Mike,
If you add the 'log' statement at the end of each line of your ACL, you can
measure hits against it. This will enable you to fairly accurately place
each rule.
eg
access-list 101 permit ip 1.1.0.0 0.0.255.255 any log
access-list 101 permit ip 2.2.0.0 0.0.255.255 any log
output from sh ip access-lists
permit ip 1.1.0.0 0.0.255.255 any (29068714 matches)
permit ip 2.2.0.0 0.0.255.255 any (61424 matches)
Hope this Helps.
Wayne Norris
mailto:[EMAIL PROTECTED]
> -----Original Message-----
> From: Mike Bost [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, April 02, 1999 2:18 PM
> To: [EMAIL PROTECTED]
> Subject: Throughput
>
> When using a router (Cisco 7500 series) as a Packet Filtering firewall,
> what is the best way to measure actual throughput? With an ACL that is
> huge, (over 7 pages when printed out) is there any measurable degradation
> of service? I have been told that there are some tools which can perform
> offline assessments with regard to the efficiency of placement of the rule
> statements, but unfortunatly have not been able to locate said resource.
> Thank you for your time
> Michael Bost
> Network Security
> Please respond to list, I can provide my e-mail to individuals who respond
>
>
EUROPEAN FINANCIAL DATA SERVICES (UK) LTD Tel: +44 1277 84 2700
********************** N O T I C E *********************************
This message and any attachments is intended only for the individual or company to
which it is addressed and may contain information which is privileged, confidential or
prohibited from disclosure or unauthorised use. If the recipient of this transmission
is not the intended recipient, or the employee or agent responsible for delivering
such materialsto the intended recipient, you are hereby notified that any use, any
form of reproduction, dissemination, copying, disclosure, modification, distribution
and/or publication of this e-mail message or its attachments other than by it's
intended recipient is strictly prohibited by the sender. If you have received it in
error, please notify us immediately by telephone on the number above and destroy the
message and all copies in your possession.
This footnote also confirms that this email message has been swept by MIMEsweeper for
the presence of computer viruses.
**********************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
