019 08:44 AM

Hey guys!

I have two seperate vlans(16 and 22).

I only wanted two hosts from vlan 16 to be able to get to 22 and deny everyone else to vlan 22.

I applied an access list to make that happen.

The problem(may or may not be a problem), is that now when i go to the host, its about 5 seconds slower than it was when the vlan was wide open access.

Is this normal after an access list?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎11-26-2009 08:15 AM

As Glen indicated, the ACL will not create latency on the data path.

You mentioned that you are trying to access the host from another Vlan.

This type of access is Windows peer-to-peer networking? If so, you may

be blocking other type of traffic that is needed for Windows networking.

Do you experience latency while pinging or using any other protocol such

as ftp, http?

Regards

Edison

View solution in original post

0 Helpful
4 Replies 4

Go to solution
glen.grant
VIP Alumni
VIP Alumni

‎11-26-2009 06:57 AM

  An ACL should make little  difference in response times  unless it has like  100 or more  entries in it , even then it shouldn't take 5 seconds . If you have a large number of other ACL's on the box its possible  you could be looking at resource issues (tcam)  other than that it should not affect things the way you are indicating. I would look at the rest of the path between the 2 subnets and or the server you are going to .

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎11-26-2009 08:15 AM

As Glen indicated, the ACL will not create latency on the data path.

You mentioned that you are trying to access the host from another Vlan.

This type of access is Windows peer-to-peer networking? If so, you may

be blocking other type of traffic that is needed for Windows networking.

Do you experience latency while pinging or using any other protocol such

as ftp, http?

Regards

Edison

0 Helpful

Go to solution
cisco_himg
Level 1
Level 1
In response to Edison Ortiz

‎11-26-2009 08:19 AM

Thanks guys!

What i noticed is that i was using DAMEWARE to remote into the other pc from my vlan. It was slow on dameware, but it was super fast on VNC viewer. So i guess everything is okay, i just wonder why on dameware that it runs slower c onnecting rather than vnc viewer...

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to cisco_himg

‎11-26-2009 08:24 AM

Maybe DAMEWARE utilizes a different type of protocol where the receiving host must respond and you are blocking that port in return.

When implementing ACLs, you must take into account two-way data flow.

You can allow/block traffic into your Vlan, but you must also take into account the return traffic.

Thanks for the rating.

Regards

Edison

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card