Cisco Support Community
Community Member

Available memory and performance with an extensive access list on a 1700


I'm thinking of implementing a very extensive access list on a 1700 series router to block spam (our email server is getting overloaded dropping the messages). I have been able to parse the spews Level 1 list into a format that I could drop into an IOS config file.

However, before I apply it, I'd like to get some feel for what performance impact it will have on traffic passing through the router. How big can an access list get before incoming traffic starts to slow noticably? 500 lines, 1000? 5000? 10,000? 20,000? (the SPEWS list is 8000 records). Also, will this level of records be likely to fit ok in the router memory (there is very little else in the configuration).

If anyone can provide some advice in this area I would appreciate it. Thanks for your help.


Re: Available memory and performance with an extensive access li

Since access lists are processed sequentially, a very long access list can dramatically affect performance and 8000 reconds is pretty long!

You can attempt to minimise this by structuring it so that the first entries generate the most hits so that the whole of the access list does not have to be parsed every time but there will still be some performance overhead.

CreatePlease to create content