Hi,

I attach the outputs of commands when the CPU goes to 99%.

Thanks a lot for the help.

Thanks for details. it is very strange that the device is polling doesn't look very explosive from the show snmp stats oid.

May be some snmp process is stuck and hang and hence not constant on high CPU. I would need show version from device to check further on this.

Also, If something got hang in snmp process, it may be temporary, I would like you to try to restart the SNMP ENGINE Process.

It has usually no impact on device, except for a few seconds SNMP ENGINE STOPS and do not respond to any snmp packets unless restarted.

This is very simple procedure and doesnt even affects the snmp config. Following is the way to do it:

To Stop

# no snmp-server

To Start

# any snmp command which previously exist can be entered again to push the SNMP ENGINE to start.

Example:

Please do this and see if the SNMP ENGINE subsides after this.

-Thanks

Hello,

I restarted the SNMP-ENGINE process in the way thath you say but the problem persists. I attach the output of show version command.

Thanks a lot for the help.                   

Hi Adrain,

It seems large Route and/or ARP Tables Polled by the NMS Station. The Network Management station queries routers for their entire route table to learn about

other networks. It uses this information to find other routers and query them about their
knowledge of networks around them. In this fashion, the management station can learn the
topology of the entire network.

The router stores the route table in a hashed format, more conducive to quick route
searches. However, SNMP responses for the route are required to be returned in
lexicographical order per RFC1213. Therefore, for each SNMP request the router receives,
the hash table must be sorted lexicographically before a SNMP response PDU can be built.
The larger the route table, the more CPU intesive the sort.

SNMP is a low priority process as far as the CPU scheduler is concerned, so another
process requiring CPU resources takes priority. Therefore, while CPU spikes occur in this
scenario, they should not affect performance.

It's possible for you to apply the procedure of blocking the routing and ARP tables
described in the following link and monitor the device?

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800948e6.shtml#l
arge_route

Please check once.

Hello Vinod,

I already configured the snmp views like the lecture recommend, but the problem persist it is very strange. This is the configuration of snmp in my routers:

snmp-server view cutdown iso included

snmp-server view cutdownat excluded

snmp-server view cutdown internet.6.3.15 excluded

snmp-server view cutdown internet.6.3.16 excluded

snmp-server view cutdown internet.6.3.18 excluded

snmp-server view cutdown ip.21 excluded

snmp-server view cutdown ip.22 excluded

snmp-server community comunity1 view cutdown RO 98

snmp-server community comunity2 view cutdown RO 98

snmp-server community comunityRW view cutdown RW 98

snmp-server ifindex persist

snmp-server location OC

snmp-server contact Administrator

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps eigrp

snmp-server enable traps envmon

snmp-server enable traps flash insertion removal

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps cpu threshold

snmp-server enable traps syslog

snmp-server enable traps voice

snmp-server host 172.20.1.65 comunity2

Thanks for the help.

Hello,

The problem was solved, the solution was erase the read write snmp community. No one server was reanding this snmp community.

Thanks.

Glad to know the issue is fixed . This sounds strange that the RW string ws creating issue.