Cisco 2911 - Troubleshooting resources thresholds by feature

Hello everyone!

I need a help to "convert/translate" a very usefull command, that I normally use for C3850/C3750 switches, to an 2911 ISR G2...I know that SW uses asic/tcam and routers has a different way to process information and etc...but must exist a similar command...


I have a Cisco2911 ISR G2 (using QoS Marking policy on LAN interface, and priority/shapping/pre-classify policy on WAN (Giga+tunnel interface, GRE with no encryption, only setting source and destination). This router also have a VPN module (ISM-VPN-29), "offboard", but isn't in use yet...


So, my WAN circuit only hits 30Mbps (pps has a low number) and CPU goes to 70~80%...I "believe" that QoS (marking) is the responsible for these numbers...or both policies on the same equipment, unfortunatelly I can't mark the traffic before my router...there is no detailed CPU troubleshooting commands for this platform (for interrupts and etc), or I didn't find yet...

Anyway, I´d like to comprove these thresholds without/before remove the policy of interface...


See below the command and the output on switches....

#show platform tcam utilization asic all
CAM Utilization for ASIC# 0
 Table                                                         Max Values        Used Values
 Unicast MAC addresses                              32768/512          85/22  
 Directly or indirectly connected routes         32768/7680        125/127 
 IGMP and Multicast groups                         8192/512             0/16  
 QoS Access Control Entries                        3072                    68
 Security Access Control Entries                   3072                  1648
 Netflow ACEs                                              1024                    15
 Input Microflow policer ACEs                       256                       7
 Output Microflow policer ACEs                    256                       7
 Flow SPAN ACEs                                       256                      13
 Control Plane Entries                                 512                     195
 Policy Based Routing ACEs                       1024                    9
 Tunnels                                                      256                    12
 Input Security Associations                         256                     4
 Output Security Associations and Policies   256                    9
 SGT_DGT                                                  4096/512           0/0   
 CLIENT_LE                                               4096/64              0/0   
 INPUT_GROUP_LE                                    6144                  0



Hello,Let's start with the


Let's start with the basics. What does show processes cpu sorted say when the CPU load is high? What is the total load and interrupt load? What are the processes occupying the most CPU time? And finally, do you experience any performance issues with your network? Even though having a CPU at 70% might not give off a comfortable impression, if there are not performance issues then I do not think it is that imperative to try to lower it.

Would it be possible for you to post the configuration of your router after obscuring sensitive information?

Best regards,


Thank you Peter.There is no

Thank you Peter.

There is no apparent feature causing high CPU (on show proc cpu)...the total and interrupts are high, almost the same number (85%/84%). I believe that "Licensing Auto Update" has the biggest runtime...(there is a bug on ISR G2 for this process - CSCuj27424, maybe...)

yes...there is a lot of VoIP traffic running over WAN, some users complain it is question of time to everybody start reporting problems...pps and utilization are low, around 25Mbps

I attached two files, with show proc in 85%, show int (included drops/bits and etc)...and also a show running (I edited some confidencial informations).



