Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Poor performance on 3550 when port acl applied

I have a port acl applied to an uplink port on a 3550-12T switch. The extended ACL is fairly basic. This ACL inspects the packets coming inbound to the (uplink port ,gi 0/1) on the 3550 switch. There are several servers connected to the device. Traffic comes through the uplink (inbound) and gets checked against the ACL , and then heads to a server (IP) depending on the ACL statement (pass or drop). Over time after the 'ip access-group' statement is applied, I can hardly even established a telnet connection to the switch and most of the systems on it experience a lot of connectivity problems.

I know it's not the ACL blocking accessibility. This problem is generated over a few hours or when traffic gets heavy. I thought port acls were hardware based. Is it somehow getting processed by the CPU ?

It is running IOS 12.1.9-EAC1

Any feedback is appreciated.


Re: Poor performance on 3550 when port acl applied

The 3550's use TCAM and SDM to decide what will fit into HW. I am assuming that while your traffic slows your switch's CPU is running very high???

Depending on what you are doing with ACLs on other ports and what SDM you are using this can effect how this ingress ACL is processed.

Here is a very useful URL that talks about these things within the 3550.

Hope this helps out,


New Member

Re: Poor performance on 3550 when port acl applied

Thanks for the assistance. The problem appears to be related to ACL statements rather than performance. I should've put a packet analyzer in before setting up the ACL security.

The customer wasn't aware of some traffic flow

Thanks again


CreatePlease to create content