10-08-2011 10:09 PM - edited 03-07-2019 02:41 AM
Hi Experts,
I have a 4500switch in my office. Recently i found that its cou utilization is very high. Around 95%.
Using sh process cpu i got the followings
55 22736117003146998125 722 47.88% 46.59% 45.12% 0 IP Input
30 3565727476 275352664 12949 43.40% 44.29% 42.09% 0 Cat4k Mgmt LoPri
29 19175705683594425662 533 4.07% 3.96% 4.14% 0 Cat4k Mgmt HiPri
How can i reduce this cpu utilization??
Also from sh logg i got the followings
(Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:0
0:00:00) on port Gi3/2 in vlan 1
35w3d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou
rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
35w3d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 2 times)Packet recei
ved with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 12
9
35w6d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou
rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
36w0d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou
rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 129 (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:0
0:00:00) on port Gi3/2 in vlan 1
35w3d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou
rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
35w3d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 2 times)Packet recei
ved with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 12
9
35w6d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou
rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
36w0d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou
rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 129
What is the INVALIDSOURCEADDRESSPACKET ???????
Thanks and Regards
Vipin
10-08-2011 11:56 PM
Hi
about utilization - look through the link:
http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00804cef15.shtml
Also high IP Input usage could mean some sort of DoS/DDoS attack on ip addresses that are on 4500 (svi's, routed ifaces)/ this traffic is managed by control plane. Could be checked with #sh buffers or #sh ip flow top-talkers if netflow enabled. Look for control plane policing (CoPP) to protect your switch from this.
about mac:
https://supportforums.cisco.com/thread/2016329
Regards, Alex.
10-09-2011 01:27 AM
What is the INVALIDSOURCEADDRESSPACKET ???????
Look at the MAC address. "00:00:00:00:00:00" is not a valid MAC address.
10-09-2011 02:51 AM
looks like a unicast flood, have a look at l2 who's sending those packets and restrict that offending host.
HTH,
Ivan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide