Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
2
Replies

Troubleshooting ACLs.

andrea.meconi
Level 2
Level 2

‎06-23-2010 07:02 AM - edited ‎03-06-2019 11:43 AM

We are using Catalyst 3750-E with IOS version 12.2(53)SE2.

I’m configuring vlan map with extended IP ACL .

ip access-list extended Allowed-Traffic

permit tcp 10.4.254.0 0.0.1.255 10.4.253.0 0.0.0.255 eq telnet

permit tcp 10.4.253.0 0.0.0.255 eq telnet 10.4.254.0 0.0.1.255

vlan access-map VACL 10

action forward

match ip address Allowed-Traffic

vlan filter VACL vlan-list 253

How can I determine if ACL processing is accomplished in hardware?

From configuration guide.

To determine the specialized hardware resources, enter the show platform layer4 acl map.

If the switch does not have available resources, the output shows that index 0 to index 15 are not available.

Thanks.

Regards.

Andrea

Labels:
0 Helpful
2 Replies 2

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎06-24-2010 02:19 AM 

We are using Catalyst 3750-E with IOS version 12.2(53)SE2.
I’m configuring vlan map with extended IP ACL .
 
ip access-list extended Allowed-Traffic
permit tcp 10.4.254.0 0.0.1.255 10.4.253.0 0.0.0.255 eq telnet
permit tcp 10.4.253.0 0.0.0.255 eq telnet 10.4.254.0 0.0.1.255 
vlan access-map VACL 10
action forward
match ip address Allowed-Traffic
vlan filter VACL vlan-list 253
 
How can I determine if ACL processing is accomplished in hardware?
 
From configuration guide.
To determine the specialized hardware resources, enter the show platform layer4 acl map.
If the switch does not have available resources, the output shows that index 0 to index 15 are not available.
 
Thanks.
Regards.
Andrea

Andrea,

ACL processing is primarily accomplished in hardware, but requires forwarding of some traffic flows to the CPU for software processing. The forwarding rate for software-forwarded traffic is substantially less than for hardware-forwarded traffic.

Check out the below link for more information

http://www.ciscosystems.net/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swacl.html

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

0 Helpful

andrea.meconi
Level 2
Level 2

‎07-05-2010 04:01 AM

We  are using Catalyst 3750-E with IOS version 12.2(53)SE2.

I’m  configuring an extended IP ACL on SVI.

How can I determine  if ACL processing is accomplished in hardware?

From configuration guide.

To  determine the specialized hardware resources, enter the show  platform layer4 acl map.

But this command doesn't show anything!

Thanks.

Regards.

Andrea

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card