Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
247
Views
0
Helpful
1
Replies

FIlter VLAN with IP ACL on C3550 causes poor performance

ccpagel
Level 1
Level 1

‎09-05-2007 08:32 AM - edited ‎03-05-2019 06:17 PM

Hi,

I have a customer who has a 3550. He is getting very poor performance with clients in the same VLAN. I have traced the problem back to the VLAN filter. With this removed there are no permformance issues.

I've noticed that the CPU on the switch at sat at around 50% with the VLAN Filters active.

I would assume that the filter should be applied in hardware and therefore the CPU should not be hit.

Can anyone offer any advice on how to change the the VLAN filter to improve performace? (if not I plan to just remove it and put ACL's on the layer3 vlan interfaces).

Thanks,

Chris

vlan access-map VMap1 1

action forward

match ip address 101

vlan filter VMap1 vlan-list 1-6,10,15,20-30,32-33,40,100-117,210-211

ACL 101 attached.

Labels:
Preview file
6 KB
0 Helpful
1 Reply 1

b.julin
Level 3
Level 3

‎09-05-2007 01:20 PM

That ACL is way bigger than the 3550's vlan filtering intended use. You may be able to optimize it, however.

Note that on the 3550 chassis VACLs are not called that they are called "vlan maps".

See here for optimization guidelines when vlan maps and router ACLs are combined -- even if you don't have router ACLs it might be worth a shot to follow these guidelines:

http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst3550/software/release/12.1_4_ea1/configuration/guide/Swacl.html#wp1135328

Also note the "show access-lists hardware" and the "show tcam inacl" commands for diagnostics.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card