Core switch High CPU utilization

vipinrajrc · ‎10-08-2011

Hi Experts,

I have a 4500switch in my office. Recently i found that its cou utilization is very high. Around 95%.

Using sh process cpu i got the followings

55 22736117003146998125 722 47.88% 46.59% 45.12% 0 IP Input

30 3565727476 275352664 12949 43.40% 44.29% 42.09% 0 Cat4k Mgmt LoPri

29 19175705683594425662 533 4.07% 3.96% 4.14% 0 Cat4k Mgmt HiPri

How can i reduce this cpu utilization??

Also from sh logg i got the followings

(Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:0

0:00:00) on port Gi3/2 in vlan 1

35w3d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou

rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1

35w3d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 2 times)Packet recei

ved with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 12

9

35w6d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou

rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1

36w0d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou

rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 129 (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:0
0:00:00) on port Gi3/2 in vlan 1
35w3d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou
rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
35w3d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 2 times)Packet recei
ved with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 12
9
35w6d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou
rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
36w0d: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sou
rce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 129

What is the INVALIDSOURCEADDRESSPACKET ???????

Thanks and Regards

Vipin

Thanks and Regards, Vipin

Alexander Demin · ‎10-08-2011

Hi

about utilization - look through the link:

http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00804cef15.shtml

Also high IP Input usage could mean some sort of DoS/DDoS attack on ip addresses that are on 4500 (svi's, routed ifaces)/ this traffic is managed by control plane. Could be checked with #sh buffers or #sh ip flow top-talkers if netflow enabled. Look for control plane policing (CoPP) to protect your switch from this.

about mac:

https://supportforums.cisco.com/thread/2016329

Regards, Alex.

DAO21-RIPE

Leo Laohoo · ‎10-09-2011

What is the INVALIDSOURCEADDRESSPACKET ???????

Look at the MAC address. "00:00:00:00:00:00" is not a valid MAC address.

Ivan Krimmel · ‎10-09-2011

looks like a unicast flood, have a look at l2 who's sending those packets and restrict that offending host.

HTH,

Ivan.