cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1020
Views
0
Helpful
4
Replies

Cisco SG500 52P CPU frequent CPU spikes

aacable79
Level 1
Level 1

We have two Cisco SG500 52PP model connected separately to our main NOC switch over fiber. Both switches are pretty much in standard configuration, VLAN1 is used, SNMP is enabled for remote monitoring. Very few users are connected on these switches and there is no load on the switches. We are observing CPU spikes after few minutes and it touches 100% & ping delay variation occurs.

sw-mkt-12-206#sho cpu utilization
CPU utilization service is on.
CPU utilization
---------------
five seconds: 100%; one minute: 100%; five minutes: 59%

Following is Show Run config & related outputs ...

Text
sw-mkt-12-206#sh running-config
config-file-header
sw-mkt-12-206
v1.4.10.6 / R800_NIK_1_4_214_020
CLI v1.0
set system mode switch queues-mode 4
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
cdp device-id format hostname
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
errdisable recovery interval 30
errdisable recovery cause loopback-detection
errdisable recovery cause dot1x-src-address
errdisable recovery cause acl-deny
errdisable recovery cause stp-bpdu-guard
errdisable recovery cause stp-loopback-guard
errdisable recovery cause udld
no boot host auto-config
no boot host auto-update
hostname sw-mkt-12-206
logging host 10.0.0.1
logging source-interface vlan 1
no passwords complexity enable
username cisco password encrypted e006122cb6c71a9b27a92e827c23edffea1a861d privilege 15
ip ssh server
snmp-server server
snmp-server location "Marketing Switch 12.206 - Installed @ Feb 2017"
snmp-server contact "Syed Jahanzaib"
snmp-server community MYSNMP ro view Default
clock timezone " " +5
clock source sntp
clock source browser
sntp unicast client enable
sntp unicast client poll
sntp server 10.0.0.2 poll
sntp source-interface vlan 1
!
interface vlan 1
 ip address 101.11.12.206 255.0.0.0
!
interface gigabitethernet1/1/23
 description "AP - MKT2 HALL - .12.227"
!
interface gigabitethernet1/1/47
 description "AP - MKT CORR .12.223"
!
interface gigabitethernet1/1/49
 description ULINK_2_NOC
!
Text
 
sw-mkt-12-206#show spanning-tree
Spanning tree enabled mode RSTP
Default port cost method:  long
Loopback guard:   Disabled

  Root ID    Priority    32768
             Address     00:5f:86:d0:73:6d
             Cost        20004
             Port        gi1/1/49
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
  Bridge ID  Priority    32768
             Address     00:8e:73:c0:93:a2
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Number of topology changes 95 last change occurred 11:03:31 ago
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15

 

sw-mkt-12-206#sho ver
       Unit             SW version         Boot version         HW version
------------------- ------------------- ------------------- -------------------
         1               1.4.10.6            1.4.0.02               V04

after 1-2 minutes ping gets OK and  CPU goes to normal & after few minute same repeats. & its happening constantly either in peak time, or in late night when no user is online. so I guess some process starts and it increases CPU and after it ends, the CPU goes normal. I tried to upgrade firmware to latest version, but no avail.

any advise on How to track it?

4 Replies 4

Hello,

 

this line from your output:

 

--> Number of topology changes 95 last change occurred 11:03:31 ago

 

looks somewhat suspiscious. It could point to some sort of STP problem. I cannot really tell from your configuration if you have just access points connected to the switch(es), or actual end users directly connected as well. Either way, make sure that all ports directly connected to end users have BPDU Guard enabled, and ports connected to access points (APs) have Root Guard enabled (page 235 of the attached admin guide).

 

Also, make sure that the switches have the correct root priority.

 

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/administration_guide/500_Series_Admin_Guide.pdf

can I do this ?
Make all user access ports "spanning-tree portfast" &
Enable BPDU filter & BPDU guard on all user access ports at the same time?

Hello,

 

from the CLI command line ? That should be possible with the 'interface range' command...although I am not sure the SG500 supports that. Otherwise, use the GUI...

ok here is my topology. Main NOC switch 3750 Mode> then all dept switches are connected via fiber and some via ethernet to NOC switch. all uplink ports are configured as TRUNK on both ends. Singlw VLAN1 is used. User ports are on default settings , I am now trying to detect all user ports and convert them to "access ports / portfast enabled / bpduguard enabled".

It will be long journey as there are 18 switches filled with users. We have mix of cisco classic series like 3850 / 3750 / 3650 & SMB series like SG300 , SG500

Review Cisco Networking for a $25 gift card