Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SVI ACLs' impact on CPU on 6509

Does the SVI ACL have impact on the CPU on 6509 ?

Everyone's tags (3)
7 REPLIES

SVI ACLs' impact on CPU on 6509

How many lines does your ACL have?

New Member

SVI ACLs' impact on CPU on 6509

12-20 lines on average, ACLs are apllied in both direction

Re: SVI ACLs' impact on CPU on 6509

Hello Thorr

Most ACL features are processed in hardware, as mentioned on the following link:

ACLs Processed in Hardware in Cisco Catalyst 6500 Series Switches

Some features are processed in software, based on your supervisor model you have to check if any of the following is true for your case, if YES, then there might be some performance impact, but this usually negligible for a switch with low utlization:

ACLs Processed in Software in Cisco Catalyst 6500 Series Switches

ACL Performance Characteristics

Please rate if you find the input helpful.

Regards, Farrukh

New Member

SVI ACLs' impact on CPU on 6509

Thanks for the links, but I can't find out if SVI ACLs have impact on CPU (Sup720)

SVI ACLs' impact on CPU on 6509

Please see what the start of the document reads:

"This document provides information to help you  understand the Access Control List (ACL) merge algorithms and the  hardware resources used in Cisco Catalyst 6500 switches to enforce  security and apply quality of service (QoS) using router ACLs (RACLs), VLAN ACLs (VACLs), and QoS ACLs "

So it covers SVIs also i.e. VLAN ACLs.

Regards

Farrukh

New Member

SVI ACLs' impact on CPU on 6509

As I know, VLAN ACLs (VACLs) and SVI ACLs are different things. VACLs are configured with vlan access-map command and SVI ACLs with ip access-group under interface vlan.

SVI ACLs' impact on CPU on 6509

Hello Thorr

You are 100% correct about the SVI  ACL and VACL difference, they also behave differently as VACLs also affect the traffic within the VLAN.

However if you see the following section of the link, it shows the SVI ACL as an example, thereby suggesting that it applies to SVI ACLs also:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00800c9470.shtml#wp42319

Regards

Farrukh

1424
Views
0
Helpful
7
Replies
CreatePlease login to create content