Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Performance on Cisco 3945 running IOS 15.3(3)

Unanswered Question

I have a very simple scenario with Cisco 3945 running IOS c3900-universalk9-mz.SPA.153-3.M.bin with two interfaces g0/0 (external) and g0/1 (internal).

I setup NAT on the router as follows:

ip cef

interface g0/0

  ip address

  ip nat outside

interface g0/1

  ip address

  ip nat inside

ip access-list extended nat

  permit ip any

ip nat inside source list nat interface g0/0 overload

then I have a linux host with ip address behind g0/1 with the gateway of the router  I am able to push 950Mbps through the router without any issues.  So far so good.

No I decide to create an ACL and apply this ACL on interfage g0/0:

ip access-list extended External

  permit ip any any log

interface g0/0

  ip access-group External in

When I apply the ACL on the External interface, the throughput on the router goes from 950Mbps down to 160Mbps, an 80% drop in performance.  Why?

Anyone knows how to improve this?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Lei Tian Sat, 10/05/2013 - 04:51
User Badges:
  • Cisco Employee,


Is the log keyword. Log will force the packet being process switched, so performance will drop.


Lei Tian

Joseph W. Doherty Sat, 10/05/2013 - 06:15
User Badges:
  • Super Bronze, 10000 points or more


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


The ASR is a different architecture, it has hardware forwarding.  (Note: the ASR 1K series, seems to be somewhat like the earlier 7300 series with NSE-100 or -150 or the 7200 series with NSE-1.)

Additionally, the prior 7200s, but not ISRs, had a "compiled ACL" feature that would improve performance for lengthy ACLs - don't know if the ASR 1K has that too.

Non-technically, 3945 vs. ASR 1002 is comparing apples to oranges. 


This Discussion