[c-nsp] Performance of Catalyst6509 using ACL
Tim Stevenson
tstevens at cisco.com
Fri Aug 13 13:16:36 EDT 2004
In 6500, the flow mask and the ACL configuration are not coupled. You can
have a dest only flow mask with extended IP ACLs.
You are perhaps thinking of MLS on the Cat5k.
Tim
At 09:55 AM 8/13/2004, cisco-nsp-request at puck.nether.net announced:
>Message: 1
>Date: Fri, 13 Aug 2004 08:19:37 -0700
>From: Kevin Graham <mahargk at gmail.com>
>Subject: Re: [c-nsp] Performance of Catalyst6509 using ACL
>To: Joe Shen <jshen at christmas.9966.org>
>Cc: cisco-nsp at puck.nether.net
>Message-ID: <2a64fada04081308191d5bd87f at mail.gmail.com>
>Content-Type: text/plain; charset=US-ASCII
>
>Follow the guidelines at:
>
>http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/secure.htm#wp1071588
>
>..and you'll be able to keep all the ACL work on the PFC and likewise
>be able to handle it at ~line rate. Since you're running Sup1's, the
>only concern would be what flowmask is presently configured. Chances
>are you'd want to go to a full flowmask for your ACL's, so you may
>want to change this first and watching the size of the flow cache /
>expirations.
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list