cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
20541
Views
14
Helpful
33
Replies

Ask the Expert:Troubleshooting High CPU and Other Issues in the Cisco Catalyst 4500 Series Switches

ciscomoderator
Community Manager
Community Manager

With Nickolay Karpyshev and Ivan Shirshin

Read the bioRead the bioWelcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about architecture and troubleshooting of Industry's Most Widely Deployed Modular Access Platform Cisco Catalyst 4500 with Cisco Experts Nikolay Karpyshev and Ivan Shirshin.

Nikolay and Ivan are Customer Support Engineers in the high touch technology support team (HTTS) at Cisco specialized in LAN Switching and Routing. They support the Cisco Switches Nexus 7000, Catalyst 6500, 3750, 3560, 4500, 2900 and variety of routing platforms, and work as senior and escalation engineers. Both Nikolay and Ivan were previously a part of Cisco Sales Associate program. They hold Cisco Certifications: CCNP, CCSP, and CCDP.

Remember to use the rating system to let Nikolay and Ivan know if you have received an adequate response. 

Nikolay and Ivan might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network Infrastructure  sub-community discussion forum shortly after the event. This event lasts through through October 19, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

33 Replies 33

Hello,

Could you send the following outputs in a complete form, please?

# show platform health

# show platform cpu packet statistics

And also SPAN the traffic send to the CPU queue using internal inband capture tool:

# debug platform packet all buffer

# show platform cpu packet buffered

Note: This command does not pose any significant CPU overhead and therefore could be used even under high CPU load.  Make sure “buffer” is used instead of “log”.

Kind Regards,
Ivan Shirshin

**Please grade this post if you find it useful.

Kind Regards,
Ivan

Ivan,

Thanks for your reply.   The traffic is only turning up early in the morning.  I had already configured an automated process to execute the requested "show platform" commands, so they are attached.

I also had an automated process take one minute samples of a CPU SPAN at a fixed interval during the same time period.  I set up initially using '

monitor session 1 source cpu queue all rx' and then later adjusted to 'monitor session 1 source cpu queue all both'.   I still have the pcaps.  Will this do?   Otherwise, I will need to execute the next time the traffic occurs.

Hi,

The "monitor session 1 source cpu queue all rx" would be good enough.

Are the outputs attached from the time the CPU was high? Also, is it possible for you to share the switch config?

Kind Regards,
Ivan Shirshin

Kind Regards,
Ivan

Ivan,

Here's the protocol breakdown from a capture of the "monitor session 1 source cpu queue all rx" SPAN.  Sample size is 27.9 sec.    Does anything look interesting aside from the ESP (a sample ESP packet is in my previous message)?   The level of SNMP is anomolous and not present in other captures.

Unfortunately, I don't think sharing the config is an option in this setting.  Basic features configured are

TACACS, NTP, SNMP, MST, Etherchannel, OSPF, BGP, HSRP, VRRP.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: