We're in the process of moving to ISE and our supplier has asked us to add AAA commands to all of our Access switch interfaces to allow for profiling of the network to commence.

The issue I'm having is that so far out of 22 stacks I've added the commands to, so far 9 have exhibited high CPU between 80 - 100% while the commands are enabled on the interfaces and when I've removed the commands from these switch interfaces the CPU drops back to between 40 - 60% utilization. In some instances the CPU has gone straight up to 80%+ and in others its takes a few days.

Most of the stacks affected are between 2 and 4 switches in a stack, there's one with 6 in a stack. All the unaffected stacks have between 1 and 4 switches in a stack.

All our 2960X's are running either 15.2(2)E6 or 15.2(2)E7.

I've attached docs with show process CPU and Mem with the config enabled and with it removed.

The config we've been asked to add is below

switchport mode access
ip access-group PERMIT-ALL in
authentication open
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server dynamic
authentication violation replace
snmp trap mac-notification change added
snmp trap mac-notification change removed
mab
dot1x pae authenticator
dot1x timeout tx-period 10
cdp enable
lldp transmit
lldp receive
authentication mac-move permit

Any help with this issue would be much appreciated.

Thanks

Jon