High CPU Utilization in cisco switch 2900XL-Urgent

Unanswered Question

We have few switches of 2900XL series in production.CPU utilization is above 90% in 2-3 switches which is causing a very slow network traffic and high round trip time.From "sh process cpu" I am able to see that 60-70 % CPU is utilized by 'virtual exec proc'.Even I tried to clear the unnecessary telnet sessions with the help of "clear tcp tcb..." but there is no improvement.Please suggest for the same since it is very critical.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
BrinksArgentina Sat, 05/30/2009 - 17:37

Maybe a host is doing a DoS attack.

Do you have hosts on the administrative VLAN of the swtichs?

I you do not have a firewall between your hosts, you can filter source IP address for telnet connections.


Example 7-58 illustrates the access list configuration to only allow hosta to telnet to r3.

Example 7-58. ACL Configuration

</p><p>r3(config)#access-list ?</p><p>  <1-99>       IP standard access list</p><p>  <100-199>    IP extended access list</p><p>  <1000-1099>  IPX SAP access list</p><p>  <1100-1199>  Extended 48-bit MAC address access list</p><p>  <1200-1299>  IPX summary address access list</p><p>  <1300-1999>  IP standard access list (expanded range)</p><p>  <200-299>    Protocol type-code access list</p><p>  <2000-2699>  IP extended access list (expanded range)</p><p>  <300-399>    DECnet access list</p><p>  <400-499>    XNS standard access list</p><p>  <500-599>    XNS extended access list</p><p>  <600-699>    Appletalk access list</p><p>  <700-799>    48-bit MAC address access list</p><p>  <800-899>    IPX standard access list</p><p>  <900-999>    IPX extended access list</p><p>  rate-limit   Simple rate-limit specific access list</p><p>r3(config)#access-list 1 ?</p><p>  deny    Specify packets to reject</p><p>  permit  Specify packets to forward</p><p>r3(config)#access-list 1 permit ?</p><p>  Hostname or A.B.C.D  Address to match</p><p>  any                  Any source host</p><p>  host                 A single host address</p><p><b>r3(config)#access-list 1 permit</p><p>r3(config)#access-list 1 deny any log</p><p>r3(config)#line vty 0 4</b></p><p>r3(config-line)#access-class 1 ?</p><p>  in   Filter incoming connections</p><p>  out  Filter outgoing connections</p><p><b>r3(config-line)#access-class 1 in</p><p>r3(config-line)#end</b></p><p>r3#copy running-config startup-config</p><p></p><p>Now test out the ACL as in Example 7-59.</p><p></p><p>Example 7-59. ACL Testing</p><p>sw3512xl#telnet</p><p>Trying ...</p><p>% Connection refused by remote host</p><p></p><p>sw3512xl#ping</p><p>Type escape sequence to abort.</p><p>Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:</p><p>!!!!!</p><p>Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms</p><p>


Please rate all the helpful comments.

Leo Laohoo Sat, 05/30/2009 - 19:52

Put a link utilization. It may sound that you have a broadcast storm.


This Discussion