I recently joined an organisation and started to monitor the network. I soon found that one of the routers had an average utilization of around 50% and often peaked into the high 90's. To confirm this I checked the router with a sh processes cpu which seemed to confirm the findings and indicated that the IP Input was the biggest cause with 30% utilization.

I would have downloaded the Output Interpreter but I did not have the necessary rights. I've downloaded the document on troubleshooting this problem but was hoping that somebody had already experienced this problem and could give me more direct information.

Make sure you have fast switching turned on for the interfaces , either fast or CEF . This will help keep proc utilization down .


Read the Troubleshooting high CPu doc that you found on ( )

If you have already turned on CEF and it makes no difference, then its important to find out what traffic this is and then figure out why it is been process switched.

As the doc says use the "show interface stat" and "show interface switching " command to figure out which interface all the traffic is coming in on.

Once you know which interface it is coming in on, issue the "show buffer input-interface header" when the CPU is 90-100%. This will give you a clue which traffic may be coming in and causing the high CPU. If the command doesn't help, sniff the switch port the affected router interface is connected to, when the CPU is 90-100%.

Once you know what the traffic is, and it is unwanted traffic, then you can block it using ACLs.

If the traffic is normal traffic, then try to figure out why the traffic is not been CEF switched.

