Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
3
Helpful
4
Replies

FMC error has unknown CPU number

Go to solution
F1r5Sceen
Level 1
Level 1

‎04-22-2025 12:20 PM

Hello all,

I have an FMC that reports that CPU24 has reached 100% usage but I dont have a cpu24 that I can find. I have run the show CPU and I only have 11 on a FirePower 2130 running 7.2.5.2 406. Any ideas on how to find this CPU on this FirePower?

F1r5Sceen_0-1745349464588.png

F1r5Sceen_1-1745349541363.png

 

 

2 Accepted Solutions

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-22-2025 08:04 PM

The 2130 utilizes x86 CPU complex to run Snort and NPU for the data-plane. The output from the command that you shared shows the data-plane CPU cores only.  The fastest way to get all CPU cores via CLI is: expert -> pmtool show affinity. Otherwise, from the non-expert CLI you can use: 1) Show cpu core (Data-plane), show cpu system (System), show snort cpu.

Thank you for rating helpful posts!

 

View solution in original post

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-23-2025 08:10 AM

There are several things that can cause this but I suspect it was an "elephant/fat flow" that was being inspected by Snort and pinned to this particular core. You have several options to gain visibility into such problems:

  1. Depending on the version you are running, you can integrate your FMC with Cisco Security Cloud and utilize AIOps services. There is a wonderful Cisco Live Session (BRKSEC-2166) that goes over this. 
  2. You can utilize the health monitoring in the FMC and create yourself a dashboard
  3. If you want to get very technical, there is another Cisco Live Session that goes into a great detail about such topics BRKSEC-3274
  4. Of course, Cisco TAC is always an option

Thank you for rating helpful posts!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-22-2025 08:04 PM

The 2130 utilizes x86 CPU complex to run Snort and NPU for the data-plane. The output from the command that you shared shows the data-plane CPU cores only.  The fastest way to get all CPU cores via CLI is: expert -> pmtool show affinity. Otherwise, from the non-expert CLI you can use: 1) Show cpu core (Data-plane), show cpu system (System), show snort cpu.

Thank you for rating helpful posts!

 

Go to solution
F1r5Sceen
Level 1
Level 1
In response to nspasov

‎04-22-2025 09:58 PM

Thank you nspasov! I was able to see the "mystery" CPUs. Unfortunately, it did not show me what or why the CPUs are running at 100%. I can see it is running due to snort but I dont know what interface the offender is on or what ip address its coming from... Any suggestions or should I start another post?

 

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-23-2025 08:10 AM

There are several things that can cause this but I suspect it was an "elephant/fat flow" that was being inspected by Snort and pinned to this particular core. You have several options to gain visibility into such problems:

  1. Depending on the version you are running, you can integrate your FMC with Cisco Security Cloud and utilize AIOps services. There is a wonderful Cisco Live Session (BRKSEC-2166) that goes over this. 
  2. You can utilize the health monitoring in the FMC and create yourself a dashboard
  3. If you want to get very technical, there is another Cisco Live Session that goes into a great detail about such topics BRKSEC-3274
  4. Of course, Cisco TAC is always an option

Thank you for rating helpful posts!

0 Helpful

Go to solution
F1r5Sceen
Level 1
Level 1
In response to nspasov

‎04-23-2025 08:16 AM

Thanks again! I am looking over the logs because the flow has stopped. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card