Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

After Access list applied, its slower getting to that particular host?

Hey guys!

I have two seperate vlans(16 and 22).

I only wanted two hosts from vlan 16 to be able to get to 22 and deny everyone else to vlan 22.

I applied an access list to make that happen.

The problem(may or may not be a problem), is that now when i go to the host, its about 5 seconds slower than it was when the vlan was wide open access.

Is this normal after an access list?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: After Access list applied, its slower getting to that partic

As Glen indicated, the ACL will not create latency on the data path.

You mentioned that you are trying to access the host from another Vlan.

This type of access is Windows peer-to-peer networking? If so, you may

be blocking other type of traffic that is needed for Windows networking.

Do you experience latency while pinging or using any other protocol such

as ftp, http?

Regards

Edison

4 REPLIES
Purple

Re: After Access list applied, its slower getting to that partic

  An ACL should make little  difference in response times  unless it has like  100 or more  entries in it , even then it shouldn't take 5 seconds . If you have a large number of other ACL's on the box its possible  you could be looking at resource issues (tcam)  other than that it should not affect things the way you are indicating. I would look at the rest of the path between the 2 subnets and or the server you are going to .

Hall of Fame Super Bronze

Re: After Access list applied, its slower getting to that partic

As Glen indicated, the ACL will not create latency on the data path.

You mentioned that you are trying to access the host from another Vlan.

This type of access is Windows peer-to-peer networking? If so, you may

be blocking other type of traffic that is needed for Windows networking.

Do you experience latency while pinging or using any other protocol such

as ftp, http?

Regards

Edison

Community Member

Re: After Access list applied, its slower getting to that partic

Thanks guys!

What i noticed is that i was using DAMEWARE to remote into the other pc from my vlan. It was slow on dameware, but it was super fast on VNC viewer. So i guess everything is okay, i just wonder why on dameware that it runs slower c onnecting rather than vnc viewer...

Hall of Fame Super Bronze

Re: After Access list applied, its slower getting to that partic

Maybe DAMEWARE utilizes a different type of protocol where the receiving host must respond and you are blocking that port in return.

When implementing ACLs, you must take into account two-way data flow.

You can allow/block traffic into your Vlan, but you must also take into account the return traffic.

Thanks for the rating.

Regards

Edison

262
Views
0
Helpful
4
Replies
CreatePlease to create content