cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
491
Views
0
Helpful
4
Replies

After Access list applied, its slower getting to that particular host?

cisco_himg
Level 1
Level 1

Hey guys!

I have two seperate vlans(16 and 22).

I only wanted two hosts from vlan 16 to be able to get to 22 and deny everyone else to vlan 22.

I applied an access list to make that happen.

The problem(may or may not be a problem), is that now when i go to the host, its about 5 seconds slower than it was when the vlan was wide open access.

Is this normal after an access list?

1 Accepted Solution

Accepted Solutions

Edison Ortiz
Hall of Fame
Hall of Fame

As Glen indicated, the ACL will not create latency on the data path.

You mentioned that you are trying to access the host from another Vlan.

This type of access is Windows peer-to-peer networking? If so, you may

be blocking other type of traffic that is needed for Windows networking.

Do you experience latency while pinging or using any other protocol such

as ftp, http?

Regards

Edison

View solution in original post

4 Replies 4

glen.grant
VIP Alumni
VIP Alumni

  An ACL should make little  difference in response times  unless it has like  100 or more  entries in it , even then it shouldn't take 5 seconds . If you have a large number of other ACL's on the box its possible  you could be looking at resource issues (tcam)  other than that it should not affect things the way you are indicating. I would look at the rest of the path between the 2 subnets and or the server you are going to .

Edison Ortiz
Hall of Fame
Hall of Fame

As Glen indicated, the ACL will not create latency on the data path.

You mentioned that you are trying to access the host from another Vlan.

This type of access is Windows peer-to-peer networking? If so, you may

be blocking other type of traffic that is needed for Windows networking.

Do you experience latency while pinging or using any other protocol such

as ftp, http?

Regards

Edison

Thanks guys!

What i noticed is that i was using DAMEWARE to remote into the other pc from my vlan. It was slow on dameware, but it was super fast on VNC viewer. So i guess everything is okay, i just wonder why on dameware that it runs slower c onnecting rather than vnc viewer...

Maybe DAMEWARE utilizes a different type of protocol where the receiving host must respond and you are blocking that port in return.

When implementing ACLs, you must take into account two-way data flow.

You can allow/block traffic into your Vlan, but you must also take into account the return traffic.

Thanks for the rating.

Regards

Edison

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: