From: Howard C. Berkowitz (hcb@gettcomm.com)
Date: Fri Oct 25 2002 - 14:19:13 GMT-3
At 9:30 AM -0700 10/25/02, Brian Dennis wrote:
>I think you contributed this to the Cisco FAQ back in 1994 ;-)
>
>In general, Basic access lists are executed as filters on
>outgoing interfaces. Newer releases of the cisco code, such as
>9.21 and 10, do have increased ability to filter on incoming ports.
>Certain special cases, such as broadcasts and bridged traffic,
>can be filtered on incoming interfaces in earlier releases.
>
>
>Brian Dennis, CCIE #2210 (R&S/ISP Dial)
:-) Thanks Brian -- it does my heart good to hear someone refer to
9.21 as "newer".
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Howard C. Berkowitz
>Sent: Friday, October 25, 2002 7:35 AM
>To: ccielab@groupstudy.com
>Subject: RE: access-list switching
>
>At 5:49 AM -0700 10/25/02, Brian Dennis wrote:
>>I couldn't find the exact release fast switching was supported but this
>>newsgroup posting (see below) about a bug with ACL's and fast switching
>>from the manager of customer engineering at cisco (1990) might help.
>>Notice the date and the IOS version ;-)
>>
>>Brian Dennis, CCIE #2210 (R&S/ISP Dial)
>
>My recollection was that fast switching for access lists came in
>stages. From memory and the first release I worked on,
>
> 9.0 Outbound standard access lists could be fast switched.
>
>By and large, there were no inbound access lists. In 9.2 or 10.0,
>inbound access lists came in, but if you configured one, it forced
>process switching for every access list on the box. Configuring
>extended outbound did the same thing.
>
>In a subsequent release, configuring inbound standard limited fast
>switching to the interface involved. Next (and it varied with
>platform as well), extended access lists could be fast switched, and
>then inbound standards could be silicon switched on a 7000 with SSP,
>not SP.
>
>In other words, there were all sorts of interactions. I usually
>wound up not trying to find the answer in documentation, but simply
>to configure it and view the resulting switching modes.
>
>>
>><posting>
>>
>>From: Joel P. Bion (jpbion@cisco.com)
>>Subject: Bug in IP Fast switching/access lists...
>>Newsgroups: comp.dcom.sys.cisco
>>Date: 1990-10-19 16:59:38 PST
>>
>>
>>Hello.
>>
>> cisco Systems has recently uncovered a bug in the use of IP
>>access
>>lists and IP fast switching with the 8.1(19)-8.1(21) releases. This
>>problem
>>has been fixed in 8.2 development code, and will also be included in
>the
>>next GS maintenance release, currently scheduled for November 12th.
>>
>> The conditions under which the problem is seen are complex,
>>but the result is that access would (to the end user) apparently be
>>"randomly" granted or denied. Your safest insurance is to simply
>>DISABLE fast switching on all interfaces to which an IP access list
>>is applied. For example, to disable fast switching on interface
>ethernet
>>0,
>>issue the following configuration commands:
>>
>> interface ethernet 0
>> no ip route-cache
>>
>> A mailing will be sent to this list indicating when the next 8.1
>>maintenance is available to fix this problem.
>>
>>
>>Thank you,
>>
>> Joel Bion
>> Manager, cisco Customer Engineering
>>
>></posting>
>>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>MADMAN
>>Sent: Thursday, October 24, 2002 11:05 AM
>>To: Volkov, Dmitry (Toronto - BCE)
>>Cc: 'dmadlan@qwest.com'; 'ccielab@groupstudy.com'
>>Subject: Re: access-list switching
>>
>> I did a quick unsuccessful search so no I don't have a link but I
>know
>>years ago access-lists were fast switched. Most new featues like NAT
>or
>>policy routing start out process switched and then are upgraded to fast
>>switching which both NAT and policy routing are also.
>>
>> Dave
>>
>>"Volkov, Dmitry (Toronto - BCE)" wrote:
>>>
>>> David,
>>>
>>> Do You know any link confirming fast switching of access-lists.
>>>
>>> Dmitry Volkov
>>> CCIE # 10292
>>>
>>> > -----Original Message-----
>>> > From: MADMAN [mailto:dave@interprise.com]
>>> > Sent: Thursday, October 24, 2002 12:03 PM
> >> > To: Volkov, Dmitry (Toronto - BCE)
>>> > Cc: 'ccielab@groupstudy.com'
>>> > Subject: Re: access-list switching
>>> >
>>> >
>>> >
>>> > access-lists have been at least fast switched for quite
>>> > some time but
>>> > your right that differant platforms perform differantly. I
>>> > would think
>>> > there would be a table somewhere that shows this but I don't
>>> > know where
>>> > it is!!
>>> >
>>> > Dave
>>> >
>>> > "Volkov, Dmitry (Toronto - BCE)" wrote:
>>> > >
>>> > > Hello group,
>>> > >
>>> > > Does somebody know where can I find how packets passing
>>> > access-list are
>>> > > switched ?
>>> > > As far as I understand they are process switched usually
>>> > > However, I remember, I read somewhere that they are CEF
>>> > switched on some
>>> > > platforms...
>>> > > I guess this depends on platform and IOS.
>>> > >
>>> > > Couldn't find it at CCO.
>>> > >
>>> > > Thank You,
>> > > >
>>> > > Dmitry
>>> >
>>> > --
>>> > David Madland
>>> > CCIE# 2016
>>> > Sr. Network Engineer
>>> > Qwest Communications
>>> > 612-664-3367
>>> >
>>> > "You don't make the poor richer by making the rich poorer."
>>--Winston
>>> > Churchill
>>
>>--
>>David Madland
>>CCIE# 2016
>>Sr. Network Engineer
>>Qwest Communications
>>612-664-3367
>>
>>"You don't make the poor richer by making the rich poorer." --Winston
>>Churchill
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:56 GMT-3