SUMMERY [nsp] access lists, old or new, fast or slow

From: Eric S. Johnson (esj@cs.fiu.edu)
Date: Tue Sep 21 1999 - 13:47:55 EDT


Last week I asked:

Is there any difference in processing speed of old and new style
named access lists?

IE: given IOS 11.2+

would

ip access-list extended norfc1918
  deny ip 10.0.0.0 0.255.255.255 any
  deny ip 172.16.0.0 0.15.255.255 any
  deny ip 192.168.0.0 0.0.255.255 any
  permit ip any any

be any slower (or faster) than

ip access-list 101 deny ip 10.0.0.0 0.255.255.255 any
ip access-list 101 deny ip 172.16.0.0 0.15.255.255 any
ip access-list 101 deny ip 192.168.0.0 0.0.255.255 any
ip access-list 101 permit ip any any

Or are they going to be exactly the same?

The answer is (from someone at cisco TAC)

>There's no difference at all between the two types of ACLs. The difference is
>strictly in the CLI. Internally they are stored in the same type of structure.

E



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:06 EDT