Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA CPU higher than normal

Hello,

Our ASA CPU level has been higher than normal over the last few weeks and I can see a reason why. 

I have noiced that tha dashboard has had the top graphs/tables re-enabled, which I beleive can cause the CPU to rise, how can I turn these off again?

Thanks

6 REPLIES

ASA CPU higher than normal

Can you share

Show processes cpu-usage sorted non-zero

Clear interfaces

show interface | include errors

After 5 minutes

show interface | include errors

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Re: ASA CPU higher than normal

Sure:

show processes cpu-usage non-zero

PC                    Thread         5Sec      1Min     5Min     Process

0x09303f3c   0x6d5ac568      0.1%      0.0%     0.0%     websns_snd

0x0911595d   0x6d5ac778     0.1%      0.1%     0.1%     websns_rcv_tcp

0x08c7e425   0x6d5c0b48     0.1%      0.1%     0.0%     Unicorn Admin Handler

0x0911d204   0x6d5af0b8      0.5%      0.4%     0.4%     tcp_thread

0x090c7a4d   0x6d5a6688     0.1%      0.0%     0.0%     ssh

0x091618b9   0x6d5ab6f8      0.0%      0.1%     0.1%     snmp

0x087a174e   0x6d5af8f8       0.1%      0.1%     0.1%     IP Thread

0x0865991b   0x6d5b3d08     0.0%      0.1%     0.1%     IKE Daemon

0x0828fb01   0x6d5c3278      68.8%    62.3%    59.7%   Dispatch Unit

0x098a2535   0x6d5bb8c8     0.0%      0.1%     0.0%     Checkheaps

0x087a8efe   0x6d5af6e8       0.1%      0.0%     0.0%     ARP Thread

show interface  | include errors

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        790 input errors, 0 CRC, 0 frame, 790 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        637 input errors, 0 CRC, 0 frame, 637 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

Thanks

ASA CPU higher than normal

Hello,

So the CPU is high due to DIspatch Unit process (Traffic handeling related)

That being said we can see that interface 1 and 2 are the ones receiving more traffic.

So my recommendation is:

Clear the interfaces with the command

clear interfaces

give 4 minutes

and do

show interfaces | include errors

Also run

show local-host | includehost|count/limit

And look for the hosts with the largest amount of conn.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Re: ASA CPU higher than normal

Will do, just noticed this didn't work:

show local-host | includehost|count/limit

                                                ^

ERROR: % Invalid input detected at '^' marker.

Re: ASA CPU higher than normal

It's

show local-host | include host|count/limit

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Silver

ASA CPU higher than normal

Strong suggestion would be to use Netflow and collector of choice against a Cisco switch that can monitor real time, the reason I state this is because if you need to cut down someone that is doing something that you are not allowing you would need to wait for the flow to close down to identify the source through Netflow on the ASA but on a Cisco switch you would identify the source immediately.

You can also enable threat detection feature that will tell you who is the top talker at a moment but not a history of that user.

https://supportforums.cisco.com/docs/DOC-6113

Value our effort and rate the assistance!
513
Views
5
Helpful
6
Replies
CreatePlease to create content