Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

High CPU utilizatino

How to take controll over high cpu utilization on routers and firewall?

what are the way to reduce it..

Joseph W. Doherty
Hall of Fame Expert


The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.


First realize, high CPU might just be a natural result of the processing load of the device while it deals with traffic.  For those cases, you would need to subject the device to less traffic (or you need a more powerful device).  BTW, an upstream device shaping to a device that's being overloaded can sometimes help.  The downstream device's overall work won't generally decrease, but some devices drop traffic when highly overloaded during a brief time interval, so "spreading out" the traffic might avoid that.

Sometimes, depending on the device, you've enabled features you really, really don't need, or you're using the feature less optimally then possible.  Both may contribute to CPU load.

For example, on software based routers that support NBAR analysis, enabling this feature will tell you about the traffic hitting the device, but it adds to the processing load.  Or, if you have an ACL, say of 50 entries, where all are logically alike, but 80% of your "hits" are on just one entry, that particular entry should be first in the ACL, to avoid examination of the other ACL entries 80% of the time.  (NB: ACL sequence, vs. match frequency, isn't generally an issue on hardware based switches.)

Sometimes, a configuration change can decrease CPU loading.  For example, on tunnels, if IP packets need to be fragmented, software based routers CPU loading will often increase.  By using the "right" configuration commands, you can avoid the need for some IP fragmentation, and there by, decrease CPU loading for the same traffic volume.

You can search Cisco's web site, and the Internet at large, for more information on this subject.

Again, though, sometimes you just need a more "powerful" device.

see below

If your not sure whats causing it you could add an EEM script which will record it and send it to flash in text file to be retrieved when cpu spikes over 70% or you can tweak it yourself but it means you wont have to keep an eye on it as cpu issues need to be captured in real time, you can change the commands below to suit your device and what its able to use.When you have the file you can investigate the outputs and see what processes are causing the issue


event manager applet High_CPU

    event snmp oid get-type exact entry-op ge entry-val "70" exit-time 10 poll-interval 5

    action 0.1 syslog msg "CPU Utilization is high"

    action 0.2 cli command "enable"

    action 0.4 cli command "show log | append flash:CPU_Profile.txt"

    action 0.5 cli command "show process cpu sorted | append flash:CPU_Profile.txt"

    action 0.6 cli command "show interfaces | append flash:CPU_Profile.txt"

    action 0.7 cli command " show ip cef switching stat | append flash:CPU_Profile.txt"

    action 0.8 cli command " show ip traffic | append flash:CPU_Profile.txt"

    action 0.9 cli command " show int switching | append flash:CPU_Profile.txt"

    action 1.1 cli command "configure terminal"

    action 1.2 cli command "profile 80020114 8424533B 16"

    action 1.3 cli command "profile start"

    action 2.3 syslog msg "Entering TCLSH"

    action 2.4 cli command "tclsh"

    action 2.5 cli command "after 240000"

    action 2.6 cli command "exit"

    action 2.9 syslog msg "Exiting TCLSH"

    action 3.0 cli command "profile stop"

    action 3.1 cli command "show profile terse | append flash:CPU_Profile.txt"

    action 3.2 cli command "clear profile"

    action 3.3 cli command "unprofile all"

    action 4.1 syslog msg "Finished logging information to flash:CPU_Profile.txt..."

    action 4.2 cli command "end"

    action 4.3 cli command "conf t"

    action 4.4 cli command "no event manager applet High_CPU"

    action 4.5 cli command "end"


Hello tankvishal1108,


If you can't login to your device because of high CPU, you won't have any other choice than disconnecting it from the network (this might reduce CPU load) then you will be able to connect.

If you still have no access, then you need to restart the device while is not connected to the rest of your network.


Preventing high CPU utilization means that you first know what cause high CPU on you device.

Are you using encryption, are your links oversubscribed, is your device well configured ?

Maybe your device is not scale to handle all the traffic going through.


Once you know why you have high CPU, then you can start apply best practice to limit the CPU utilization by following Cisco guide like this one:


- Limit CPU Impact of Control Plane Traffic

- Limit CPU Impact of Data Plane Traffic


You can also have a look at this document to troubleshoot high CPU:


And finally there are already lots of threads in the support forum about high CPU utilization, you might want have a look at them to find some idea.


OI hope this helps you.

Have a nice day.