Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
5
Replies

very strange problem

asadzubair
Level 1
Level 1

‎05-12-2007 06:38 AM - edited ‎03-03-2019 04:57 PM

We are running a network, where we have border, core and access as cisco suggest.

Border<---- ---->Access

| |

| |

-----------Core------

We are using a simple access-list on Core router to permit our IP?s. Like if traffic is from 10.10.10.0 255.255.225.0 permit rest deny. Well, whatever I have permitted it?s running fine. Whenever I try to permit another any IP or Network, latency/delay increase in 1000s ms

For example I want to add another network like 132.xxx.xxx.x 255.255.255.0 and. I?m pretty sure there is no traffic from that source IP or Network which belongs to this class, my network latency increase upto 1000s ms. When I remove that entry from the access list, it take 5 to 10 seconds and become normal.

Have you guys faced such a problem?

Labels:
0 Helpful
5 Replies 5

royalblues
Level 10
Level 10

‎05-12-2007 06:40 AM

Very strange... never faced a problem like this before

Can you post your configs

Narayan

0 Helpful

asadzubair
Level 1
Level 1
In response to royalblues

‎05-12-2007 06:48 AM

I have changed our IPs :)but the conf is same as it is..

Whenever I permit another network in above access list all network delay increase in 1000s ms. When I remove that Network, it remains okk..

One thing is interesting if the IP or Network already in the access-list I can remove or update that part of the access-list without any problem.

Note: This access-list is not being used in any pbr/rotue-map things.

Preview file
10 KB
0 Helpful

bjornarsb
Level 4
Level 4
In response to asadzubair

‎05-13-2007 03:09 AM

Hi,

I quess you have reached the max-limit of enteries in you acl.

BR,

Bjornarsb

0 Helpful

bjornarsb
Level 4
Level 4

‎05-12-2007 07:01 AM

Hi,

First try not to apply acl's on the core router. According to good cisco design a core router is supposed to just push traffic.

I've seen this problem on cisco 12000 routers line cards. So what type of core router do you have?

Based on the line-card you have you have a max-limit on entries in your acl ! (128)

Have you tried this ?

to use access list (ACL) performance improvements, use the access-list hardware global configuration command.

HTH

Regards,

Bjornarsb

0 Helpful

asadzubair
Level 1
Level 1
In response to bjornarsb

‎05-13-2007 05:54 AM

Router type/model is : 7507 RSP 8 VIP 2

Well, the intresting thing I can add more entries into access-list if the IPs network already exist.

Whenever I try add an access-list which IPs/network is not listed in the access-list the problem come.

Have you guys seen any limit like number of maximum network/subnet in an access-list?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card