We're planning on using MAC ACL port security to disallow unauthorized access into the LAN. But what I can't seem to find anything on is, is there any appreciative performance loss in using this (Cisco 3750 switches)?
Also from what I can tell, this solution won't work well without enabling it at every end switch since uplink ports get confused and then disabled?
The TCAM is a specialized piece of memory designed for rapid table lookups by the ACL engine on the Catalyst 3750 switches. The ACL engine performs ACL lookups based on packets passing through the switch. The result of the ACL engine lookup into the TCAM determines how the switch handles a packet. For example, the packet might be permitted or denied. The TCAM has a limited number of entries that are populated with mask values and pattern values.
The main issue users face when configuring ACLs on the Catalyst 3750 family switches are resource contention and exhaustion. Since the Catalyst 3750 switches enforces several types of ACLs in hardware rather than in software, the switch programs hardware lookup
tables and various hardware registers in the TCAM Subsystem, so that when a packet arrives, the switch can perform a hardware table lookup and perform the appropriate action.
The Catalyst 3750 uses a central TCAM subsystem that is shared between Layer 2 and Layer 3 forwarding entries, RACLs, VACLs and QoS ACLs.
There is no per port or no VLAN limit on the maximum number of ACLs on the Catalyst 3750.
The numbers are VMRs (or TCAM entries) generated by the ACL merge algorithm, rather than the original ACEs configured by the user.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...