Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FIlter VLAN with IP ACL on C3550 causes poor performance

Hi,

I have a customer who has a 3550. He is getting very poor performance with clients in the same VLAN. I have traced the problem back to the VLAN filter. With this removed there are no permformance issues.

I've noticed that the CPU on the switch at sat at around 50% with the VLAN Filters active.

I would assume that the filter should be applied in hardware and therefore the CPU should not be hit.

Can anyone offer any advice on how to change the the VLAN filter to improve performace? (if not I plan to just remove it and put ACL's on the layer3 vlan interfaces).

Thanks,

Chris

vlan access-map VMap1 1

action forward

match ip address 101

vlan filter VMap1 vlan-list 1-6,10,15,20-30,32-33,40,100-117,210-211

ACL 101 attached.

1 REPLY
New Member

Re: FIlter VLAN with IP ACL on C3550 causes poor performance

That ACL is way bigger than the 3550's vlan filtering intended use. You may be able to optimize it, however.

Note that on the 3550 chassis VACLs are not called that they are called "vlan maps".

See here for optimization guidelines when vlan maps and router ACLs are combined -- even if you don't have router ACLs it might be worth a shot to follow these guidelines:

http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst3550/software/release/12.1_4_ea1/configuration/guide/Swacl.html#wp1135328

Also note the "show access-lists hardware" and the "show tcam inacl" commands for diagnostics.

135
Views
0
Helpful
1
Replies