presently i m working in ISP and eventually i felt that access list is too heavy and also our system engineer give me suggestion to light weight the access list. in our access list by default all users are allowed all and few ports are closed. what is the other way that can light weight the acces list.please tell me the suggestion what consideration should be kept into mind before i light weight ACL .In ISP different users use diffrent applications and thus they use almost all ports.so how should i implement access list in this situation.
is it possible to post the access list ? If that is a problem, you could blank out all IP addresses and confidential information...
Keep in mind the following rules and best practices when it comes to access lists:
- the access list is always checked top down, that is, when a match is found, no further checks are done. That means that you should put frequently used access list statements at the top of your access list
- the shorter the access list, the better for the performance and throughput. Try to summarize statements as much as possible
As said before, it would be best if you could post the access list you need to modify.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...