Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Network Problem High CPU and traffic

Hello,

My network topology is:

I have firewall, 1 card connect to wireless network include 2 Cisco AIR 1100.

1 card to my LAN and 1 card to the internet. In my LAN I have Cisco router 2811 that serve only my IP telephony. Once of every X days my router CPU goes to 85% and I see 70Mbps traffic on the router and on my firewall (I?m monitoring my switch).

Network monitor show dozens of HTTP / HTTPS RST packet per second from workstation in the wireless network try to access to IP in the internet.

(Each time is a deferent our employees workstation) I really don?t understand why the traffic comes to my router at all. Also monitor the access point and the wireless LAN switch no workstation have 70Mbps traffic.

Even if the workstation disconnects from the wireless network the traffic still 70Mbps and the router still 85% CPU. Only if I disconnect the router or the firewall from the network and reconnect every thing back to normal.

In the network monitor I can see a lot of

> .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame

> .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address

> Source: 00:0e:0c:71:3a:41 (00:0e:0c:71:3a:41)

> Address: 00:0e:0c:71:3a:41 (00:0e:0c:71:3a:41)

> .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame

> .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address

Can some one help me please

11 REPLIES
New Member

Re: Network Problem High CPU and traffic

Hi idanlerer ,

It seems alike DoS attack.As you are saying that the traffic is from your LAN , it need not be a attack from the user.It could be PC worm , Virus or any internet spam.

Use netflow , ACLs to track down the source of the packets and find the root cause.

this link could help u.

http://www.ciscopress.com/articles/article.asp?p=345618&rl=1

New Member

Re: Network Problem High CPU and traffic

Thanks for replay.

This problem occure only from workstation that connect to the wireless LAN.

same workstation never cost this problem in the LAN.

I scan for virus and worm |(I have up to date) and noghink found

Re: Network Problem High CPU and traffic

Hi,

Turn on IP Accounting in the router. When the problem happens again, you can find from which host the high traffic is coming from. Also, capture "show tech-support" or "show proc cpu" during the time when the cpu util is high and post the result here.

Dandy

New Member

Re: Network Problem High CPU and traffic

First thanks you for helping me

I attached the command output

I turned on IP Accounting but how can I use it ?

Re: Network Problem High CPU and traffic

Use "show ip accounting" to check which host has high data transfer http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/iprprt1/1rdip.htm#wp1020197

My findings from your "show tech-support"

1. High Traffic

There's a high traffic in the following interfaces that may have overload the router cpu;

FastEthernet0/0

FastEthernet0/0.1

FastEthernet0/0.4

2. IOS 12.3(14)T5

There's multiple problem with your current IOS

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_field_notice09186a0080797d2d.shtml

http://www.securityfocus.com/bid/22211

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0648

http://www.cisco.com/en/US/products/products_security_advisory09186a008073c972.shtml

Search for 12.3(14)T5 in Google

I recommend you upgrade your IOS to the latest stable version first. Come back if you still having problem

New Member

Re: Network Problem High CPU and traffic

unfortunately I don't have now support for this router so I'm not able to download and upgrade the IOS.

Any idea ?

Re: Network Problem High CPU and traffic

That's sad. With the problems of your current IOS provided in the links, it's difficult to point to the root cause of the high CPU util - one of the problem does have similar symptoms with what you currently experiencing. We might be troubleshooting for a problem that we can't fix but will be able to fix by just upgrading the IOS.

In this case, use the "ip accounting" it may help you to point to the source of high traffic in your lan interface that may have cause the high cpu util.

New Member

Re: Network Problem High CPU and traffic

Hi Just found the problem.

While user connect to my wireless LAN, not disconnect and reconect to my LAN I have this problem.

Actualy user connect to my Wireless LAN (NIC in the firewaal) also connect to my LAN (other NIC in the firewall) it's seems there is a loop in the LAN.

how can I solve that >

Re: Network Problem High CPU and traffic

This supposed to be common to networks having connected both wireless and lan, happens anywhere.

However, you can try separating the network for wireless and lan. i.e. 192.168.1.0 for wireless and 192.168.0.0 for lan. This is good practice.

New Member

Re: Network Problem High CPU and traffic

Also I just found the problem but I didn't found the solution.

It's seems I have a loop packet in my network:

The problem occur while user connect to my wireless lan (NIC in the firewall) then reconnect to my LAN without disconnect the wifi.

In the sniffer I can see packet come from my wifi IP address but the mac address is my internal router (just to be more clear, I have firewaal with one NIC for wifi, on NIC for internet and one NIC for LAN, the router locate on my LAN for my IP telephony system, all the DG in the LAN is the router)

New Member

Re: Network Problem High CPU and traffic

Maybe I have loop in my LAN but I can't understand that, I checked and I have no physical loop but...

maybe user connect to my wireless LAN and start working.

after that he back to my local LAN and the wirless and the LAN are connecting and maybe there is a loop but I can't understand and find it

145
Views
0
Helpful
11
Replies
CreatePlease to create content