Cisco 7604 Configuration Guide - Page 249
lists. After copying the optimized access lists, the user may want to disable access list optimization
![]() |
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 249 highlights
Chapter 13 Identifying Traffic with Access Lists Access List Group Optimization 7 elements after optimization Reduction rate = 46% SUBSET rules : 2 ADJACENT rules : 5 access-list test line 6 extended permit tcp 10.1.1.0 255.255.255.0 any (hitcnt=0) 0xd07a176b [(1)] access-list test line 7 extended permit icmp any any (hitcnt=0) 0xb422e9c2 access-list test line 8.1 extended permit udp any any lt domain (hitcnt=0) 0x00000000 [Merged to 5: ADJACENT] access-list test line 8.2 extended permit udp any any gt domain (hitcnt=0) 0x00000000 [Merged to 5: ADJACENT] access-list test line 9 extended permit tcp any host 10.10.10.5 (hitcnt=0) 0xaa819def [(4.1)] Show the currently running optimized access-list hostname(config)# show running-config access-list test optimization access-list test extended permit tcp any host 10.1.1.90 range ftp ssh access-list test extended permit tcp any 10.10.10.6 255.255.255.254 eq domain access-list test extended permit tcp any 10.10.10.8 255.255.255.254 eq domain access-list test extended permit udp any any access-list test extended permit tcp 10.1.1.0 255.255.255.0 any access-list test extended permit icmp any any access-list test extended permit tcp any host 10.10.10.5 To replace original access lists with the optimized ones: hostname(config)# copy optimized-running-config running-config Destination filename [running-config]? hostname(config)# Access Lists Optimization Complete Access Rules Download Complete: Memory Utilization: < 1% Note Having access list optimization enabled at all time could be a waste of computational and memory resources. If you are satisfied with how the optimized access lists are merged, the original access lists can be replaced with the optimized ones. Note that this action will wipe out all of the original access lists. After copying the optimized access lists, the user may want to disable access list optimization because the newly copied optimized access lists may not be further optimized. To disable the access list group optimization: hostname(config)# no access-list optimization enable Disabling ACL optimization will cause ACL rules get increased. The non optimized rules might be more than the partition rule max and might cause memory exhaustion to lose partial or all the access-list configuration after disabling the optimization. Please save a copy of your current optimized access-list config before committing this command. Continue ? [Y]es/[N]o: ACL group optimization is disabled hostname(config)# Access Rules Download Complete: Memory Utilization: < 1% hostname(config)# Note When disabling access list optimization, be aware that the number of the original non-optimized rules (which is often larger than to the number of optimized rules) may exceed the memory availaible to store them. This will cause some rules to be deleted. Thus, it is considered a good practice to back up the original configuration before proceeding with disabling access list group optimization. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 13-23
![](/manual_guide/products/cisco-7606s-configuration-guide-3008e22/249.png)