1) Yesterday night, I got a lot of packet loss on my network, turns out that I usually run at 20,000 packets per second and it spiked up to 70,000 packets per second. I have a Cisco 3550 SMI 48 port with 2 GIG ports.
Now on my provider GIG port (on my switch) it said something like 647 millions packets ignored, this is why we got all these packet losses, seems like everything stabilized but I really need to know what caused that and HOW to prevent it in the future, maybe packet sniffing etc...
2) Also, after that attack, my CPU usage on the switch instead of going back to its normal 2-3 percent usage, it stays up at 17 percent, how to fix that?
Can someone PLEASE help and recommend me things to do for both number 1 & 2 ?
Have you tried enabling netflow on the switch? On the switchport in question, enable 'ip route-cache flow'. Then a 'show ip cache flow' will list the source and destination flows between hosts on the network. On the right will be a list of port numbers that are used in the flow in Hex. Convert this to decimal (Windows Calculator) to determine the port and check if this is a port used by a virus. If the same source address appears hundreds of times that can point towards a virus on that host.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :