 
					
				
		
04-30-2019 02:59 AM
We're in the process of moving to ISE and our supplier has asked us to add AAA commands to all of our Access switch interfaces to allow for profiling of the network to commence.
The issue I'm having is that so far out of 22 stacks I've added the commands to, so far 9 have exhibited high CPU between 80 - 100% while the commands are enabled on the interfaces and when I've removed the commands from these switch interfaces the CPU drops back to between 40 - 60% utilization. In some instances the CPU has gone straight up to 80%+ and in others its takes a few days.
Most of the stacks affected are between 2 and 4 switches in a stack, there's one with 6 in a stack. All the unaffected stacks have between 1 and 4 switches in a stack.
All our 2960X's are running either 15.2(2)E6 or 15.2(2)E7.
I've attached docs with show process CPU and Mem with the config enabled and with it removed.
The config we've been asked to add is below
switchport mode access
ip access-group PERMIT-ALL in
authentication open
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server dynamic
authentication violation replace
snmp trap mac-notification change added
snmp trap mac-notification change removed
mab
dot1x pae authenticator
dot1x timeout tx-period 10
cdp enable
lldp transmit
lldp receive
authentication mac-move permit
Any help with this issue would be much appreciated.
Thanks
Jon
Solved! Go to Solution.
04-30-2019 04:19 AM
04-30-2019 03:30 AM - edited 04-30-2019 03:33 AM
Hi
you may be hitting something similar to this bug looking at cpu output , have you ran the show tech through the cli analyzer when the cpu is hot , ?it may give exact bug id
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd90672
if you dont have the analyzer setup post the show tech i can run it for you , otherwise i would upgrade the image or open a TAC case get the exact ID and then upgrade
 
					
				
		
04-30-2019 04:09 AM
Thanks for the information
When I did a sh tech and ran it through the CLI analyzer the output didn't give any specific bug information just a danger IOS CPU usage is very high.
I've had a look at the bug and if it is what's causing the issue how do I go about resolving it as it says that Cisco aren't planing on fixing the issue?
Thanks
04-30-2019 04:19 AM
 
					
				
		
04-30-2019 05:21 AM
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide