cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9483
Views
6
Helpful
12
Replies

Cisco 2950 Switch with crypto IOS image reporting 1MB less Total memory than Switch with non-crypto IOS

Giovanni Ceci
Level 1
Level 1

Hey everyone,

We're having an issue with a few of our Cisco C2950G-48-EI switches that are showing lower processor and I/O memory on versions running IOS 12.1(22)EA13 Crypto version (c2950-i6k2l2q4-mz.121-22.EA13.bin). Our network management system keeps alerting us of low memory for these switches. Here's what is showing using the 'show memory' command on a switch running IOS 12.1(22)EA13 Crypto:

----

Switch#show memory 
                     Head              Total(b)        Used(b)        Free(b)      Lowest(b)   Largest(b)
Processor   80C86740     3885248       3328776      556472      63936         534308
I/O                A0A723A0     2179968     1426920      753048      609120      700728
----

- On switches of the same model running lower IOS non-crypto version IOS version 12.1(19)EA1a (c2950-i6q4l2-mz.121-19.EA1a.bin), check this out below:
----

Switch#show memory
                    Head               Total(b)        Used(b)     Free(b)        Lowest(b)   Largest(b)
Processor   80BA63E0     4803616     3245980     1557636      945308      1076600
I/O              A08C1660     3034464     1403504     1630960     1476948      1600412

----

Notice on the switch with IOS version 12.1(19)EA1a non-crypto version that reports to have around 1MB (1000000 bytes) more of Total and Free bytes of memory. Is this standard behaviour??? This doesn't seem right to me.

Other Things to point out: 

- CDP is disabled on the port level, except for the Gig ports. Therefore it is not disabled globally (I've read about a memory leak bug but should be corrected in this version)

- SSH is disabled on the switches. However, I noticed a difference between 12.1(19)EA1a and 12.1(22)EA13. 12.1(22)EA13 has these two extra commands in the config:

    ip ssh time-out 120
    ip ssh authentication-retries 3

    I tried to remove these but it tells me "Please create RSA keys to enable SSH". 

-----------------------------------------------

I am thinking this is related to the IOSs being Crypto vs. Non-Crypto. IOS upgrade is not simple for us to do and if there's a quick workaround, I'd like to hear it. I'm going to look to getting a spare switch and upgrading/downgrading the different versions to see the differences.

Thanks!

John

12 Replies 12

Leo Laohoo
Hall of Fame
Hall of Fame

Up to a few years ago (2010) we ran a large fleet of 2950 running IOS EA13 with SSH enabled.  We've never experienced any "low memory" errors, however, we do regularly reboot switches.  I make it a point never to allow a switch to have an uptime of more than one year.  

Hey Leo,

We are not running SSH on any of the switches, including the affected switches. One of the affected switches has only a 19 week uptime. Not sure if a reboot will permanently resolve the issue.

Thanks,

John

Post the config of your switch and let us see if we can find something that's triggering.

Hey Leo,

I have attached the config. Please note that I have omitted client-specific information as to keep that info private. Please review and let me know what you see. I appreciate it!

Thanks,

John

there is no magic bullet for freeing memory without a reload .  The only other would be to see if your management tool can be adjusted  so that  the thresholds are lower .  These are lower end L2 switches that didnt have a lot of memory to begin with .

Hello,

Please give us the results of "show process".

Hi Maher,

See attached. 

Thank you!

John

Hi neocec,

Please try to reload the switch.

I would like to avoid reloading the switch (not very easy for us to do so). I am more interested in the root cause and how to alleviate it without a reboot.

It's OK neocec, Please try to "clear user vty X" then check again. If still the same then you have to reload.

Hey Maher, I checked and there's only one open line for VTY (myself). All the lines are already cleared. A reload is not an option right now I'm afraid.

Thanks,

John

shamsishakeel
Level 1
Level 1

Downloaded the 2950 IOS c2950-i6k2l2q4-mz.121-22.ea14.zip and tried it on 2 2950 switches and works great the switch now has the ssh command available in the vty terminal.

 

Thanks :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco