Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WAAS - Cisco 7609 High CPU issue


We had an issue on a working day where Cisco 7609 as WAN Core routers dropped PIM/BGP/ISIS due to high CPU peaking 99%-100%; also downstrean distribution routers (Cisco 6500 MSFC) reached high CPU as well resulting in creating multicast entries in Partial SC state. We found that one of the WAAS device (WAE-7371-K9) had rebooted twice that morning due to hardware issue and software was corrupted; WAAS is directly connected on Cisco 7609. We isolated the WAAS device which again knocked down all protocols. We could not establish whether high CPU on Cisco 7609 caused by WAAS crash though the timings of WAAS crash and high CPU was almost at the same time.

Also, on Cisco documentation, it mentioned as below; we do have ACLs on Cisco 7609 with port ranges configured.

Catalyst 6500 Series Switches and Cisco 7600 Series Routers Access Control Lists

When WCCP is using mask assignment, any redirect list is merged with the mask information from the appliance and the resulting merged ACL is passed down to the Catalyst 6500 series switch or Cisco 7600 series router hardware. Only Permit or Deny ACL entries from the redirect list in which the protocol is IP or exactly matches the service group protocol are merged with the mask information from the appliance.

The following restrictions apply to the redirect-list ACL:

  • The      ACL must be an IPv4 simple or extended ACL.
  • Only individual source or destination port numbers may      be specified; port ranges cannot be specified.
  • The      only valid matching criteria in addition to individual source or      destination port numbers are dscp or tos.
  • The      use of fragments, time-range, or options keywords, or any TCP flags is not      permitted.

If the redirect ACL does not meet the restrictions shown, the system will log the following error message:

WCCP-3-BADACE: Service <service group>, invalid access-list entry (seq:<sequence>, reason:<reason>)

WCCP continues to redirect packets, but the redirection is carried out in software (NetFlow Switching) until the access list is adjusted.

Please help me understand the correlation of WAAS crash and high CPU on Cisco 7609.

Cisco Employee

WAAS - Cisco 7609 High CPU issue


Cannot tell whether the high CPU was caused by the WAE crash. You need to open a TAC case, and provide information on what process was running high during that time in order to tell if it is related.

In general, lot time high CPU can happen on 6500/7600 with WCCP if you do not follow the best practice.


Lei Tian