01-06-2007 11:43 AM - edited 03-05-2019 01:37 PM
For some reason I have one switch that has very high utilization. Average is about 25% but i has gone as high as 60%. I'm not sure why this switch is doing this? It was a replacement for a 3550EMI and is doing nothing different. I have attached the sh process cpu from the switch. Are the numbers supposed to add up? I can't seem to find anything over 0.28%
01-06-2007 09:10 PM
Anywhere between 20%-50% is considered normal. Attached output looks fine. What your seeing won't have any effect on it's switching ability. Would not worry unless it is causing an issue.
The new switch may have more services running then your old one. Disabled un-used services.
If you start seing high IP input see the link below.
Hope this helps.
Chad
Please rate if this helps!
01-22-2007 08:36 PM
I have never seen high utilization on the IP Input. I can always recreate the high utilization by doing a file transfer from one port to another. I have two vlan's configured on the switch (500, 250) and i'm transfering from a workstation(vlan 500) to a server(vlan 250).
Here is my config for the vlan's, route-map's and the access lists for the route-maps. The reason for the route-maps is to route certain subnets and hosts to different internet connections. The access-lists are setup in such a way that if any ip is trying to access any of my internal networks (10.50.0.0/16, 10.51.0.0/16, 192.168.0.0/16) its deny'd from the access-list. I'm wondering if this could be the cause of the problem because each and every packet has to be checked by the route-map/access-lists? If so is there a better way to configure this type of a setup? I have 5 dsl lines connected to this switch and there are more access-lists and route-maps for those as well.
interface Vlan250
ip address 192.168.25.5 255.255.255.0
ip policy route-map dsl01
!
interface Vlan500
ip address 192.168.50.5 255.255.255.0
ip policy route-map dsl01
!
!
!
route-map dsl01 permit 6
match ip address inet-wiband
set ip next-hop 10.51.5.2
!
route-map dsl01 permit 7
match ip address techws
set ip next-hop 10.51.5.2
!
route-map dsl01 permit 8
match ip address techncmail
set ip next-hop 10.51.4.2
!
route-map dsl01 permit 9
match ip address servers
set ip next-hop 10.51.5.2
!
route-map dsl01 permit 10
match ip address inet
set ip next-hop 10.51.1.2
!
!
!
ip access-list extended inet
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.50.0.0 0.0.255.255
deny ip any 10.51.0.0 0.0.255.255
deny ip any 10.90.0.0 0.0.255.255
permit ip any any
ip access-list extended servers
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.50.0.0 0.0.255.255
deny ip any 10.51.0.0 0.0.255.255
permit ip host 192.168.25.10 any
permit ip host 192.168.25.11 any
ip access-list extended techncmail
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.50.0.0 0.0.255.255
deny ip any 10.51.0.0 0.0.255.255
permit ip host 192.168.25.25 any
ip access-list extended techws
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.50.0.0 0.0.255.255
deny ip any 10.51.0.0 0.0.255.255
permit ip host 192.168.50.52 any
*********see attachment for sh process cpu command**********
Hope this makes sense. Any ideas or help would be appreciated!
Thanks,
Dan.
01-22-2007 10:16 PM
01-22-2007 10:48 PM
Hi,
As mentioned by the output interpretor results posted by Rajagopal, it appears that the cpu is spending lot of time on handling interrupts.
By any chance do you have a debug running on the switch/console. Try the "show debug" command to see if you have turned on anything. If so, turn the debug off.( undebug all)
Try to follow this document and collect the outputs from your switch, to examine the reason for the high cpu utilisation spend for interrupts
You can check the output gathered with the command mentioned in the above document with the cisco output interpretor which may assist you to troubleshoot further.
Hope this helps.
-VJ
01-23-2007 07:31 AM
sachinraja,
Thank you for the document, it makes more sense now what is happening. Also I do not have access to the output intepreter on cisco's site. Is the tool able to tell me what might be going on with the switch? How would I access it?
vijayasankar,
There is no debugging turn on. I have look at this page, but the "show alignment" command does not seem to be available on this switch. Unless something else needs to be enabled first?
This is the first time i've had a problem with a switch. Thanks for helping.
Dan.
01-23-2007 08:32 PM
I have determined that it is definitely the PBR routing that is causing the problem. I setup two different vlan's both didn't have any pbr routing happening and when I did a file copy between those two vlan's the sh process cpu command never displayed over 10% utilization.
Here is my config.
I'm pbr routing traffic thats not destined for any internal network to one of the 5 dsl Linux dsl router that are connected to this switch. Is there a more simple way to accomplish the same output and use less cpu power? I would prefer not to have to buy any hardware but if I had to I could put in a router or something of that nature.
Any ideas would be greatly appreciated!
Thanks,
Dan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide