Hi Mark,

First thanks for your fast answer.

I agree with you that the bug CSCtg62793 isn't referenced on IOS XE but on Cat 3XXX so maybe ..?

Also You will find attached the log file.

In fact, the site where the switch in installed was complaining of network issue all the day with a lot of small disruption. logs in the file are exactly the same as the bug. 

Is it possible that this bug hasn't been discovered on these versions ?

Hi Nicolas Its very possible its a cross platform bug that's effecting IOS and IOS-XE that I have not seen before usually the bug states it like the one below , the bug below effects multiple platforms , maybe try this fix its slightly diff than yours and I think its for ios-xe looking through the other bugs

CSCtg57599

Symptom: Lots of SNMP CPUHOG messages are seen and there is a crash due to a watchdog timeout:

Conditions: Device is configured with SNMP and is polled for Dot3Stats.

Workaround 1: Use the following command: no snmp-server sparse-tables.

Workaround 2: Block the objects in dot3 mib that contains this table from being polled:

Then to apply the view, use:

and then put it back so it looks like:

Further Problem Description: Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to trigger a high CPU on the device via walking specific SNMP objects.

The vulnerability is due to an uninitialized variable in the code. An attacker could exploit this vulnerability by performing SNMP walks against objects on the affected device. An exploit could allow the attacker to cause high CPU on the affected devices.

http://www.cisco.com/c/en/us/td/docs/ios/15_2s/release/notes/15_2s_rel_notes/15_2s_caveats_15_2_4s.html

Hi Mark

I just tried to implement the two workaround on switch but it's not good.

As soon as I configure the switch, SNMP logs are seen on console.

Thanks

Regards

Only other option is to move to the S.H 3.6.3 as its newer and more stable or else go through TAC but they will prob tell you too upgrade anyway off the ED

I've just opened a SR at TAC.Waiting for their answer.

Thanks for your help Mark.

Best regards.

ah good stuff if you don't mind share the fix they provide as others may run into your issue too

Hello, 

checking the logs we can see the following error messages :

Jan 4 12:30:50: %SNMP-3-CPUHOG: Processing GetBulk of bsnMobileStationAuthenticationAlgorithm
Jan 4 12:30:52: %SYS-3-CPUHOG: Task is running for (2150)msecs, more than (2000)msecs (1073741827/1073741827),process = SNMP ENGINE.
Jan 4 12:35:48: %SNMP-3-CPUHOG: Processing GetBulk of bsnMobileStationAuthenticationAlgorithm
Jan 4 12:35:50: %SYS-3-CPUHOG: Task is running for (2550)msecs, more than (2000)msecs (0/0),process = SNMP ENGINE.

here as you can see the problem is with "bsnMobileStationAuthenticationAlgorithm" not "lldpRemEntry" the workaround is the same but for different OID : 

Exclude the OID bsnMobileStationAuthenticationAlgorithm from snmp polling. Please configure the following:

snmp-server view cutdown iso included
snmp-server view cutdown 1.3.6.1.4.1.14179 excluded

Then assign this SNMP view to all your existing SNMP communities:
no snmp-server community (your string here) RO
snmp-server community (your string here) view cutdown RO

That should work, hope it helps!

Claudio Gonzalez S