05-29-2009 03:53 AM - edited 03-06-2019 06:00 AM
We have few switches of 2900XL series in production.CPU utilization is above 90% in 2-3 switches which is causing a very slow network traffic and high round trip time.From "sh process cpu" I am able to see that 60-70 % CPU is utilized by 'virtual exec proc'.Even I tried to clear the unnecessary telnet sessions with the help of "clear tcp tcb..." but there is no improvement.Please suggest for the same since it is very critical.
05-29-2009 04:05 AM
This doc might help:
High CPU Utilization in Exec and Virtual Exec Processes
http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2ae4.shtml
05-29-2009 04:35 AM
Hi,
Thanx for prompt response.But as I have mentioned in the problem description I have already tried these things which are included in above link(clear tcp tcb...etc).Please do advise.
05-30-2009 05:37 PM
Maybe a host is doing a DoS attack.
Do you have hosts on the administrative VLAN of the swtichs?
I you do not have a firewall between your hosts, you can filter source IP address for telnet connections.
http://www.informit.com/library/content.aspx?b=CCNP_Studies_Troubleshooting&seqNum=81
Example 7-58 illustrates the access list configuration to only allow hosta to telnet to r3.
Example 7-58. ACL Configuration
r3(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<1200-1299> IPX summary address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<300-399> DECnet access list
<400-499> XNS standard access list
<500-599> XNS extended access list
<600-699> Appletalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list
rate-limit Simple rate-limit specific access list
r3(config)#access-list 1 ?
deny Specify packets to reject
permit Specify packets to forward
r3(config)#access-list 1 permit ?
Hostname or A.B.C.D Address to match
any Any source host
host A single host address
r3(config)#access-list 1 permit 192.168.5.17
r3(config)#access-list 1 deny any log
r3(config)#line vty 0 4
r3(config-line)#access-class 1 ?
in Filter incoming connections
out Filter outgoing connections
r3(config-line)#access-class 1 in
r3(config-line)#end
r3#copy running-config startup-config
Now test out the ACL as in Example 7-59.
Example 7-59. ACL Testing
sw3512xl#telnet 192.168.5.30
Trying 192.168.5.30 ...
% Connection refused by remote host
sw3512xl#ping 192.168.5.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
Guido.
Please rate all the helpful comments.
05-30-2009 03:42 PM
How's your current network topology ?
Where are these L2 devices attached? I suspect you would have either an Router or MLS?
Does this happen all the time or some time during the day ?
Regards,
05-30-2009 07:52 PM
Put a link utilization. It may sound that you have a broadcast storm.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide