Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2463
Views
0
Helpful
5
Replies

SNMP ENGINE high cpu

v.matiakis
Level 1
Level 1

‎11-12-2007 06:21 AM

Hi,

There is known NMS polling routers on my network. I have an access-list but the utilization still reaches 99%. What should i do in order to stop the NMS polling my routers?

Labels:
0 Helpful
5 Replies 5

David Stanford
Cisco Employee
Cisco Employee

‎11-12-2007 01:21 PM

Try temporarily removing the snmp community strings to see if the CPU usage decreases.

You can't stop the NMS from polling unless you know where the NMS stations are an have access to them.

If your ACL is configured correctly it should be dropping all requests to snmp.

0 Helpful

v.matiakis
Level 1
Level 1
In response to David Stanford

‎11-12-2007 11:43 PM

Hi,

The NMS station is a known NMS system in the network and building an ACL to drop its packets is not an option. From what i read in Cisco documentation i found that the following command stops the polling :

snmp-server view cutdown 1.3.6.1.2.1.4.21 excluded.

Is this the only thing i have to insert? Can i stop the polling from the NMS? If i do, do i have a problem?

0 Helpful

David Stanford
Cisco Employee
Cisco Employee
In response to v.matiakis

‎11-13-2007 08:51 AM

Your first post mentioned that you were using an access-list so thats why I mentioned it.

The config you mention above is part of an snmp-server view which is used to exclude certain mib objects from being polled. However, you don't know which MIB is causing the CPU to spike, so it will not be useful.

You can enable debugs to determine what is happening (prob not good with 99% CPU) or look through the logs to see if there are any CPUHOG messages.

If you want to bring down the CPU utilization you will need to do one of the following:

1) Disable snmp

2) Add an ACL to block snmp or add an acl to the comm string blocking that NMS from RO access

3) Disable polling on the NMS

0 Helpful

v.matiakis
Level 1
Level 1
In response to David Stanford

‎11-13-2007 11:30 PM

Ok i have disabled polling from the NMS. I had another problem again with a CPU load. The CPU went high due to an virtual exec proccess. From i found in Cisco's website, this problem is sourced from a telnet connection. Is that the only case? How can i completely stop it when it happens?

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to v.matiakis

‎11-14-2007 06:43 AM

You don't have to "completely stop it". You can try something like "scheduler interval ###".

http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a00800a70f2.shtml

As for the virtual exec itself, there's a troubleshooting guide:

http://www.cisco.com/warp/public/63/highcpu_exec.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents