No announcement yet.

Large access list performace question

  • Filter
  • Time
  • Show
Clear All
new posts

  • Large access list performace question

    We're trying to block a large number (maybe 1000) IPs from an IIS server. We're looking at two possibilities right now, either blocking them using Directory Security through ASP.NET under IP Address and Domain Name Restrictions or through access lists on a Cisco Firewall Module in a Catalyst 6500 series switch.

    What are the advantages/disadvantages of doing this either way? What type of performance/speed decreases would we see through each method? Are there any other easy/easier/better ways to institute this?

    edit: IIS 6.0

  • #2
    Re: Large access list performace question

    Nm, will probably just do the access list on the module. Checked with our Cisco vendor and the module supports 80,000 IPs. Our old PIX supported a lot less and had performace issues when using large lists.