Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

High CPU rate

Hello,

I don't understand why I have a high CPU utilisation on Cat 4506(IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(14)E1).

I have just create some access-list and applied theim but now, the CPU is very high (more than 40%) >The main process is

24 70621060 168433104 419 92.39% 55.67% 46.40% 0 Cat4k Mgmt LoPri

Here are my access-list :

##########################

access-list 10 permit 172.25.4.30

access-list 10 permit 172.25.99.101

access-list 10 permit 192.168.128.0 0.0.0.255

access-list 10 permit 172.25.12.32 0.0.0.31

access-list 101 permit tcp host 192.168.133.11 gt 1024 host 172.25.4.68 eq pop3

access-list 101 permit tcp host 192.168.133.11 gt 1024 host 172.25.4.68 eq smtp

access-list 101 permit tcp host 192.168.133.11 gt 1024 host 172.25.4.5 eq www

access-list 101 permit udp host 192.168.133.11 gt 1024 host 172.25.4.66 eq domai

n

access-list 101 permit ip 192.168.128.0 0.0.0.255 172.25.12.32 0.0.0.31

access-list 101 permit ip 192.168.128.0 0.0.0.255 host 172.25.4.30

access-list 101 permit ip 192.168.128.0 0.0.0.255 host 172.25.99.101

access-list 111 permit ip host 192.168.151.1 host 192.168.152.1

access-list 128 permit ip 172.25.12.32 0.0.0.31 any

access-list 128 permit ip host 172.25.4.30 any

access-list 128 permit ip host 172.25.99.101 any

access-list 132 permit tcp host 192.168.133.6 gt 1024 host 192.168.132.6 eq ftp

access-list 132 permit tcp host 192.168.133.6 gt 1024 host 192.168.132.6 eq ftp-

data

access-list 132 permit tcp host 192.168.133.6 eq ident host 192.168.132.6 gt 102

4

access-list 132 permit ip host 192.168.133.6 host 192.168.132.6

access-list 133 permit tcp host 192.168.132.6 eq ftp host 192.168.133.6 gt 1024

access-list 133 permit tcp host 192.168.132.6 eq ftp-data host 192.168.133.6 gt

1024

access-list 133 permit tcp host 192.168.132.6 gt 1024 host 192.168.133.6 eq iden

t

access-list 133 permit ip host 192.168.132.6 host 192.168.133.6

access-list 133 permit tcp host 172.25.4.68 eq pop3 host 192.168.133.11 gt 1024

access-list 133 permit tcp host 172.25.4.68 eq smtp host 192.168.133.11 gt 1024

access-list 133 permit tcp host 172.25.4.5 eq www host 192.168.133.11 gt 1024

access-list 133 permit udp host 172.25.4.66 eq domain host 192.168.133.11 gt 102

4

##########################

I have applied theim on the following vlan interface

##########################

interface Vlan1

ip address 172.25.0.3 255.255.0.0

ip access-group 101 out

no ip redirects

standby 1 ip 172.25.0.2

standby 1 timers 1 4

standby 1 priority 120

standby 1 preempt

!

interface Vlan128

ip address 192.168.128.3 255.255.255.0

ip access-group 128 out

no ip redirects

standby 1 timers 1 4

standby 128 ip 192.168.128.2

standby 128 timers 1 4

!

interface Vlan132

ip address 192.168.132.3 255.255.255.0

ip access-group 132 out

no ip redirects

standby 1 timers 1 4

standby 132 ip 192.168.132.2

standby 132 timers 1 4

!

interface Vlan133

ip address 192.168.133.3 255.255.255.0

ip access-group 133 out

no ip redirects

standby 1 timers 1 4

standby 133 ip 192.168.133.2

standby 133 timers 1 4

!

##########################

What is ther problem ?

Thanks for your help

Best regards

Guillaume

1 REPLY
Bronze

Re: High CPU rate

Was the CPU usage significantly lower before the access lists were applied? I'm not sure about the 4500 series, but on the 4000 series of switches this level of CPU usage is considered normal. It's addressed on Cisco's site somewhere (in a FAQ, perhaps) but I don't have a link offhand.

110
Views
0
Helpful
1
Replies
CreatePlease login to create content