Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


2821 and IOS 12.4(9)T2 high cpu usage for AAA accounting

Hi Guys,

I've checked the but tool etc, but to no avail..

Wondering if anyone has seen a problem with 12.4(9)T2 or similiar (SP-SERVICES).

Telnetted into the router.

The router was very slow to respond.

AAA authentication was not working, I logged in with a local user.

Show cpu proc - showed the Virtual Exec and AAA accounting processes as the highest users.

No debugs running.

Not even running term mon.

No other users

Very low traffic

Nothing obvious.

After a reboot, all is well :)




Re: 2821 and IOS 12.4(9)T2 high cpu usage for AAA accounting

The console port by default does not have authorization turned on so as to prevent people from locking themselves out of the device. The following commands you added are basically performing the default behavior:

aaa authorization exec console none

aaa authorization commands 15 console none

line con 0

authorization commands 15 console

authorization exec console

By default, the following commands are applied to the console port and hidden:

no authorization commands 0 default

no authorization commands 1 default

no authorization commands 15 default

no authorization exec default

These will only show up unless you enter them in with either the default method or a named list. You can use "local" or "line" for these authorization methods, but be sure to test it on the telnet lines prior to entering them. That way you will have a backdoor method in case things do not work as intended.