Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

very strange problem

We are running a network, where we have border, core and access as cisco suggest.

Border<---- ---->Access

| |

| |

-----------Core------

We are using a simple access-list on Core router to permit our IP?s. Like if traffic is from 10.10.10.0 255.255.225.0 permit rest deny. Well, whatever I have permitted it?s running fine. Whenever I try to permit another any IP or Network, latency/delay increase in 1000s ms

For example I want to add another network like 132.xxx.xxx.x 255.255.255.0 and. I?m pretty sure there is no traffic from that source IP or Network which belongs to this class, my network latency increase upto 1000s ms. When I remove that entry from the access list, it take 5 to 10 seconds and become normal.

Have you guys faced such a problem?

5 REPLIES

Re: very strange problem

Very strange... never faced a problem like this before

Can you post your configs

Narayan

New Member

Re: very strange problem

I have changed our IPs :)but the conf is same as it is..

Whenever I permit another network in above access list all network delay increase in 1000s ms. When I remove that Network, it remains okk..

One thing is interesting if the IP or Network already in the access-list I can remove or update that part of the access-list without any problem.

Note: This access-list is not being used in any pbr/rotue-map things.

Bronze

Re: very strange problem

Hi,

I quess you have reached the max-limit of enteries in you acl.

BR,

Bjornarsb

Bronze

Re: very strange problem

Hi,

First try not to apply acl's on the core router. According to good cisco design a core router is supposed to just push traffic.

I've seen this problem on cisco 12000 routers line cards. So what type of core router do you have?

Based on the line-card you have you have a max-limit on entries in your acl ! (128)

Have you tried this ?

to use access list (ACL) performance improvements, use the access-list hardware global configuration command.

HTH

Regards,

Bjornarsb

New Member

Re: very strange problem

Router type/model is : 7507 RSP 8 VIP 2

Well, the intresting thing I can add more entries into access-list if the IPs network already exist.

Whenever I try add an access-list which IPs/network is not listed in the access-list the problem come.

Have you guys seen any limit like number of maximum network/subnet in an access-list?

105
Views
0
Helpful
5
Replies