12-27-2005 11:19 PM - edited 03-03-2019 11:19 AM
Hi all
10 days ago I configured SSH on a 2610XM with IOS 12.3(16) IPsec 3DES feature set. Since then I recognize high cpu load (sometimes 100%) on that router.
Is someone there who can give me a hint?
Thanks in advance
Roland
Solved! Go to Solution.
12-28-2005 12:08 AM
Hi
Can u pls try upgrading the ios code to any of the following one and check ?
12.3(16.11), 12.4(4.9), 12.4(4.9)T, 12.3(16a)
i did see some bugs mentioned for 12.3(16) related to memory leak ,Spurious Memory ,High CPU usage..
regds
12-27-2005 11:42 PM
Hi
Would suggest to check out which process exactly hogs up the system.
you can make use of show process cpu command to check the same or show process cpu sorted will give u refined o/p.
also refer these links to know more on the same..
http://www.cisco.com/warp/public/63/highcpu.html
http://www.cisco.com/warp/public/63/showproc_cpu.html
regds
12-27-2005 11:51 PM
Hi
thanks for your answer. I checked the show process cpu already. But I forgot to post the result. Sorry. It's the SSH process which is the top process in the list. If I disable ssh the load goes to a normal value (approx. 30%).
regards
Roland
12-28-2005 12:08 AM
Hi
Can u pls try upgrading the ios code to any of the following one and check ?
12.3(16.11), 12.4(4.9), 12.4(4.9)T, 12.3(16a)
i did see some bugs mentioned for 12.3(16) related to memory leak ,Spurious Memory ,High CPU usage..
regds
12-28-2005 02:16 AM
Hi
I've made the upgrade on that router to 12.3(16a) and now the load decreased rapidly. Obviously there is a bug in the other release.
Thanks for your hint.
Roland
12-28-2005 12:40 AM
Hello Roland,
you might be dealing with SSH port scans, try and restrict SSH access as much as possible, by using an access list on the external facing interface on your router:
access-list 101 permit tcp host 10.10.10.1 host 192.168.1.1 eq 22
This example would allow SSH connections only between the two hosts specified.
HTH,
GP
This would deny SSH for all connections
12-28-2005 02:19 AM
Hi
thanks for your hint. You are right. But there is a ACL already in place.
regards
Roland
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: