Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

High CPU usage after configured PBR


I have some issue with high cpu usage on my cisco Catalyst 4500 L3 Switch.

After I configured Policy Base Routing(PBR), cpu utilization was about 97% when the high traffic was passing through to this policy.

Please kindly let me know how to solve this issue.





High CPU usage after configured PBR

Hello Minko

The Catalyst 4500 switching engine supports matching a "set next-hop" route-map action with a packet on a permit ACL. All other route-map actions, as well as matches of deny ACLs, are supported by a flow switching model. In this model, the first packet on a flow that matches a route-map will be delivered to the software for forwarding. Software determines the correct destination for the packet and installs an entry into the TCAM so that future packets on that flow are switched in hardware. The Catalyst 4500 switching engine supports a maximum of 4096 flows.

In order to resolve this problem following this step:

When route-maps are used in conjunction with access-lists then you should only permit in the acls to match traffic and then use permit/deny as needed in the route-map. For example if you wanted to deny network and permit network you would do the following:

access-list 1 permit

access-list 2 permit

route-map cisco deny 5

match ip address 1

route-map cisco permit 10

match ip address 2


Wilson B

Please rate useful post!!

New Member

High CPU usage after configured PBR

Hi Wilson,

Thanks for your reply.

Please let me tell about my configuration details.

I have three internet lines(LineA, LineB and LineC).

LineA for default gateway and LineB and LineC used for another purpose.

I have three subnet (,, that are used in Policy Based Routing.

I used internet LineB for subnet and internet lineC for subnet ( and

So, my configuration for policy base routing is -

ip access-list extended LineB

permit ip any

ip access-list extended LineC

permit ip any

permit ip any

route-map PBR permit 100

match ip address LineB

set ip default next-hop

route-map PBR permit 101

match ip address LineC

set ip default next-hop

These two lines(LineB and LineC) have high bandwidth usage everyday.

Whenever the LineB used the high bandwidth(about 16 to 20 Mbps), the cpu utilization was ok and just a little bit high.

But for LineC, whenever it used the high bandwidth(about 16 to 20 Mbps), the cpu utilization was quite bad and over 90% usage.

I used "set ip default next-hop" because I have to use local routing table of core switch for other vlan and intranet network connectivity.

In this case, how can I solve this high cpu utilization issue?

Great thanks for your reply.


Min Ko