SG300 pegged CPU

dennylester · ‎03-18-2019

Six months ago, we kicked off an Internal vulnerability scanner (IVS) and the CPU on a couple dozen SG300 switches pegged at 100% and stayed that way. We could SSH into them, but they wouldn't reboot when issuing the command, so we needed to walk branch offices through manually rebooting them. Our network administrator spent the last several months installing version 1.4.9.4 and getting everything rebooted and running the new code.

Last week, another IVS scan was launched and once again, the CPU on a couple dozen switches pegged at 100% requiring manual reboots. We see no real pattern here. All of our switches are PoE, some sites only have a single SG300-28P while other sites might have 12 x SG300-52P switches. The configuration on our switches is consistent across the board with the switch configured for layer 2 with 1xData VLAN, 1xVoice VLAN, 1xManagement VLAN, 1xDMZ VLAN and an external router/firewall is handling the layer 3.

It appears we are on the latest version firmware, so I'm not sure what else to do. Any suggestions would be welcome.

Thank you,

Denny

balaji.bandi · ‎03-18-2019

it is worth to open a TAC case and mentioned what kind of Scan attack you doing this devices.

I have seen some old device not related to Cisco, if you scan network and brocast address these kind of behaviour(not sure it may be the case with you)

but suggest to open a TAC case with small business to assits you better.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help