Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!iuvax!cica!ssw
From: ssw@cica.cica.indiana.edu (Steve Wallace)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Access Control Lists (ACLs) on cisco
Keywords: cisco, ACLs, authentication, search
Message-ID: <ssw.644546529@cica>
Date: 5 Jun 90 00:42:09 GMT
References: <3362@apogee.oakhill.UUCP>
Organization: Center for Innov. Comp. Appl., Bloomington, IN
Lines: 18

In <3362@apogee.oakhill.UUCP> guri@oakhill.UUCP (Gurvinder Singh Ahluwalia) writes:


>At what stage is ACL verification done for a session?
>[Of course, it is done when a session is established]. 

IMHO, the cisco should have no notion of a session.  When it's
talking IP, everything is connectionless.  The cisco has to
examine every packet to decide where to route it.  Doesn't seem
like too much more overhead to check an ACL at the same time.
One would assume that they have some-sort-of hash table.

Of course, in the European OSI world things are different.


Steven Wallace
Indiana University
wallaces@ucs.indiana.edu