I have a large access list of host networks that I wish to deny on a Cisco 1941 ISR. The list is about 9000 lines of subnets, but I'm sensing that an access-list this large would make the router grind to a halt.
This deployment uses the zone firewall - am I correct in thinking that this large deny list would impact the router's performance, substantially?
I'm curious to hear what others are doing to deny large lists of subnets on the ISR platform. The alternative that comes to mind would be to place a transparent firewall (NetBSD or pfSense) in front of the 1941, since pf tables can do this type of filtering quite efficiently.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...