ACLs and Fast Switching

[sbeaulieu]

Question are:

1. Can I run fast switching and still have ACLs work when filtering traffic? My logic is telling me that if the first packet is blocked by the ACL, a subsequent routing decision would not occur (based on order of operation) on that packet. This should keep a fast switching path from being established since no exit interface is defined for the first packet, right? If that's the case, you gain the benefit of running an ACL in a fast switching environment. I know this would not be the case for some of the other switching mechanisms (Silicon Switching or Cisco Express Forwarding)

2. If I can run ACLs with Fast Switching, how does the router know to keep the correct entries if the fast switching cache is populated with SRC MAC address (of host) and DST MAC address of next hop?

Thanks.

 

[sbeaulieu]

Just refreshing this in the forum. Wondering if anyone out there can answer this question. Thanks again.

 

[salmans]

I haven't tried it, but I would say you could use ACL's with fast switching because packets will have to clear the ACL (inbound) before the router checks the cache for a route.

"Do it right the first time, and there won't be a second time!"

 

[sbeaulieu]

Thanks. I figured that you should be able to run them, since as you stated, it would have to clear the ACL before hitting the route process. Since it wouldn't be able to set up a switched path, you could still run fast switching without the worry of unauthorized traffic.